View Issue Details

IDProjectCategoryView StatusLast Update
707RackTablesdefaultpublic2013-03-02 23:13
Reporterblaza-pl Assigned Toadoom42  
PrioritylowSeveritytweakReproducibilityalways
Status closedResolutionfixed 
Product Version0.20.3 
Target Version0.20.4Fixed in Version0.20.4 
Summary707: Hide conrols in Cacti tab when user has no permissions
DescriptionWhen user has no permissions to add/delete Cacti graphs but has permissions to the Cacti tab he should not see the control buttons and forms.
Steps To ReproduceCreate a user that cat access the Cacti tab but cannot add or delete graphs:

deny {cacti_user} and ({$op_del} or {$op_add})
allow {cacti_user} and {$tab_cacti}

Login as Cacti user and go to cacti tab.
Additional InformationI have created a patch to hide the controls when user doesn/t have permissions.
TagsNo tags attached.

Activities

blaza-pl

blaza-pl

2013-01-02 13:24

reporter  

cacti-perms.patch (2,138 bytes)   
--- ../RackTables-0.20.3/wwwroot/inc/interface.php	2012-12-19 17:30:47.000000000 +0100
+++ /var/www/racktables/inc/interface.php	2013-01-02 13:13:47.421506476 +0100
@@ -8564,7 +8564,7 @@
 	foreach ($servers as $server)
 		$options[$server['id']] = "${server['id']}: ${server['base_url']}";
 	startPortlet ('Cacti Graphs');
-	if (getConfigVar ('ADDNEW_AT_TOP') == 'yes')
+	if (getConfigVar ('ADDNEW_AT_TOP') == 'yes' && permitted('object','cacti','add'))
 		printNewItemTR ($options);
 	echo "<table cellspacing=\"0\" cellpadding=\"10\" align=\"center\" width=\"50%\">";
 	foreach (getCactiGraphsForObject ($object_id) as $graph_id => $graph)
@@ -8573,14 +8573,19 @@
 		$text = "(graph ${graph_id} on server ${graph['server_id']})";
 		echo "<tr><td>";
 		echo "<a href='${cacti_url}/graph.php?action=view&local_graph_id=${graph_id}&rra_id=all' target='_blank'>";
-		echo "<img src='index.php?module=image&img=cactigraph&object_id=${object_id}&server_id=${graph['server_id']}&graph_id=${graph_id}' alt='${text}' title='${text}'></a></td>";
-		echo "<td><a href='" . makeHrefProcess (array ('op' => 'del', 'server_id' => $graph['server_id'], 'graph_id' => $graph_id));
-		echo "' onclick=\"javascript:return confirm('Are you sure you want to delete the graph?')\">";
-		echo getImageHREF ('Cut', 'Unlink graph') . "</a>&nbsp; &nbsp;${graph['caption']}";
+		echo "<img src='index.php?module=image&img=cactigraph&object_id=${object_id}&server_id=${graph['server_id']}&graph_id=${graph_id}' alt='${text}' title='${text}'></a></td><td>";
+		if(permitted('object','cacti','del'))
+		{
+			echo "<a href='" . makeHrefProcess (array ('op' => 'del', 'server_id' => $graph['server_id'], 'graph_id' => $graph_id));
+			echo "' onclick=\"javascript:return confirm('Are you sure you want to delete the graph?')\">";
+			echo getImageHREF ('Cut', 'Unlink graph') . "</a>";
+		}
+		echo "&nbsp; &nbsp;${graph['caption']}";
+
 		echo "</td></tr>";
 	}
 	echo '</table>';
-	if (getConfigVar ('ADDNEW_AT_TOP') != 'yes')
+	if (getConfigVar ('ADDNEW_AT_TOP') != 'yes' && permitted('object','cacti','add'))
 		printNewItemTR ($options);
 	finishPortlet ();
 }
cacti-perms.patch (2,138 bytes)   
adoom42

adoom42

2013-03-02 23:13

administrator   ~0001185

Thanks for the patch.

Issue History

Date Modified Username Field Change
2013-01-02 13:24 blaza-pl New Issue
2013-01-02 13:24 blaza-pl File Added: cacti-perms.patch
2013-03-02 23:13 adoom42 Note Added: 0001185
2013-03-02 23:13 adoom42 Assigned To => adoom42
2013-03-02 23:13 adoom42 Status new => closed
2013-03-02 23:13 adoom42 Resolution open => fixed
2013-03-02 23:13 adoom42 Fixed in Version => 0.20.4
2013-03-02 23:13 adoom42 Target Version => 0.20.4