def _bulk_delete_after_confirm(cls, what):
to_delete = []
for varname, _value in html.request.itervars(prefix="_c_%s+" % what):
if html.get_checkbox(varname):
checkbox_ident = varname.split("_c_%s+" % what)[-1]
to_delete.append(checkbox_ident.split("+", 1))
if not to_delete:
return
c = html.confirm(
_("Do you really want to delete %d %s?") % (len(to_delete), cls.phrase("title_plural")))
if c:
for owner, instance_id in to_delete:
cls.remove_instance((owner, instance_id))
for owner in {e[0] for e in to_delete}:
cls.save_user_instances(owner)
html.reload_sidebar()
elif c is False:
return False
def _add_extra_attrs_from_html_vars(self):
self._attr['user_editable'] = html.get_checkbox('user_editable')
def action(self) -> ActionResult:
# TODO: remove subclass specific things specifict things (everything with _type == 'user')
if not html.check_transaction():
return None
title = html.request.get_unicode_input_mandatory("title").strip()
if not title:
raise MKUserError("title", _("Please specify a title."))
for this_attr in self._attrs:
if title == this_attr['title'] and self._name != this_attr['name']:
raise MKUserError(
"alias",
_("This alias is already used by the attribute %s.") %
this_attr['name'])
topic = html.request.get_unicode_input_mandatory('topic', '').strip()
help_txt = html.request.get_unicode_input_mandatory('help', '').strip()
show_in_table = html.get_checkbox('show_in_table')
add_custom_macro = html.get_checkbox('add_custom_macro')
if self._new:
self._name = html.request.get_ascii_input_mandatory("name",
'').strip()
if not self._name:
raise MKUserError(
"name", _("Please specify a name for the new attribute."))
if ' ' in self._name:
raise MKUserError(
"name",
_("Sorry, spaces are not allowed in attribute names."))
if not re.match("^[-a-z0-9A-Z_]*$", self._name):
raise MKUserError(
"name",
_("Invalid attribute name. Only the characters a-z, A-Z, 0-9, _ and - are allowed."
))
if [a for a in self._attrs if a['name'] == self._name]:
raise MKUserError(
"name",
_("Sorry, there is already an attribute with that name."))
ty = html.request.get_ascii_input_mandatory('type', '').strip()
if ty not in [t[0] for t in custom_attr_types()]:
raise MKUserError('type',
_('The choosen attribute type is invalid.'))
self._attr = {
'name': self._name,
'type': ty,
}
self._attrs.append(self._attr)
add_change(
"edit-%sattr" % self._type,
_("Create new %s attribute %s") % (self._type, self._name))
else:
add_change(
"edit-%sattr" % self._type,
_("Modified %s attribute %s") % (self._type, self._name))
self._attr.update({
'title': title,
'topic': topic,
'help': help_txt,
'show_in_table': show_in_table,
'add_custom_macro': add_custom_macro,
})
self._add_extra_attrs_from_html_vars()
save_custom_attrs_to_mk_file(self._all_attrs)
self._update_config()
return redirect(mode_url(self._type + "_attrs"))
def action(self, cmdtag, spec, row, row_index, num_rows):
down_from = int(time.time())
down_to = None
if self._has_recurring_downtimes() and html.get_checkbox(
"_down_do_recur"):
from cmk.gui.cee.plugins.wato.cmc import recurring_downtimes_types
recurring_type = int(html.request.var("_down_recurring"))
title_start = _("schedule a periodic downtime every %s"
) % recurring_downtimes_types()[recurring_type]
else:
title_start = _("schedule an immediate downtime")
rangebtns = (varname for varname, _value in html.request.itervars(
prefix="_downrange"))
def resolve_end(name):
now = time.localtime(down_from)
if name == "next_day":
return time.mktime((now.tm_year, now.tm_mon, now.tm_mday, 23, 59, 59, 0, 0, now.tm_isdst)) + 1, \
_("<b>%s until 24:00:00</b> on") % title_start
elif name == "next_week":
wday = now.tm_wday
days_plus = 6 - wday
res = time.mktime((now.tm_year, now.tm_mon, now.tm_mday, 23,
59, 59, 0, 0, now.tm_isdst)) + 1
res += days_plus * 24 * 3600
return res, _("<b>%s until sunday night</b> on") % title_start
elif name == "next_month":
new_month = now.tm_mon + 1
if new_month == 13:
new_year = now.tm_year + 1
new_month = 1
else:
new_year = now.tm_year
return time.mktime((new_year, new_month, 1, 0, 0, 0, 0, 0, now.tm_isdst)), \
_("<b>%s until end of month</b> on") % title_start
elif name == "next_year":
return time.mktime((now.tm_year, 12, 31, 23, 59, 59, 0, 0, now.tm_isdst)) + 1, \
_("<b>%s until end of %d</b> on") % (title_start, now.tm_year)
else:
duration = int(name)
return down_from + duration, \
_("<b>%s of %s length</b> on") %\
(title_start, self._get_duration_human_readable(duration))
try:
rangebtn = next(rangebtns)
except StopIteration:
rangebtn = None
if rangebtn:
_btnname, end = rangebtn.split("__", 1)
down_to, title = resolve_end(end)
elif html.request.var("_down_from_now"):
try:
minutes = int(html.request.var("_down_minutes", ""))
except ValueError:
minutes = 0
if minutes <= 0:
raise MKUserError(
"_down_minutes",
_("Please enter a positive number of minutes."))
down_to = time.time() + minutes * 60
title = _("<b>%s for the next %d minutes</b> on") % (title_start,
minutes)
elif html.request.var("_down_adhoc"):
minutes = config.adhoc_downtime.get("duration", 0)
down_to = time.time() + minutes * 60
title = _("<b>%s for the next %d minutes</b> on") % (title_start,
minutes)
elif html.request.var("_down_custom"):
down_from = html.get_datetime_input("_down_from")
down_to = html.get_datetime_input("_down_to")
if down_to < time.time():
raise MKUserError(
"_down_to",
_("You cannot set a downtime that ends in the past. "
"This incident will be reported."))
if down_to < down_from:
raise MKUserError(
"_down_to", _("Your end date is before your start date."))
title = _("<b>schedule a downtime from %s to %s</b> on ") % (
time.asctime(time.localtime(down_from)),
time.asctime(time.localtime(down_to)))
elif html.request.var("_down_remove") and config.user.may(
"action.remove_all_downtimes"):
if html.request.var("_on_hosts"):
raise MKUserError(
"_on_hosts",
_("The checkbox for setting host downtimes does not work when removing downtimes."
))
downtime_ids = []
if cmdtag == "HOST":
prefix = "host_"
else:
prefix = "service_"
for id_ in row[prefix + "downtimes"]:
if id_ != "":
downtime_ids.append(int(id_))
commands = []
for dtid in downtime_ids:
commands.append("DEL_%s_DOWNTIME;%d\n" % (cmdtag, dtid))
title = _("<b>remove all scheduled downtimes</b> of ")
return commands, title
if down_to:
if html.request.var("_down_adhoc"):
comment = config.adhoc_downtime.get("comment", "")
else:
comment = html.get_unicode_input("_down_comment")
if not comment:
raise MKUserError(
"_down_comment",
_("You need to supply a comment for your downtime."))
if html.request.var("_down_flexible"):
fixed = 0
duration = html.get_time_input("_down_duration",
_("the duration"))
else:
fixed = 1
duration = 0
if html.get_checkbox("_down_do_recur"):
fixed_and_recurring = recurring_type * 2 + fixed
else:
fixed_and_recurring = fixed
def make_command(spec, cmdtag):
return ("SCHEDULE_" + cmdtag +
"_DOWNTIME;%s;" % spec) + ("%d;%d;%d;0;%d;%s;" % (
down_from,
down_to,
fixed_and_recurring,
duration,
config.user.id,
)) + livestatus.lqencode(comment)
if "aggr_tree" in row: # BI mode
commands = []
for site, host, service in bi.find_all_leaves(
row["aggr_tree"]):
if service:
spec = "%s;%s" % (host, service)
cmdtag = "SVC"
else:
spec = host
cmdtag = "HOST"
commands.append((site, make_command(spec, cmdtag)))
else:
if html.request.var("_include_childs"): # only for hosts
specs = [spec] + self._get_child_hosts(
row["site"], [spec],
recurse=bool(
html.request.var("_include_childs_recurse")))
elif html.request.var(
"_on_hosts"): # set on hosts instead of services
specs = [spec.split(";")[0]]
title += " the hosts of"
cmdtag = "HOST"
else:
specs = [spec]
commands = [make_command(spec, cmdtag) for spec in specs]
return commands, title
def _show_page_user_profile(change_pw):
start_async_replication = False
if not config.user.id:
raise MKUserError(None, _('Not logged in.'))
if not config.user.may('general.edit_profile') and not config.user.may(
'general.change_password'):
raise MKAuthException(
_("You are not allowed to edit your user profile."))
if not config.wato_enabled:
raise MKAuthException(
_('User profiles can not be edited (WATO is disabled).'))
success = None
if html.request.has_var('_save') and html.check_transaction():
users = userdb.load_users(lock=True)
try:
# Profile edit (user options like language etc.)
if config.user.may('general.edit_profile'):
if not change_pw:
set_lang = html.get_checkbox('_set_lang')
language = html.request.var('language')
# Set the users language if requested
if set_lang:
if language == '':
language = None
# Set custom language
users[config.user.id]['language'] = language
config.user.language = language
html.set_language_cookie(language)
else:
# Remove the customized language
if 'language' in users[config.user.id]:
del users[config.user.id]['language']
config.user.reset_language()
# load the new language
cmk.gui.i18n.localize(config.user.language)
user = users.get(config.user.id)
if config.user.may('general.edit_notifications'
) and user.get("notifications_enabled"):
value = forms.get_input(
watolib.get_vs_flexible_notifications(),
"notification_method")
users[config.user.id]["notification_method"] = value
# Custom attributes
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
if not attr.permission() or config.user.may(
attr.permission()):
vs = attr.valuespec()
value = vs.from_html_vars('ua_' + name)
vs.validate_value(value, "ua_" + name)
users[config.user.id][name] = value
# Change the password if requested
password_changed = False
if config.user.may('general.change_password'):
cur_password = html.request.var('cur_password')
password = html.request.var('password')
password2 = html.request.var('password2', '')
if change_pw:
# Force change pw mode
if not cur_password:
raise MKUserError(
"cur_password",
_("You need to provide your current password."))
if not password:
raise MKUserError(
"password", _("You need to change your password."))
if cur_password == password:
raise MKUserError(
"password",
_("The new password must differ from your current one."
))
if cur_password and password:
if userdb.hook_login(config.user.id,
cur_password) is False:
raise MKUserError("cur_password",
_("Your old password is wrong."))
if password2 and password != password2:
raise MKUserError(
"password2",
_("The both new passwords do not match."))
watolib.verify_password_policy(password)
users[config.user.id]['password'] = hash_password(password)
users[config.user.id]['last_pw_change'] = int(time.time())
if change_pw:
# Has been changed, remove enforcement flag
del users[config.user.id]['enforce_pw_change']
# Increase serial to invalidate old cookies
if 'serial' not in users[config.user.id]:
users[config.user.id]['serial'] = 1
else:
users[config.user.id]['serial'] += 1
password_changed = True
# Now, if in distributed environment where users can login to remote sites,
# set the trigger for pushing the new auth information to the slave sites
# asynchronous
if config.user.authorized_login_sites():
start_async_replication = True
userdb.save_users(users)
if password_changed:
# Set the new cookie to prevent logout for the current user
login.set_auth_cookie(config.user.id)
success = True
except MKUserError as e:
html.add_user_error(e.varname, e)
else:
users = userdb.load_users()
watolib.init_wato_datastructures(with_wato_lock=True)
# When in distributed setup, display the replication dialog instead of the normal
# profile edit dialog after changing the password.
if start_async_replication:
user_profile_async_replication_page()
return
if change_pw:
title = _("Change Password")
else:
title = _("Edit User Profile")
html.header(title)
# Rule based notifications: The user currently cannot simply call the according
# WATO module due to WATO permission issues. So we cannot show this button
# right now.
if not change_pw:
rulebased_notifications = watolib.load_configuration_settings().get(
"enable_rulebased_notifications")
if rulebased_notifications and config.user.may(
'general.edit_notifications'):
html.begin_context_buttons()
url = "wato.py?mode=user_notifications_p"
html.context_button(_("Notifications"), url, "notifications")
html.end_context_buttons()
else:
reason = html.request.var('reason')
if reason == 'expired':
html.p(
_('Your password is too old, you need to choose a new password.'
))
else:
html.p(
_('You are required to change your password before proceeding.'
))
if success:
html.reload_sidebar()
if change_pw:
html.show_message(_("Your password has been changed."))
raise HTTPRedirect(html.request.var('_origtarget', 'index.py'))
else:
html.show_message(_("Successfully updated user profile."))
# Ensure theme changes are applied without additional user interaction
html.immediate_browser_redirect(0.5, html.makeuri([]))
if html.has_user_errors():
html.show_user_errors()
user = users.get(config.user.id)
if user is None:
html.show_warning(_("Sorry, your user account does not exist."))
html.footer()
return
# Returns true if an attribute is locked and should be read only. Is only
# checked when modifying an existing user
locked_attributes = userdb.locked_attributes(user.get('connector'))
def is_locked(attr):
return attr in locked_attributes
html.begin_form("profile", method="POST")
html.prevent_password_auto_completion()
html.open_div(class_="wato")
forms.header(_("Personal Settings"))
if not change_pw:
forms.section(_("Name"), simple=True)
html.write_text(user.get("alias", config.user.id))
if config.user.may(
'general.change_password') and not is_locked('password'):
forms.section(_("Current Password"))
html.password_input('cur_password', autocomplete="new-password")
forms.section(_("New Password"))
html.password_input('password', autocomplete="new-password")
forms.section(_("New Password Confirmation"))
html.password_input('password2', autocomplete="new-password")
if not change_pw and config.user.may('general.edit_profile'):
select_language(user)
# Let the user configure how he wants to be notified
if not rulebased_notifications \
and config.user.may('general.edit_notifications') \
and user.get("notifications_enabled"):
forms.section(_("Notifications"))
html.help(
_("Here you can configure how you want to be notified about host and service problems and "
"other monitoring events."))
watolib.get_vs_flexible_notifications().render_input(
"notification_method", user.get("notification_method"))
if config.user.may('general.edit_user_attributes'):
for name, attr in userdb.get_user_attributes():
if attr.user_editable():
vs = attr.valuespec()
forms.section(_u(vs.title()))
value = user.get(name, vs.default_value())
if not attr.permission() or config.user.may(
attr.permission()):
vs.render_input("ua_" + name, value)
html.help(_u(vs.help()))
else:
html.write(vs.value_to_text(value))
# Save button
forms.end()
html.button("_save", _("Save"))
html.close_div()
html.hidden_fields()
html.end_form()
html.footer()
def action(self):
if not html.check_transaction():
return "users"
if self._is_new_user:
self._user_id = UserID(allow_empty=False).from_html_vars("user_id")
user_attrs = {}
else:
self._user_id = html.get_unicode_input("edit").strip()
user_attrs = self._users[self._user_id]
# Full name
user_attrs["alias"] = html.get_unicode_input("alias").strip()
# Locking
user_attrs["locked"] = html.get_checkbox("locked")
increase_serial = False
if self._user_id in self._users and self._users[
self._user_id]["locked"] != user_attrs["locked"] and user_attrs["locked"]:
increase_serial = True # when user is being locked now, increase the auth serial
# Authentication: Password or Secret
auth_method = html.request.var("authmethod")
if auth_method == "secret":
secret = html.request.var("_auth_secret", "").strip()
user_attrs["automation_secret"] = secret
user_attrs["password"] = hash_password(secret)
increase_serial = True # password changed, reflect in auth serial
else:
password = html.request.var("_password_" + self._pw_suffix(), '').strip()
password2 = html.request.var("_password2_" + self._pw_suffix(), '').strip()
# We compare both passwords only, if the user has supplied
# the repeation! We are so nice to our power users...
# Note: this validation is done before the main-validiation later on
# It doesn't make any sense to put this block into the main validation function
if password2 and password != password2:
raise MKUserError("_password2", _("The both passwords do not match."))
# Detect switch back from automation to password
if "automation_secret" in user_attrs:
del user_attrs["automation_secret"]
if "password" in user_attrs:
del user_attrs["password"] # which was the encrypted automation password!
if password:
user_attrs["password"] = hash_password(password)
user_attrs["last_pw_change"] = int(time.time())
increase_serial = True # password changed, reflect in auth serial
# PW change enforcement
user_attrs["enforce_pw_change"] = html.get_checkbox("enforce_pw_change")
if user_attrs["enforce_pw_change"]:
increase_serial = True # invalidate all existing user sessions, enforce relogon
# Increase serial (if needed)
if increase_serial:
user_attrs["serial"] = user_attrs.get("serial", 0) + 1
# Email address
user_attrs["email"] = EmailAddressUnicode().from_html_vars("email")
idle_timeout = watolib.get_vs_user_idle_timeout().from_html_vars("idle_timeout")
user_attrs["idle_timeout"] = idle_timeout
if idle_timeout is not None:
user_attrs["idle_timeout"] = idle_timeout
elif idle_timeout is None and "idle_timeout" in user_attrs:
del user_attrs["idle_timeout"]
# Pager
user_attrs["pager"] = html.request.var("pager", '').strip()
if cmk.is_managed_edition():
customer = self._vs_customer.from_html_vars("customer")
self._vs_customer.validate_value(customer, "customer")
if customer != managed.default_customer_id():
user_attrs["customer"] = customer
elif "customer" in user_attrs:
del user_attrs["customer"]
vs_sites = self._vs_sites()
authorized_sites = vs_sites.from_html_vars("authorized_sites")
vs_sites.validate_value(authorized_sites, "authorized_sites")
if authorized_sites is not None:
user_attrs["authorized_sites"] = authorized_sites
elif "authorized_sites" in user_attrs:
del user_attrs["authorized_sites"]
# Roles
user_attrs["roles"] = [
role for role in self._roles.keys() if html.get_checkbox("role_" + role)
]
# Language configuration
set_lang = html.get_checkbox("_set_lang")
language = html.request.var("language")
if set_lang:
if language == "":
language = None
user_attrs["language"] = language
elif not set_lang and "language" in user_attrs:
del user_attrs["language"]
# Contact groups
cgs = []
for c in self._contact_groups:
if html.get_checkbox("cg_" + c):
cgs.append(c)
user_attrs["contactgroups"] = cgs
# Notification settings are only active if we do *not* have
# rule based notifications!
if not self._rbn_enabled():
# Notifications
user_attrs["notifications_enabled"] = html.get_checkbox("notifications_enabled")
ntp = html.request.var("notification_period")
if ntp not in self._timeperiods:
ntp = "24X7"
user_attrs["notification_period"] = ntp
for what, opts in [("host", "durfs"), ("service", "wucrfs")]:
user_attrs[what + "_notification_options"] = "".join(
[opt for opt in opts if html.get_checkbox(what + "_" + opt)])
value = watolib.get_vs_flexible_notifications().from_html_vars("notification_method")
user_attrs["notification_method"] = value
else:
user_attrs["fallback_contact"] = html.get_checkbox("fallback_contact")
# Custom user attributes
for name, attr in userdb.get_user_attributes():
value = attr.valuespec().from_html_vars('ua_' + name)
user_attrs[name] = value
# Generate user "object" to update
user_object = {self._user_id: {"attributes": user_attrs, "is_new_user": self._is_new_user}}
# The following call validates and updated the users
edit_users(user_object)
return "users"
