@permission_section_registry.register
class PermissionSectionBackgroundJobs(PermissionSection):
@property
def name(self):
return "background_jobs"
@property
def title(self):
return _("Background jobs")
permission_registry.register(
Permission(
section=PermissionSectionBackgroundJobs,
name="manage_jobs",
title=_l("Manage background jobs"),
description=_l("Allows you to see the job overview page."),
defaults=["admin"],
))
permission_registry.register(
Permission(
section=PermissionSectionBackgroundJobs,
name="stop_jobs",
title=_l("Stop background jobs"),
description=_l(
"Configures the permission to stop background jobs. Note: some jobs cannot be stopped."
),
defaults=["user", "admin"],
))
raise MKGeneralException(
_("Deprecated WATO modes found: %r. "
"They need to be refactored to new API.") % list(modes.keys()))
# This must be set after plugin loading to make broken plugins raise
# exceptions all the time and not only the first time (when the plugins
# are loaded).
loaded_with_language = cmk.gui.i18n.get_current_language()
permission_registry.register(
Permission(
section=cmk.gui.plugins.wato.utils.PermissionSectionWATO,
name="use",
title=_l("Use WATO"),
description=_l("This permissions allows users to use WATO - Check_MK's "
"Web Administration Tool. Without this "
"permission all references to WATO (buttons, links, "
"snapins) will be invisible."),
defaults=["admin", "user"],
))
permission_registry.register(
Permission(
section=cmk.gui.plugins.wato.utils.PermissionSectionWATO,
name="edit",
title=_l("Make changes, perform actions"),
description=_l("This permission is needed in order to make any "
"changes or perform any actions at all. "
"Without this permission, the user is only "
"able to view data, and that only in modules he "
@property
def title(self):
return _("Crash time")
@property
def columns(self):
return ['crash_time']
def cmp(self, r1, r2):
return cmp_simple_number("crash_time", r1, r2)
PermissionActionDeleteCrashReport = permission_registry.register(
Permission(
section=PermissionSectionAction,
name="delete_crash_report",
title=_l("Delete crash reports"),
description=_l("Delete crash reports created by Checkmk"),
defaults=["admin"],
))
@command_registry.register
class CommandDeleteCrashReports(Command):
@property
def ident(self):
return "delete_crash_reports"
@property
def title(self):
return _("Delete crash reports")
if loaded_with_language == cmk.gui.i18n.get_current_language() and not force:
return
utils.load_web_plugins("webapi", globals())
# This must be set after plugin loading to make broken plugins raise
# exceptions all the time and not only the first time (when the plugins
# are loaded).
loaded_with_language = cmk.gui.i18n.get_current_language()
permission_registry.register(
Permission(
section=PermissionSectionWATO,
name="api_allowed",
title=_l("Access to Web-API"),
description=_l("This permissions specifies if the role "
"is able to use Web-API functions. It is only available "
"for automation users."),
defaults=config.builtin_role_ids,
))
Formatter = Callable[[Dict[str, Any]], str]
_FORMATTERS: Dict[str, Tuple[Formatter, Formatter]] = {
"json":
(json.dumps,
lambda response: json.dumps(response, sort_keys=True, indent=4, separators=(',', ': '))),
"python": (repr, pprint.pformat),
"xml":
(dicttoxml.dicttoxml,
lambda response: xml.dom.minidom.parseString(dicttoxml.dicttoxml(response)).toprettyxml()),
return True
# .--Reschedule----------------------------------------------------------.
# | ____ _ _ _ |
# | | _ \ ___ ___ ___| |__ ___ __| |_ _| | ___ |
# | | |_) / _ \/ __|/ __| '_ \ / _ \/ _` | | | | |/ _ \ |
# | | _ < __/\__ \ (__| | | | __/ (_| | |_| | | __/ |
# | |_| \_\___||___/\___|_| |_|\___|\__,_|\__,_|_|\___| |
# | |
# '----------------------------------------------------------------------'
PermissionActionReschedule = permission_registry.register(
Permission(
section=PermissionSectionAction,
name="reschedule",
title=_l("Reschedule checks"),
description=_l("Reschedule host and service checks"),
defaults=["user", "admin"],
))
@command_registry.register
class CommandReschedule(Command):
@property
def ident(self):
return "reschedule"
@property
def title(self):
return _("Reschedule active checks")
"title": _("Send an E-Mail"),
"handler": notify_mail,
},
"dashlet": {
"title": _("Show notification in dashboard element 'User notifications'"),
"handler": notify_gui_msg,
},
}
permission_registry.register(
Permission(
section=PermissionSectionGeneral,
name="notify",
title=_l("Notify Users"),
description=_l(
"This permissions allows users to send notifications to the users of "
"the monitoring system using the web interface."
),
defaults=["admin"],
)
)
@cmk.gui.pages.register("notify")
def page_notify():
if not user.may("general.notify"):
raise MKAuthException(_("You are not allowed to use the notification module."))
title = _("Notify users")
breadcrumb = make_simple_page_breadcrumb(mega_menu_registry.menu_setup(), title)
menu = _page_menu(breadcrumb)
@property
def name(self):
return "bi"
@property
def title(self):
return _("BI - Checkmk Business Intelligence")
permission_registry.register(
Permission(
section=PermissionSectionBI,
name="see_all",
title=_l("See all hosts and services"),
description=_l(
"With this permission set, the BI aggregation rules are applied to all "
"hosts and services - not only those the user is a contact for. If you "
"remove this permissions then the user will see incomplete aggregation "
"trees with status based only on those items."
),
defaults=["admin", "guest"],
)
)
def is_part_of_aggregation(host, service):
if BIAggregationPacks.get_num_enabled_aggregations() == 0:
return False
return get_cached_bi_compiler().is_part_of_aggregation(host, service)
def get_aggregation_group_trees():
return "general"
@property
def title(self):
return _("General Permissions")
@property
def sort_index(self):
return 10
PermissionGeneralUse = permission_registry.register(
Permission(
section=PermissionSectionGeneral,
name="use",
title=_l("Use the GUI at all"),
description=_l("Users without this permission are not let in at all"),
defaults=config.builtin_role_ids,
)
)
permission_registry.register(
Permission(
section=PermissionSectionGeneral,
name="server_side_requests",
title=_l("Perform requests from the Checkmk server"),
description=_l(
"Users with this permission can use GUI features that initiate network connections "
"from the Checkmk server to other hosts on the intra/internet. Although this feature "
"makes it e.g. easier to fetch CAs from servers it may be used to scan the internal "
"network for open ports and running services."
# | |____/ \___/ \_/\_/ |_| |_|\__|_|_| |_| |_|\___||___/ |
# | |
# '----------------------------------------------------------------------'
permission_registry.register(PermissionActionDowntimes := Permission(
section=PermissionSectionAction,
name="downtimes",
title=_l("Set/Remove downtimes"),
description=_l("Schedule and remove downtimes on hosts and services"),
defaults=["user", "admin"],
))
permission_registry.register(
Permission(
section=PermissionSectionAction,
name="remove_all_downtimes",
title=_l("Remove all downtimes"),
description=_l("Allow the user to use the action \"Remove all\" downtimes"),
defaults=["user", "admin"],
))
@command_group_registry.register
class CommandGroupDowntimes(CommandGroup):
@property
def ident(self):
return "downtimes"
@property
def title(self):
return _("Schedule downtimes")
@permission_section_registry.register
class PermissionSectionNagVis(PermissionSection):
@property
def name(self):
return "nagvis"
@property
def title(self):
return _('NagVis')
permission_registry.register(
Permission(
section=PermissionSectionNagVis,
name="*_*_*",
title=_l('Full access'),
description=_l('This permission grants full access to NagVis.'),
defaults=["admin"],
))
permission_registry.register(
Permission(
section=PermissionSectionNagVis,
name="Rotation_view_*",
title=_l('Use all map rotations'),
description=_l('Grants read access to all rotations.'),
defaults=["guest"],
))
permission_registry.register(
Permission(
"handler": message_mail,
},
"dashlet": {
"title": _("Show in the dashboard element 'User messages'"),
"confirmation_title":
_("in the dashboard element 'User messages'"),
"handler": message_gui,
},
}
permission_registry.register(
Permission(
section=PermissionSectionGeneral,
name="message",
title=_l("Send user message"),
description=_l(
"This permission allows users to send messages to the users of "
"the monitoring system using the web interface."),
defaults=["admin"],
))
@cmk.gui.pages.register("message")
def page_message():
if not user.may("general.message"):
raise MKAuthException(
_("You are not allowed to use the message module."))
title = _("Send user message")
breadcrumb = make_simple_page_breadcrumb(mega_menu_registry.menu_setup(),
title)
constructors,
Endpoint,
permissions,
request_schemas,
response_schemas,
)
from cmk.gui.plugins.openapi.utils import ProblemException
_403_STATUS_DESCRIPTION = "You do not have the permission for agent pairing."
permission_registry.register(
Permission(
section=PermissionSectionGeneral,
name="agent_pairing",
title=_l("Agent pairing"),
description=_l(
"Pairing of Checkmk agents with the monitoring site. This step establishes trust "
"between the agent and the monitoring site."
),
defaults=["admin"],
)
)
def _user_is_authorized() -> bool:
return user.may("general.agent_pairing")
def _get_root_ca() -> RootCA:
return RootCA.load(root_cert_path(cert_dir(Path(omd_root))))
