def handler(req, profiling=True): req.content_type = "text/html; charset=UTF-8" req.header_sent = False # All URIs end in .py. We strip away the .py and get the # name of the page. req.myfile = req.uri.split("/")[-1][:-3] # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. html = htmllib.html(req) html.id = {} # create unique ID for this request __builtin__.html = html req.uriinfo = htmllib.uriinfo(req) response_code = apache.OK try: # Do not parse variables again if profiling (and second run is done) if profiling: read_get_vars(req) read_cookies(req) # Ajax-Functions want no HTML output in case of an error but # just a plain server result code of 500 fail_silently = html.has_var("_ajaxid") # Webservice functions may decide to get a normal result code # but a text with an error message in case of an error plain_error = html.has_var("_plain_error") config.load_config() # load multisite.mk if html.var("debug"): # Debug flag may be set via URL config.debug = True html.set_buffering(config.buffered_http_stream) # profiling can be enabled in multisite.mk if profiling and config.profile: import cProfile # , pstats, sys, StringIO, tempfile # the profiler looses the memory about all modules. We need to park # the request object in the apache module. This seems to be persistent. # Ubuntu: install python-profiler when using this feature apache._profiling_req = req profilefile = defaults.var_dir + "/web/multisite.profile" retcode = cProfile.run( "import index; from mod_python import apache; index.handler(apache._profiling_req, False)", profilefile) file(profilefile + ".py", "w").write( "#!/usr/bin/python\nimport pstats\nstats = pstats.Stats(%r)\nstats.sort_stats('time').print_stats()\n" % profilefile) os.chmod(profilefile + ".py", 0755) return apache.OK # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. load_all_plugins() # Detect mobile devices if html.has_var("mobile"): html.mobile = not not html.var("mobile") else: user_agent = html.req.headers_in.get('User-Agent', '') html.mobile = mobile.is_mobile(user_agent) # Redirect to mobile GUI if we are a mobile device and # the URL is / if req.myfile == "index" and html.mobile: req.myfile = "mobile" # Get page handler handler = pagehandlers.get(req.myfile, page_not_found) # Special handling for automation.py. Sorry, this must be hardcoded # here. Automation calls bybass the normal authentication stuff if req.myfile == "automation": try: handler() except Exception, e: html.write(str(e)) return apache.OK # Prepare output format output_format = html.var("output_format", "html") html.set_output_format(output_format) # Is the user set by the webserver? otherwise use the cookie based auth if not req.user or type(req.user) != str: config.auth_type = 'cookie' # When not authed tell the browser to ask for the password req.user = login.check_auth() if req.user == '': if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException( _('You are not authenticated.')) # Initialize the i18n for the login dialog. This might be overridden # later after user login load_language(html.var("lang", config.get_language())) # After auth check the regular page can be shown result = login.page_login(plain_error) if type(result) == tuple: # This is the redirect to the requested page directly after successful login req.user = result[0] req.uri = result[1] req.myfile = req.uri.split("/")[-1][:-3] handler = pagehandlers.get(req.myfile, page_not_found) else: return result # Set all permissions, read site config, and similar stuff config.login(html.req.user) # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized load_language(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change load_all_plugins() # Initialize default permissions (maybe reload due to language change) import default_permissions default_permissions.load() # User allowed to login at all? if not config.may("general.use"): reason = _( "You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _( "If you think this is an error, " "please ask your administrator to check the permissions configuration." ) if config.auth_type == 'cookie': reason += _( '<p>You have been logged out. Please reload the page to re-authenticate.</p>' ) login.del_auth_cookie() raise MKAuthException(reason) # General access allowed. Now connect to livestatus connect_to_livestatus(html) handler()
def handler(req, fields = None, is_profiling = False): # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. __builtin__.html = html_mod_python(req, fields) response_code = apache.OK try: config.load_config() # load multisite.mk etc. html.init_modes() init_profiling(is_profiling) # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. modules.load_all_plugins() # Get page handler. handler = modules.get_handler(html.myfile, page_not_found) # Some pages do skip authentication. This is done by adding # noauth: to the page hander, e.g. "noauth:run_cron" : ... if handler == page_not_found: handler = modules.get_handler("noauth:" + html.myfile, page_not_found) if handler != page_not_found: try: # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() handler() except Exception, e: html.write(str(e)) if config.debug: html.write(html.attrencode(format_exception())) raise FinalizeRequest() # Is the user set by the webserver? otherwise use the cookie based auth if not html.is_logged_in(): config.auth_type = 'cookie' # When not authed tell the browser to ask for the password html.login(login.check_auth()) if not html.is_logged_in(): if fail_silently(): # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) # Redirect to the login-dialog with the current url as original target # Never render the login form directly when accessing urls like "index.py" # or "dashboard.py". This results in strange problems. if html.myfile != 'login': html.http_redirect(defaults.url_prefix + 'check_mk/login.py?_origtarget=%s' % html.urlencode(html.makeuri([]))) # Initialize the i18n for the login dialog. This might be overridden # later after user login i18n.localize(html.var("lang", config.get_language())) # This either displays the login page or validates the information submitted # to the login form. After successful login a http redirect to the originally # requested page is performed. login.page_login(plain_error()) raise FinalizeRequest() else: # In case of basic auth the user is already known, but we still need to decide # whether or not the user is an automation user (which is allowed to use transid=-1) if html.var("_secret"): login.check_auth_automation() # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() # Set all permissions, read site config, and similar stuff config.login(html.user) html.load_help_visible() # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized i18n.localize(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change modules.load_all_plugins() # User allowed to login at all? if not config.may("general.use"): reason = _("You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _("If you think this is an error, " "please ask your administrator to check the permissions configuration.") if config.auth_type == 'cookie': reason += _('<p>You have been logged out. Please reload the page to re-authenticate.</p>') login.del_auth_cookie() raise MKAuthException(reason) handler()
def handler(req, fields = None, profiling = True): req.content_type = "text/html; charset=UTF-8" req.header_sent = False # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. html = html_mod_python(req, fields) html.enable_debug = config.debug html.id = {} # create unique ID for this request __builtin__.html = html response_code = apache.OK try: # Ajax-Functions want no HTML output in case of an error but # just a plain server result code of 500 fail_silently = html.has_var("_ajaxid") # Webservice functions may decide to get a normal result code # but a text with an error message in case of an error plain_error = html.has_var("_plain_error") config.load_config() # load multisite.mk if html.var("debug"): # Debug flag may be set via URL config.debug = True if html.var("screenshotmode") or config.screenshotmode: # Omit fancy background, make it white html.screenshotmode = True html.enable_debug = config.debug html.set_buffering(config.buffered_http_stream) # profiling can be enabled in multisite.mk if profiling and config.profile: import cProfile # , pstats, sys, StringIO, tempfile # the profiler looses the memory about all modules. We need to hand over # the request object in the apache module. # Ubuntu: install python-profiler when using this feature profilefile = defaults.var_dir + "/web/multisite.profile" retcode = cProfile.runctx( "import index; " "index.handler(profile_req, profile_fields, False)", {'profile_req': req, 'profile_fields': html.fields}, {}, profilefile) file(profilefile + ".py", "w").write( "#!/usr/bin/python\n" "import pstats\n" "stats = pstats.Stats(%r)\n" "stats.sort_stats('time').print_stats()\n" % profilefile) os.chmod(profilefile + ".py", 0755) release_all_locks() return apache.OK # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. load_all_plugins() # Detect mobile devices if html.has_var("mobile"): html.mobile = not not html.var("mobile") else: user_agent = html.req.headers_in.get('User-Agent', '') html.mobile = mobile.is_mobile(user_agent) # Redirect to mobile GUI if we are a mobile device and # the URL is / if html.myfile == "index" and html.mobile: html.myfile = "mobile" # Get page handler. handler = pagehandlers.get(html.myfile, page_not_found) # First initialization of the default permissions. Needs to be done before the auth_file # (auth.php) ist written (it's done during showing the login page for the first time). # Must be loaded before the "automation" call to have the general.* permissions available # during automation action processing (e.g. hooks triggered by restart) default_permissions.load() # Special handling for automation.py. Sorry, this must be hardcoded # here. Automation calls bybass the normal authentication stuff if html.myfile in [ "automation", "run_cron" ]: try: handler() except Exception, e: html.write(str(e)) if config.debug: html.write(html.attrencode(format_exception())) release_all_locks() return apache.OK # Prepare output format output_format = html.var("output_format", "html") html.set_output_format(output_format) # Is the user set by the webserver? otherwise use the cookie based auth if not html.user or type(html.user) != str: config.auth_type = 'cookie' # When not authed tell the browser to ask for the password html.user = login.check_auth() if html.user == '': if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) # Redirect to the login-dialog with the current url as original target # Never render the login form directly when accessing urls like "index.py" # or "dashboard.py". This results in strange problems. if html.myfile != 'login': html.http_redirect(defaults.url_prefix + 'check_mk/login.py?_origtarget=%s' % html.urlencode(html.makeuri([]))) # Initialize the i18n for the login dialog. This might be overridden # later after user login load_language(html.var("lang", config.get_language())) # This either displays the login page or validates the information submitted # to the login form. After successful login a http redirect to the originally # requested page is performed. login.page_login(plain_error) release_all_locks() return apache.OK # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() # Set all permissions, read site config, and similar stuff config.login(html.user) html.load_help_visible() # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized load_language(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change load_all_plugins() # Reload default permissions (maybe reload due to language change) default_permissions.load() # User allowed to login at all? if not config.may("general.use"): reason = _("You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _("If you think this is an error, " "please ask your administrator to check the permissions configuration.") if config.auth_type == 'cookie': reason += _('<p>You have been logged out. Please reload the page to re-authenticate.</p>') login.del_auth_cookie() raise MKAuthException(reason) handler()
def handler(req, fields = None, is_profiling = False): # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. __builtin__.html = html_mod_python(req, fields) response_code = apache.OK try: config.load_config() # load multisite.mk etc. init_profiling(is_profiling) html.init_modes() # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. modules.load_all_plugins() # Get page handler. handler = modules.get_handler(html.myfile, page_not_found) # Some pages do skip authentication. This is done by adding # noauth: to the page hander, e.g. "noauth:run_cron" : ... if handler == page_not_found: handler = modules.get_handler("noauth:" + html.myfile, page_not_found) if handler != page_not_found: try: handler() except Exception, e: html.write("%s" % e) if config.debug: html.write(html.attrencode(format_exception())) raise FinalizeRequest() # Is the user set by the webserver? otherwise use the cookie based auth if not html.is_logged_in(): config.auth_type = 'cookie' # When not authed tell the browser to ask for the password html.login(login.check_auth()) if not html.is_logged_in(): if fail_silently(): # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) # Redirect to the login-dialog with the current url as original target # Never render the login form directly when accessing urls like "index.py" # or "dashboard.py". This results in strange problems. if html.myfile != 'login': html.http_redirect(defaults.url_prefix + 'check_mk/login.py?_origtarget=%s' % html.urlencode(html.makeuri([]))) # Initialize the i18n for the login dialog. This might be overridden # later after user login i18n.localize(html.var("lang", config.get_language())) # This either displays the login page or validates the information submitted # to the login form. After successful login a http redirect to the originally # requested page is performed. login.page_login(plain_error()) raise FinalizeRequest() else: # In case of basic auth the user is already known, but we still need to decide # whether or not the user is an automation user (which is allowed to use transid=-1) if html.var("_secret"): login.check_auth_automation() # Set all permissions, read site config, and similar stuff config.login(html.user) html.load_help_visible() # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized previous_language = current_language i18n.localize(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change. Only trigger # a second plugin loading when the user is really using a custom localized GUI. # Otherwise the load_all_plugins() at the beginning of the request is sufficient. if current_language != previous_language: modules.load_all_plugins() # User allowed to login at all? if not config.may("general.use"): reason = _("You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _("If you think this is an error, " "please ask your administrator to check the permissions configuration.") if config.auth_type == 'cookie': reason += _('<p>You have been logged out. Please reload the page to re-authenticate.</p>') login.del_auth_cookie() raise MKAuthException(reason) handler()
def handler(req, profiling = True): req.content_type = "text/html; charset=UTF-8" req.header_sent = False # All URIs end in .py. We strip away the .py and get the # name of the page. req.myfile = req.uri.split("/")[-1][:-3] # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. html = htmllib.html(req) html.id = {} # create unique ID for this request __builtin__.html = html req.uriinfo = htmllib.uriinfo(req) response_code = apache.OK try: # Do not parse variables again if profiling (and second run is done) if profiling: read_get_vars(req) read_cookies(req) # Ajax-Functions want no HTML output in case of an error but # just a plain server result code of 500 fail_silently = html.has_var("_ajaxid") # Webservice functions may decide to get a normal result code # but a text with an error message in case of an error plain_error = html.has_var("_plain_error") config.load_config() # load multisite.mk if html.var("debug"): # Debug flag may be set via URL config.debug = True html.set_buffering(config.buffered_http_stream) # profiling can be enabled in multisite.mk if profiling and config.profile: import cProfile # , pstats, sys, StringIO, tempfile # the profiler looses the memory about all modules. We need to park # the request object in the apache module. This seems to be persistent. # Ubuntu: install python-profiler when using this feature apache._profiling_req = req profilefile = defaults.var_dir + "/web/multisite.profile" retcode = cProfile.run("import index; from mod_python import apache; index.handler(apache._profiling_req, False)", profilefile) file(profilefile + ".py", "w").write("#!/usr/bin/python\nimport pstats\nstats = pstats.Stats(%r)\nstats.sort_stats('time').print_stats()\n" % profilefile) os.chmod(profilefile + ".py", 0755) release_all_locks() return apache.OK # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. load_all_plugins() # Detect mobile devices if html.has_var("mobile"): html.mobile = not not html.var("mobile") else: user_agent = html.req.headers_in.get('User-Agent', '') html.mobile = mobile.is_mobile(user_agent) # Redirect to mobile GUI if we are a mobile device and # the URL is / if req.myfile == "index" and html.mobile: req.myfile = "mobile" # Get page handler handler = pagehandlers.get(req.myfile, page_not_found) # First initialization of the default permissions. Needs to be done before the auth_file # (auth.php) ist written (it's done during showing the login page for the first time). # Must be loaded before the "automation" call to have the general.* permissions available # during automation action processing (e.g. hooks triggered by restart) default_permissions.load() # Special handling for automation.py. Sorry, this must be hardcoded # here. Automation calls bybass the normal authentication stuff if req.myfile == "automation": try: handler() except Exception, e: html.write(str(e)) release_all_locks() return apache.OK # Prepare output format output_format = html.var("output_format", "html") html.set_output_format(output_format) # Is the user set by the webserver? otherwise use the cookie based auth if not req.user or type(req.user) != str: config.auth_type = 'cookie' # When not authed tell the browser to ask for the password req.user = login.check_auth() if req.user == '': if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) # Initialize the i18n for the login dialog. This might be overridden # later after user login load_language(html.var("lang", config.get_language())) # After auth check the regular page can be shown result = login.page_login(plain_error) if type(result) == tuple: # This is the redirect to the requested page directly after successful login req.user = result[0] req.uri = result[1] req.myfile = req.uri.split("/")[-1][:-3] handler = pagehandlers.get(req.myfile, page_not_found) else: release_all_locks() return result # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() # Set all permissions, read site config, and similar stuff config.login(html.req.user) # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized load_language(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change load_all_plugins() # Reload default permissions (maybe reload due to language change) default_permissions.load() # User allowed to login at all? if not config.may("general.use"): reason = _("You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _("If you think this is an error, " "please ask your administrator to check the permissions configuration.") if config.auth_type == 'cookie': reason += _('<p>You have been logged out. Please reload the page to re-authenticate.</p>') login.del_auth_cookie() raise MKAuthException(reason) # General access allowed. Now connect to livestatus connect_to_livestatus(html) handler()
def handler(req, fields = None, profiling = True): req.content_type = "text/html; charset=UTF-8" req.header_sent = False # Create an object that contains all data about the request and # helper functions for creating valid HTML. Parse URI and # store results in the request object for later usage. html = html_mod_python(req, fields) html.enable_debug = config.debug html.id = {} # create unique ID for this request __builtin__.html = html response_code = apache.OK try: # Ajax-Functions want no HTML output in case of an error but # just a plain server result code of 500 fail_silently = html.has_var("_ajaxid") # Webservice functions may decide to get a normal result code # but a text with an error message in case of an error plain_error = html.has_var("_plain_error") config.load_config() # load multisite.mk if html.var("debug"): # Debug flag may be set via URL config.debug = True if html.var("screenshotmode") or config.screenshotmode: # Omit fancy background, make it white html.screenshotmode = True html.enable_debug = config.debug html.set_buffering(config.buffered_http_stream) # profiling can be enabled in multisite.mk if profiling and config.profile: import cProfile # , pstats, sys, StringIO, tempfile # the profiler loses the memory about all modules. We need to hand over # the request object in the apache module. # Ubuntu: install python-profiler when using this feature profilefile = defaults.var_dir + "/web/multisite.profile" retcode = cProfile.runctx( "import index; " "index.handler(profile_req, profile_fields, False)", {'profile_req': req, 'profile_fields': html.fields}, {}, profilefile) file(profilefile + ".py", "w").write( "#!/usr/bin/python\n" "import pstats\n" "stats = pstats.Stats(%r)\n" "stats.sort_stats('time').print_stats()\n" % profilefile) os.chmod(profilefile + ".py", 0755) release_all_locks() return apache.OK # Make sure all plugins are avaiable as early as possible. At least # we need the plugins (i.e. the permissions declared in these) at the # time before the first login for generating auth.php. load_all_plugins() # Detect mobile devices if html.has_var("mobile"): html.mobile = not not html.var("mobile") else: user_agent = html.req.headers_in.get('User-Agent', '') html.mobile = mobile.is_mobile(user_agent) # Redirect to mobile GUI if we are a mobile device and # the URL is / if html.myfile == "index" and html.mobile: html.myfile = "mobile" # Get page handler. handler = pagehandlers.get(html.myfile, page_not_found) # First initialization of the default permissions. Needs to be done before the auth_file # (auth.php) ist written (it's done during showing the login page for the first time). # Must be loaded before the "automation" call to have the general.* permissions available # during automation action processing (e.g. hooks triggered by restart) default_permissions.load() # Some pages do skip authentication. This is done by adding # noauth: to the page hander, e.g. "noauth:run_cron" : ... if handler == page_not_found: handler = pagehandlers.get("noauth:" + html.myfile, page_not_found) if handler != page_not_found: try: # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() handler() except Exception, e: html.write(str(e)) if config.debug: html.write(html.attrencode(format_exception())) release_all_locks() return apache.OK # Prepare output format output_format = html.var("output_format", "html") html.set_output_format(output_format) # Is the user set by the webserver? otherwise use the cookie based auth if not html.user or type(html.user) != str: config.auth_type = 'cookie' # When not authed tell the browser to ask for the password html.user = login.check_auth() if html.user == '': if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) # Redirect to the login-dialog with the current url as original target # Never render the login form directly when accessing urls like "index.py" # or "dashboard.py". This results in strange problems. if html.myfile != 'login': html.http_redirect(defaults.url_prefix + 'check_mk/login.py?_origtarget=%s' % html.urlencode(html.makeuri([]))) # Initialize the i18n for the login dialog. This might be overridden # later after user login load_language(html.var("lang", config.get_language())) # This either displays the login page or validates the information submitted # to the login form. After successful login a http redirect to the originally # requested page is performed. login.page_login(plain_error) release_all_locks() return apache.OK else: # In case of basic auth the user is already known, but we still need to decide # whether or not the user is an automation user (which is allowed to use transid=-1) if html.var("_secret"): login.check_auth_automation() # Call userdb page hooks which are executed on a regular base to e.g. syncronize # information withough explicit user triggered actions userdb.hook_page() # Set all permissions, read site config, and similar stuff config.login(html.user) html.load_help_visible() # Initialize the multiste i18n. This will be replaced by # language settings stored in the user profile after the user # has been initialized load_language(html.var("lang", config.get_language())) # All plugins might have to be reloaded due to a language change load_all_plugins() # Reload default permissions (maybe reload due to language change) default_permissions.load() # User allowed to login at all? if not config.may("general.use"): reason = _("You are not authorized to use Check_MK Multisite. Sorry. " "You are logged in as <b>%s</b>.") % config.user_id if len(config.user_role_ids): reason += _("Your roles are <b>%s</b>. " % ", ".join(config.user_role_ids)) else: reason += _("<b>You do not have any roles.</b> ") reason += _("If you think this is an error, " "please ask your administrator to check the permissions configuration.") if config.auth_type == 'cookie': reason += _('<p>You have been logged out. Please reload the page to re-authenticate.</p>') login.del_auth_cookie() raise MKAuthException(reason) handler()