def test_permission_sorting(do_sort, result): sections = permissions.PermissionSectionRegistry() perms = permissions.PermissionRegistry() @sections.register class Sec1(permissions.PermissionSection): @property def name(self): return "sec1" @property def title(self): return "SEC1" @property def do_sort(self): return do_sort for permission_name in ["Z", "z", "A", "b", "a", "1", "g"]: perms.register( Permission( section=Sec1, name=permission_name, title=permission_name.title(), description="bla", defaults=["admin"], ) ) sorted_perms = [p.name for p in perms.get_sorted_permissions(Sec1())] assert sorted_perms == result
@permission_section_registry.register class PermissionSectionBackgroundJobs(PermissionSection): @property def name(self): return "background_jobs" @property def title(self): return _("Background jobs") permission_registry.register( Permission( section=PermissionSectionBackgroundJobs, name="manage_jobs", title=_l("Manage background jobs"), description=_l("Allows you to see the job overview page."), defaults=["admin"], )) permission_registry.register( Permission( section=PermissionSectionBackgroundJobs, name="stop_jobs", title=_l("Stop background jobs"), description=_l( "Configures the permission to stop background jobs. Note: some jobs cannot be stopped." ), defaults=["user", "admin"], ))
@property def title(self): return _("Crash time") @property def columns(self): return ['crash_time'] def cmp(self, r1, r2): return cmp_simple_number("crash_time", r1, r2) permission_registry.register(PermissionActionDeleteCrashReport := Permission( section=PermissionSectionAction, name="delete_crash_report", title=_l("Delete crash reports"), description=_l("Delete crash reports created by Checkmk"), defaults=["admin"], )) @command_registry.register class CommandDeleteCrashReports(Command): @property def ident(self): return "delete_crash_reports" @property def title(self): return _("Delete crash reports") @property
raise MKGeneralException( _("Deprecated WATO modes found: %r. " "They need to be refactored to new API.") % list(modes.keys())) # This must be set after plugin loading to make broken plugins raise # exceptions all the time and not only the first time (when the plugins # are loaded). loaded_with_language = cmk.gui.i18n.get_current_language() permission_registry.register( Permission( section=cmk.gui.plugins.wato.utils.PermissionSectionWATO, name="use", title=_l("Use WATO"), description=_l("This permissions allows users to use WATO - Check_MK's " "Web Administration Tool. Without this " "permission all references to WATO (buttons, links, " "snapins) will be invisible."), defaults=["admin", "user"], )) permission_registry.register( Permission( section=cmk.gui.plugins.wato.utils.PermissionSectionWATO, name="edit", title=_l("Make changes, perform actions"), description=_l("This permission is needed in order to make any " "changes or perform any actions at all. " "Without this permission, the user is only " "able to view data, and that only in modules he " "has explicit permissions for."),
return utils.load_web_plugins("webapi", globals()) # This must be set after plugin loading to make broken plugins raise # exceptions all the time and not only the first time (when the plugins # are loaded). loaded_with_language = cmk.gui.i18n.get_current_language() permission_registry.register( Permission( section=PermissionSectionWATO, name="api_allowed", title=_l("Access to Web-API"), description=_l("This permissions specifies if the role " "is able to use Web-API functions. It is only available " "for automation users."), defaults=config.builtin_role_ids, )) Formatter = Callable[[Dict[str, Any]], str] _FORMATTERS: Dict[str, Tuple[Formatter, Formatter]] = { "json": (json.dumps, lambda response: json.dumps(response, sort_keys=True, indent=4, separators=(',', ': '))), "python": (repr, pprint.pformat), "xml": (dicttoxml.dicttoxml, lambda response: xml.dom.minidom.parseString(dicttoxml.dicttoxml(response)).toprettyxml()),
# .--Reschedule----------------------------------------------------------. # | ____ _ _ _ | # | | _ \ ___ ___ ___| |__ ___ __| |_ _| | ___ | # | | |_) / _ \/ __|/ __| '_ \ / _ \/ _` | | | | |/ _ \ | # | | _ < __/\__ \ (__| | | | __/ (_| | |_| | | __/ | # | |_| \_\___||___/\___|_| |_|\___|\__,_|\__,_|_|\___| | # | | # '----------------------------------------------------------------------' PermissionActionReschedule = permission_registry.register( Permission( section=PermissionSectionAction, name="reschedule", title=_l("Reschedule checks"), description=_l("Reschedule host and service checks"), defaults=["user", "admin"], )) @command_registry.register class CommandReschedule(Command): @property def ident(self): return "reschedule" @property def title(self): return _("Reschedule active checks")
"title": _("Send an E-Mail"), "handler": notify_mail, }, "dashlet": { "title": _("Show notification in dashboard element 'User notifications'"), "handler": notify_gui_msg, }, } permission_registry.register( Permission( section=PermissionSectionGeneral, name="notify", title=_l("Notify Users"), description=_l( "This permissions allows users to send notifications to the users of " "the monitoring system using the web interface." ), defaults=["admin"], ) ) @cmk.gui.pages.register("notify") def page_notify(): if not user.may("general.notify"): raise MKAuthException(_("You are not allowed to use the notification module.")) title = _("Notify users") breadcrumb = make_simple_page_breadcrumb(mega_menu_registry.menu_setup(), title) menu = _page_menu(breadcrumb)
@property def name(self): return "bi" @property def title(self): return _("BI - Checkmk Business Intelligence") permission_registry.register( Permission( section=PermissionSectionBI, name="see_all", title=_l("See all hosts and services"), description=_l( "With this permission set, the BI aggregation rules are applied to all " "hosts and services - not only those the user is a contact for. If you " "remove this permissions then the user will see incomplete aggregation " "trees with status based only on those items." ), defaults=["admin", "guest"], ) ) def is_part_of_aggregation(host, service): if BIAggregationPacks.get_num_enabled_aggregations() == 0: return False return get_cached_bi_compiler().is_part_of_aggregation(host, service) def get_aggregation_group_trees():
return "general" @property def title(self): return _("General Permissions") @property def sort_index(self): return 10 PermissionGeneralUse = permission_registry.register( Permission( section=PermissionSectionGeneral, name="use", title=_l("Use the GUI at all"), description=_l("Users without this permission are not let in at all"), defaults=config.builtin_role_ids, ) ) permission_registry.register( Permission( section=PermissionSectionGeneral, name="server_side_requests", title=_l("Perform requests from the Checkmk server"), description=_l( "Users with this permission can use GUI features that initiate network connections " "from the Checkmk server to other hosts on the intra/internet. Although this feature " "makes it e.g. easier to fetch CAs from servers it may be used to scan the internal " "network for open ports and running services."
@permission_section_registry.register class PermissionSectionNagVis(PermissionSection): @property def name(self): return "nagvis" @property def title(self): return _('NagVis') permission_registry.register( Permission( section=PermissionSectionNagVis, name="*_*_*", title=_l('Full access'), description=_l('This permission grants full access to NagVis.'), defaults=["admin"], )) permission_registry.register( Permission( section=PermissionSectionNagVis, name="Rotation_view_*", title=_l('Use all map rotations'), description=_l('Grants read access to all rotations.'), defaults=["guest"], )) permission_registry.register( Permission(
}, "dashlet": { "title": _("Show in the dashboard element 'User messages'"), "confirmation_title": _("in the dashboard element 'User messages'"), "handler": message_gui, }, } permission_registry.register( Permission( section=PermissionSectionGeneral, name="message", title=_l("Send user message"), description=_l( "This permission allows users to send messages to the users of " "the monitoring system using the web interface."), defaults=["admin"], )) @cmk.gui.pages.register("message") def page_message(): if not user.may("general.message"): raise MKAuthException( _("You are not allowed to use the message module.")) title = _("Send user message") breadcrumb = make_simple_page_breadcrumb(mega_menu_registry.menu_setup(), title)
constructors, Endpoint, permissions, request_schemas, response_schemas, ) from cmk.gui.plugins.openapi.utils import ProblemException _403_STATUS_DESCRIPTION = "You do not have the permission for agent pairing." permission_registry.register( Permission( section=PermissionSectionGeneral, name="agent_pairing", title=_l("Agent pairing"), description=_l( "Pairing of Checkmk agents with the monitoring site. This step establishes trust " "between the agent and the monitoring site." ), defaults=["admin"], ) ) def _user_is_authorized() -> bool: return user.may("general.agent_pairing") def _get_root_ca() -> RootCA: return RootCA.load(root_cert_path(cert_dir(Path(omd_root))))
@permission_section_registry.register class PermissionSectionNagVis(PermissionSection): @property def name(self): return "nagvis" @property def title(self): return _("NagVis") permission_registry.register( Permission( section=PermissionSectionNagVis, name="*_*_*", title=_l("Full access"), description=_l("This permission grants full access to NagVis."), defaults=["admin"], )) permission_registry.register( Permission( section=PermissionSectionNagVis, name="Rotation_view_*", title=_l("Use all map rotations"), description=_l("Grants read access to all rotations."), defaults=["guest"], )) permission_registry.register( Permission(