def handle_page(self):
# The automation page is accessed unauthenticated. After leaving the index.py area
# into the page handler we always want to have a user context initialized to keep
# the code free from special cases (if no user logged in, then...). So fake the
# logged in user here.
with SuperUserContext():
self._handle_exc(self.page)
def run(self) -> bool:
self._has_errors = False
self._logger.log(VERBOSE, "Initializing application...")
with application_and_request_context(), SuperUserContext():
self._initialize_gui_environment()
self._initialize_base_environment()
self._logger.log(VERBOSE, "Updating Checkmk configuration...")
self._logger.log(
VERBOSE,
f"{tty.red}ATTENTION: Some steps may take a long time depending "
f"on your installation, e.g. during major upgrades.{tty.normal}",
)
total = len(self._steps())
for count, (step_func, title) in enumerate(self._steps(), start=1):
self._logger.log(VERBOSE,
" %i/%i %s..." % (count, total, title))
try:
step_func()
except Exception:
self._has_errors = True
self._logger.error(' + "%s" failed' % title, exc_info=True)
if self._arguments.debug:
raise
self._logger.log(VERBOSE, "Done")
return self._has_errors
def run(arguments: argparse.Namespace, old_site_id: SiteId,
new_site_id: SiteId) -> bool:
has_errors = False
logger.debug("Initializing application...")
main_modules.load_plugins()
with gui_context(), SuperUserContext():
logger.debug("Starting actions...")
actions = sorted(rename_action_registry.values(),
key=lambda a: a.sort_index)
total = len(actions)
for count, rename_action in enumerate(actions, start=1):
logger.log(VERBOSE, " %i/%i %s...", count, total,
rename_action.title)
try:
rename_action.run(old_site_id, new_site_id)
except Exception:
has_errors = True
logger.error(' + "%s" failed',
rename_action.title,
exc_info=True)
if arguments.debug:
raise
logger.log(VERBOSE, "Done")
return has_errors
def ajax_graph_images_for_notifications():
if request.remote_ip not in ["127.0.0.1", "::1"]:
raise MKUnauthenticatedException(
_("You are not allowed to access this page (%s).") % request.remote_ip)
with SuperUserContext():
_answer_graph_image_request()
def delete(params):
"""Delete a contact group"""
name = params["name"]
check_modify_group_permissions("contact")
with endpoint.do_not_track_permissions(), SuperUserContext():
# HACK: We need to supress this, due to lots of irrelevant dashboard permissions
watolib.delete_group(name, "contact")
return Response(status=204)
def bulk_delete(params):
"""Bulk delete contact groups"""
body = params["body"]
entries = body["entries"]
for group_name in entries:
_group = fetch_group(
group_name,
"contact",
status=400,
message=f"contact group {group_name} was not found",
)
with endpoint.do_not_track_permissions(), SuperUserContext():
for group_name in entries:
# We need to supress this, because a lot of dashboard permissions are checked for
# various reasons.
watolib.delete_group(group_name, "contact")
return Response(status=204)
def page_run_cron() -> None:
lock_file = _lock_file()
# Prevent cron jobs from being run too often, also we need
# locking in order to prevent overlapping runs
if lock_file.exists():
last_run = lock_file.stat().st_mtime
if time.time() - last_run < 59:
raise MKGeneralException("Cron called too early. Skipping.")
with lock_file.open("wb"):
pass # touches the file
# The cron page is accessed unauthenticated. After leaving the page_run_cron area
# into the job functions we always want to have a user context initialized to keep
# the code free from special cases (if no user logged in, then...).
# The jobs need to be run in privileged mode in general. Some jobs, like the network
# scan, switch the user context to a specific other user during execution.
with store.locked(lock_file), SuperUserContext():
logger.debug("Starting cron jobs")
for cron_job in multisite_cronjobs:
try:
job_name = cron_job.__name__
logger.debug("Starting [%s]", job_name)
cron_job()
logger.debug("Finished [%s]", job_name)
except Exception:
response.set_data(
"An exception occured. Take a look at the web.log.\n")
logger.exception("Exception in cron job [%s]", job_name)
logger.debug("Finished all cron jobs")
response.set_data("OK\n")
def _build_index(
self,
match_item_generators: Iterable[ABCMatchItemGenerator],
) -> None:
with SuperUserContext():
self._do_build_index(match_item_generators)
def fixture_gui_context():
with gui_context(), SuperUserContext():
yield
def test_super_user_context(request_context):
assert global_user.id is None
with SuperUserContext():
assert global_user.role_ids == ["admin"]
assert global_user.id is None