Send Netdot-devel mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-devel
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-devel digest..."
Today's Topics:
1. [SCM] Netdot branch netdot-1.0 updated.
netdot-1.0.6-3-g591213b ([email protected])
2. [SCM] Netdot branch master updated. netdot-1.0.6-3-g591213b
([email protected])
----------------------------------------------------------------------
Message: 1
Date: Mon, 5 May 2014 10:29:49 -0700
From: [email protected]
Subject: [Netdot-devel] [SCM] Netdot branch netdot-1.0 updated.
netdot-1.0.6-3-g591213b
To: [email protected]
Message-ID: <[email protected]>
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Netdot".
The branch, netdot-1.0 has been updated
via 591213b6a5bfc4ac59ff85756d969a9b27288c66 (commit)
from 9f737e719222de9438f141bd42f4b81895956499 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 591213b6a5bfc4ac59ff85756d969a9b27288c66
Author: Carlos Vicente <[email protected]>
Date: Mon May 5 13:29:22 2014 -0400
Fix several issues affecting REST operations for non-admin users
diff --git a/htdocs/rest/autohandler b/htdocs/rest/autohandler
index 2c82232..2232f39 100644
--- a/htdocs/rest/autohandler
+++ b/htdocs/rest/autohandler
@@ -20,6 +20,9 @@ if ( $DEBUG ){
print "manager: ", $manager, "<br>";
}
+# Make sure we have this information for every user
+$ui->get_allowed_objects($r, $user) if $user;
+
eval {
$m->call_next(user=>$user, manager=>$manager);
};
diff --git a/lib/Netdot/ObjectAccessRule.pm b/lib/Netdot/ObjectAccessRule.pm
index a7d4910..3ac3923 100644
--- a/lib/Netdot/ObjectAccessRule.pm
+++ b/lib/Netdot/ObjectAccessRule.pm
@@ -278,19 +278,14 @@ sub _deny_action_access {
# ip addresses inherit ancestor permissions
# RRs inherit IP address permissions, but users are allowed to edit and delete
RRs
sub _deny_ip_access {
+
my ($action, $access, $ipblock, $is_rr) = @_;
if ( $action ne 'view' && ($ipblock->interface || $ipblock->snmp_devices)
){
$logger->debug("ObjectAccessRule::_deny_ip_access:
".$ipblock->get_label.
" linked to Device. Denying access.");
return 1;
}
- unless ( $is_rr ){
- if ( $ipblock->is_address && ($action eq 'delete' || $action eq 'edit')
){
- $logger->debug("ObjectAccessRule::_deny_ip_access:
".$ipblock->get_label
- ." Users cannot edit or delete IP addresses. Denying
access.");
- return 1;
- }
- }
+
if ( $ipblock->status ){
my $status = $ipblock->status->name;
if ( $status eq 'Dynamic' || $status eq 'Reserved' ){
diff --git a/lib/Netdot/REST.pm b/lib/Netdot/REST.pm
index d2ba4ff..655e12b 100644
--- a/lib/Netdot/REST.pm
+++ b/lib/Netdot/REST.pm
@@ -364,11 +364,9 @@ sub post{
if ( $obj ){
# We are updating an existing object
- # Only admins can edit things this way
- my $user_type = $self->{user}->getAttribute('USER_TYPE');
- unless ( $user_type && ($user_type eq 'Admin') ){
- $self->throw(code=>Apache2::Const::HTTP_FORBIDDEN,
- msg=>"Netdot::REST::post: User not allowed to
edit objects this way");
+ unless ( $self->{manager}->can($self->{user}, 'edit', $obj) ){
+ $self->throw(code=>Apache2::Const::HTTP_FORBIDDEN,
+ msg=>"Netdot::REST::post: User not allowed to edit
this object");
}
eval {
@@ -420,11 +418,10 @@ sub delete{
unless ( $obj ) {
$self->throw(code=>Apache2::Const::NOT_FOUND, msg=>"Not found");
}
- # Only admins can delete things this way
- my $user_type = $self->{user}->getAttribute('USER_TYPE');
- unless ( $user_type && ($user_type eq 'Admin') ){
- $self->throw(code=>Apache2::Const::HTTP_FORBIDDEN,
- msg=>"Netdot::REST::delete: User not allowed to
delete objects this way");
+
+ unless ( $self->{manager}->can($self->{user}, 'delete', $obj) ){
+ $self->throw(code=>Apache2::Const::HTTP_FORBIDDEN,
+ msg=>"Netdot::REST::delete: User not allowed to delete
this object");
}
eval {
@@ -433,7 +430,6 @@ sub delete{
if ( my $e = $@ ){
$self->throw(code=>Apache2::Const::HTTP_BAD_REQUEST, msg=>'Bad
request');
}
-
}
##################################################################
diff --git a/lib/Netdot/UI.pm b/lib/Netdot/UI.pm
index 5ba9098..4eab361 100644
--- a/lib/Netdot/UI.pm
+++ b/lib/Netdot/UI.pm
@@ -2456,12 +2456,12 @@ sub set_user_type{
Hashref with key=Object class,
value=Hashref with key=Object id, value=access right
Examples:
- $ui->get_allowed_objects($user, 'Device')
+ $ui->get_allowed_objects($r, $user)
=cut
sub get_allowed_objects{
- my ($self, $r, $user, $type) = @_;
+ my ($self, $r, $user) = @_;
$self->throw_fatal("Netdot::UI::get_allowed_objects: Missing required
arguments")
unless ( $r, $user );
-----------------------------------------------------------------------
Summary of changes:
htdocs/rest/autohandler | 3 +++
lib/Netdot/ObjectAccessRule.pm | 9 ++-------
lib/Netdot/REST.pm | 18 +++++++-----------
lib/Netdot/UI.pm | 4 ++--
4 files changed, 14 insertions(+), 20 deletions(-)
hooks/post-receive
--
Netdot
------------------------------
Message: 2
Date: Mon, 5 May 2014 10:30:12 -0700
From: [email protected]
Subject: [Netdot-devel] [SCM] Netdot branch master updated.
netdot-1.0.6-3-g591213b
To: [email protected]
Message-ID: <[email protected]>
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Netdot".
The branch, master has been updated
via 591213b6a5bfc4ac59ff85756d969a9b27288c66 (commit)
from 9f737e719222de9438f141bd42f4b81895956499 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
htdocs/rest/autohandler | 3 +++
lib/Netdot/ObjectAccessRule.pm | 9 ++-------
lib/Netdot/REST.pm | 18 +++++++-----------
lib/Netdot/UI.pm | 4 ++--
4 files changed, 14 insertions(+), 20 deletions(-)
hooks/post-receive
--
Netdot
------------------------------
_______________________________________________
Netdot-devel mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-devel
End of Netdot-devel Digest, Vol 86, Issue 3
*******************************************
