Revision 63aa2a70
Les managers ont accès à toutes les données sans restriction.
git-svn-id: https://vigilo-dev.si.c-s.fr/svn@3037 b22e2e97-25c9-44ff-b637-2e5ceca36478
vigigraph/controllers/rpc.py | ||
---|---|---|
92 | 92 |
user = get_current_user() |
93 | 93 |
if user is None: |
94 | 94 |
return dict(items=[]) |
95 |
supitemgroups = user.supitemgroups() |
|
96 | 95 |
|
97 | 96 |
groups_with_parents = DBSession.query( |
98 | 97 |
GroupHierarchy.idparent, |
99 |
).distinct( |
|
100 |
).filter(GroupHierarchy.idchild.in_(supitemgroups) |
|
101 |
).all() |
|
102 |
groups_with_parents = [g.idparent for g in groups_with_parents] |
|
98 |
).distinct() |
|
103 | 99 |
|
100 |
# Les managers ont accès à tout. |
|
101 |
# Les autres ont un accès restreint. |
|
102 |
is_manager = in_group('managers').is_met(request.environ) |
|
103 |
if not is_manager: |
|
104 |
supitemgroups = user.supitemgroups() |
|
105 |
groups_with_parents = groups_with_parents.filter( |
|
106 |
GroupHierarchy.idchild.in_(supitemgroups)) |
|
107 |
|
|
108 |
groups_with_parents = [g.idparent for g in groups_with_parents.all()] |
|
104 | 109 |
children = DBSession.query( |
105 | 110 |
SupItemGroup |
106 | 111 |
).distinct( |
... | ... | |
143 | 148 |
user = get_current_user() |
144 | 149 |
if user is None: |
145 | 150 |
return dict(items=[]) |
146 |
supitemgroups = user.supitemgroups() |
|
147 | 151 |
|
148 | 152 |
hostgroups = DBSession.query( |
149 | 153 |
SupItemGroup.name, |
... | ... | |
153 | 157 |
SupItemGroup.idgroup), |
154 | 158 |
).filter(GroupHierarchy.idparent == maingroupid |
155 | 159 |
).filter(GroupHierarchy.hops == 1 |
156 |
).filter(SupItemGroup.idgroup.in_(supitemgroups) |
|
157 |
).order_by( |
|
158 |
SupItemGroup.name.asc(), |
|
159 |
).all() |
|
160 |
hostgroups = [(hg.name, str(hg.idgroup)) for hg in hostgroups] |
|
160 |
).order_by(SupItemGroup.name.asc()) |
|
161 |
|
|
162 |
# Les managers ont accès à tout. |
|
163 |
# Les autres ont un accès restreint. |
|
164 |
is_manager = in_group('managers').is_met(request.environ) |
|
165 |
if not is_manager: |
|
166 |
supitemgroups = user.supitemgroups() |
|
167 |
hostgroups = hostgroups.filter( |
|
168 |
SupItemGroup.idgroup.in_(supitemgroups)) |
|
169 |
|
|
170 |
hostgroups = [(hg.name, str(hg.idgroup)) for hg in hostgroups.all()] |
|
161 | 171 |
hostgroups.insert(0, (_('No subgroup'), str(maingroupid))) |
162 | 172 |
return dict(items=hostgroups) |
163 | 173 |
|
... | ... | |
185 | 195 |
user = get_current_user() |
186 | 196 |
if user is None: |
187 | 197 |
return dict(items=[]) |
188 |
supitemgroups = user.supitemgroups() |
|
189 | 198 |
|
190 | 199 |
groups_with_parents = DBSession.query( |
191 | 200 |
GroupHierarchy.idparent, |
192 |
).distinct( |
|
193 |
).filter(GroupHierarchy.idchild.in_(supitemgroups) |
|
194 |
).all() |
|
195 |
groups_with_parents = [g.idparent for g in groups_with_parents] |
|
201 |
).distinct() |
|
202 |
|
|
203 |
# Les managers ont accès à tout. |
|
204 |
# Les autres ont un accès restreint. |
|
205 |
is_manager = in_group('managers').is_met(request.environ) |
|
206 |
if not is_manager: |
|
207 |
supitemgroups = user.supitemgroups() |
|
208 |
groups_with_parents = groups_with_parents.filter( |
|
209 |
GroupHierarchy.idchild.in_(supitemgroups)) |
|
196 | 210 |
|
211 |
groups_with_parents = [g.idparent for g in groups_with_parents.all()] |
|
197 | 212 |
hosts = DBSession.query( |
198 | 213 |
Host.name, |
199 | 214 |
Host.idhost, |
... | ... | |
239 | 254 |
user = get_current_user() |
240 | 255 |
if user is None: |
241 | 256 |
return dict(items=[]) |
242 |
supitemgroups = user.supitemgroups() |
|
243 | 257 |
|
244 | 258 |
graphgroups = DBSession.query( |
245 | 259 |
GraphGroup.name, |
... | ... | |
261 | 275 |
LowLevelService.idservice, |
262 | 276 |
)), |
263 | 277 |
).filter(LowLevelService.idhost == idhost |
264 |
).filter(SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups) |
|
265 |
).order_by( |
|
266 |
GraphGroup.name.asc() |
|
267 |
).all() |
|
278 |
).order_by(GraphGroup.name.asc()) |
|
279 |
|
|
280 |
# Les managers ont accès à tout. |
|
281 |
# Les autres ont un accès restreint. |
|
282 |
is_manager = in_group('managers').is_met(request.environ) |
|
283 |
if not is_manager: |
|
284 |
supitemgroups = user.supitemgroups() |
|
285 |
graphgroups = graphgroups.filter( |
|
286 |
SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups)) |
|
268 | 287 |
|
269 |
graphgroups = [(gg.name, str(gg.idgroup)) for gg in graphgroups] |
|
288 |
graphgroups = [(gg.name, str(gg.idgroup)) for gg in graphgroups.all()]
|
|
270 | 289 |
return dict(items=graphgroups) |
271 | 290 |
|
272 | 291 |
class GraphsSchema(schema.Schema): |
... | ... | |
294 | 313 |
user = get_current_user() |
295 | 314 |
if user is None: |
296 | 315 |
return dict(items=[]) |
297 |
supitemgroups = user.supitemgroups() |
|
298 | 316 |
|
299 | 317 |
graphs = DBSession.query( |
300 | 318 |
Graph.name, |
... | ... | |
317 | 335 |
)), |
318 | 336 |
).filter(GraphGroup.idgroup == idgraphgroup |
319 | 337 |
).filter(LowLevelService.idhost == idhost |
320 |
).filter(SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups) |
|
321 |
).order_by( |
|
322 |
Graph.name.asc() |
|
323 |
).all() |
|
338 |
).order_by(Graph.name.asc()) |
|
339 |
|
|
340 |
# Les managers ont accès à tout. |
|
341 |
# Les autres ont un accès restreint. |
|
342 |
is_manager = in_group('managers').is_met(request.environ) |
|
343 |
if not is_manager: |
|
344 |
supitemgroups = user.supitemgroups() |
|
345 |
graphs = graphs.filter( |
|
346 |
SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups)) |
|
324 | 347 |
|
325 |
graphs = [(pds.name, str(pds.idgraph)) for pds in graphs] |
|
348 |
graphs = [(pds.name, str(pds.idgraph)) for pds in graphs.all()]
|
|
326 | 349 |
return dict(items=graphs) |
327 | 350 |
|
328 | 351 |
class SearchHostAndGraphSchema(schema.Schema): |
... | ... | |
352 | 375 |
@rtype: document json (sous forme de dict) |
353 | 376 |
""" |
354 | 377 |
user = get_current_user() |
378 |
items = [] |
|
379 |
|
|
355 | 380 |
if user is None: |
356 | 381 |
return dict(items=[]) |
357 |
supitemgroups = user.supitemgroups() |
|
358 |
|
|
359 |
items = [] |
|
360 | 382 |
|
361 | 383 |
# On a un nom d'indicateur, mais pas de nom d'hôte, |
362 | 384 |
# on considère que l'utilisateur veut tous les indicateurs |
... | ... | |
387 | 409 |
)), |
388 | 410 |
).filter(Host.name.ilike('%' + host + '%') |
389 | 411 |
).filter(Graph.name.ilike('%' + graph + '%') |
390 |
).filter(SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups) |
|
391 | 412 |
).order_by( |
392 | 413 |
Host.name.asc(), |
393 | 414 |
Graph.name.asc(), |
... | ... | |
409 | 430 |
(SUPITEM_GROUP_TABLE, SUPITEM_GROUP_TABLE.c.idsupitem == \ |
410 | 431 |
Host.idhost), |
411 | 432 |
).filter(Host.name.ilike('%' + host + '%') |
412 |
).filter(SUPITEM_GROUP_TABLE.c.idsupitem.in_(supitemgroups) |
|
413 | 433 |
).order_by(Host.name.asc()) |
414 | 434 |
|
435 |
# Les managers ont accès à tout. |
|
436 |
# Les autres ont un accès restreint. |
|
437 |
is_manager = in_group('managers').is_met(request.environ) |
|
438 |
if not is_manager: |
|
439 |
supitemgroups = user.supitemgroups() |
|
440 |
items = items.filter( |
|
441 |
SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups)) |
|
442 |
|
|
415 | 443 |
items = items.limit(100).all() |
416 | 444 |
if graph is None: |
417 | 445 |
items = [(item.hostname, "") for item in items] |
... | ... | |
630 | 658 |
if user is None: |
631 | 659 |
return dict(host=host, start=start, duration=duration, |
632 | 660 |
presets=self.presets, graphs=[]) |
633 |
supitemgroups = user.supitemgroups() |
|
634 | 661 |
|
635 | 662 |
# Récupération de la liste des noms des graphes, |
636 | 663 |
# avec vérification des permissions de l'utilisateur. |
... | ... | |
652 | 679 |
LowLevelService.idservice, |
653 | 680 |
SUPITEM_GROUP_TABLE.c.idsupitem == Host.idhost, |
654 | 681 |
)) |
655 |
).filter(SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups) |
|
656 |
).all() |
|
682 |
) |
|
657 | 683 |
|
684 |
# Les managers ont accès à tout. |
|
685 |
# Les autres ont un accès restreint. |
|
686 |
is_manager = in_group('managers').is_met(request.environ) |
|
687 |
if not is_manager: |
|
688 |
supitemgroups = user.supitemgroups() |
|
689 |
graphs = graphs.filter( |
|
690 |
SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups)) |
|
691 |
|
|
692 |
graphs = graphs.all() |
|
658 | 693 |
return dict(host=host, start=start, duration=duration, |
659 | 694 |
presets=self.presets, graphs=graphs) |
660 | 695 |
|
... | ... | |
735 | 770 |
user = get_current_user() |
736 | 771 |
if user is None: |
737 | 772 |
return dict(items=[]) |
738 |
supitemgroups = user.supitemgroups() |
|
739 | 773 |
|
740 | 774 |
# Récupère les hôtes auxquels l'utilisateur a réellement accès. |
741 | 775 |
hosts = DBSession.query( |
... | ... | |
749 | 783 |
SUPITEM_GROUP_TABLE.c.idsupitem == |
750 | 784 |
LowLevelService.idservice, |
751 | 785 |
)), |
752 |
).filter(SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups) |
|
753 | 786 |
).filter(Host.name.like(query + '%') |
754 | 787 |
).order_by( |
755 | 788 |
Host.name.asc(), |
756 | 789 |
) |
790 |
|
|
791 |
# Les managers ont accès à tout. |
|
792 |
# Les autres ont un accès restreint. |
|
793 |
is_manager = in_group('managers').is_met(request.environ) |
|
794 |
if not is_manager: |
|
795 |
supitemgroups = user.supitemgroups() |
|
796 |
hosts = hosts.filter( |
|
797 |
SUPITEM_GROUP_TABLE.c.idgroup.in_(supitemgroups)) |
|
798 |
|
|
757 | 799 |
return dict(hosts=hosts) |
758 | 800 |
|
759 | 801 |
# VIGILO_EXIG_VIGILO_PERF_0030:Moteur de recherche des graphes |
Also available in: Unified diff