diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php index 5edfbcfab..751774840 100644 --- a/application/controllers/HostController.php +++ b/application/controllers/HostController.php @@ -146,12 +146,12 @@ public function findserviceAction() $info = ServiceFinder::find($host, $serviceName); $backend = $this->backend(); - if ($info && $auth->hasPermission(Permission::HOSTS)) { + if ($info && $auth->hasPermission(Permission::SERVICES)) { $redirectUrl = $info->getUrl(); } elseif ( $info - && (($backend instanceof Monitoring && $auth->hasPermission(Permission::MONITORING_HOSTS)) - || ($backend instanceof IcingadbBackend && $auth->hasPermission(Permission::ICINGADB_HOSTS)) + && (($backend instanceof Monitoring && $auth->hasPermission(Permission::MONITORING_SERVICES)) + || ($backend instanceof IcingadbBackend && $auth->hasPermission(Permission::ICINGADB_SERVICES)) ) && $backend->canModifyService($hostName, $serviceName) ) { @@ -215,6 +215,14 @@ protected function showInfoForNonDirectorService() */ public function servicesAction() { + if (! $this->hasPermission(Permission::SERVICES)) { + if ($this->isServicesReadOnlyAction() && $this->hasPermission($this->getServicesReadOnlyPermission())) { + $this->servicesroAction(); + } + + return; + } + $this->addServicesHeader(); $host = $this->getHostObject(); $this->addTitle($this->translate('Services: %s'), $host->getObjectName()); diff --git a/application/controllers/ServiceController.php b/application/controllers/ServiceController.php index 4782e5e11..510209bbe 100644 --- a/application/controllers/ServiceController.php +++ b/application/controllers/ServiceController.php @@ -37,7 +37,7 @@ protected function checkDirectorPermissions() return; } - $this->assertPermission(Permission::HOSTS); + $this->assertPermission(Permission::SERVICES); } public function init() diff --git a/library/Director/ProvidedHook/Icingadb/HostActions.php b/library/Director/ProvidedHook/Icingadb/HostActions.php index d7332eae9..0a1460ee4 100644 --- a/library/Director/ProvidedHook/Icingadb/HostActions.php +++ b/library/Director/ProvidedHook/Icingadb/HostActions.php @@ -47,10 +47,12 @@ protected function getThem(Host $host): array if (Util::hasPermission(Permission::HOSTS) && IcingaHost::exists($hostname, $db)) { $allowEdit = true; } - if (Util::hasPermission(Permission::ICINGADB_HOSTS)) { - if ((new IcingadbBackend())->canModifyHost($hostname)) { - $allowEdit = IcingaHost::exists($hostname, $db); - } + if ( + Util::hasPermission(Permission::HOSTS) + && Util::hasPermission(Permission::ICINGADB_HOSTS) + && (new IcingadbBackend())->canModifyHost($hostname) + ) { + $allowEdit = IcingaHost::exists($hostname, $db); } if ($allowEdit) { diff --git a/library/Director/ProvidedHook/Icingadb/ServiceActions.php b/library/Director/ProvidedHook/Icingadb/ServiceActions.php index 1603dc37c..f313950b3 100644 --- a/library/Director/ProvidedHook/Icingadb/ServiceActions.php +++ b/library/Director/ProvidedHook/Icingadb/ServiceActions.php @@ -52,12 +52,12 @@ protected function getThem(Service $service) } $title = null; - if (Util::hasPermission(Permission::HOSTS)) { + if ( + Util::hasPermission(Permission::SERVICES) + && Util::hasPermission(Permission::ICINGADB_SERVICES) + && (new IcingadbBackend())->canModifyService($hostname, $serviceName) + ) { $title = mt('director', 'Modify'); - } elseif (Util::hasPermission(Permission::ICINGADB_SERVICES)) { - if ((new IcingadbBackend())->canModifyService($hostname, $serviceName)) { - $title = mt('director', 'Modify'); - } } elseif (Util::hasPermission(Permission::ICINGADB_SERVICES_RO)) { $title = mt('director', 'Configuration'); } diff --git a/library/Director/ProvidedHook/Monitoring/HostActions.php b/library/Director/ProvidedHook/Monitoring/HostActions.php index 2d0469dec..0d799acf2 100644 --- a/library/Director/ProvidedHook/Monitoring/HostActions.php +++ b/library/Director/ProvidedHook/Monitoring/HostActions.php @@ -41,13 +41,12 @@ protected function getThem(Host $host) } $allowEdit = false; - if (Util::hasPermission(Permission::HOSTS) && IcingaHost::exists($hostname, $db)) { - $allowEdit = true; - } - if (Util::hasPermission(Permission::MONITORING_HOSTS)) { - if ((new Monitoring(Auth::getInstance()))->canModifyHost($hostname)) { - $allowEdit = IcingaHost::exists($hostname, $db); - } + if ( + Util::hasPermission(Permission::HOSTS) + && Util::hasPermission(Permission::MONITORING_HOSTS) + && (new Monitoring(Auth::getInstance()))->canModifyHost($hostname) + ) { + $allowEdit = IcingaHost::exists($hostname, $db); } if ($allowEdit) { diff --git a/library/Director/ProvidedHook/Monitoring/ServiceActions.php b/library/Director/ProvidedHook/Monitoring/ServiceActions.php index 834b16644..9ac11848f 100644 --- a/library/Director/ProvidedHook/Monitoring/ServiceActions.php +++ b/library/Director/ProvidedHook/Monitoring/ServiceActions.php @@ -53,12 +53,12 @@ protected function getThem(Service $service) } $title = null; - if (Util::hasPermission(Permission::HOSTS)) { + if ( + Util::hasPermission(Permission::SERVICES) + && Util::hasPermission(Permission::MONITORING_SERVICES) + && (new Monitoring(Auth::getInstance()))->canModifyService($hostname, $serviceName) + ) { $title = mt('director', 'Modify'); - } elseif (Util::hasPermission(Permission::MONITORING_SERVICES)) { - if ((new Monitoring(Auth::getInstance()))->canModifyService($hostname, $serviceName)) { - $title = mt('director', 'Modify'); - } } elseif (Util::hasPermission(Permission::MONITORING_SERVICES_RO)) { $title = mt('director', 'Configuration'); } diff --git a/library/Director/Web/Tabs/ObjectTabs.php b/library/Director/Web/Tabs/ObjectTabs.php index e9142367a..825517aa7 100644 --- a/library/Director/Web/Tabs/ObjectTabs.php +++ b/library/Director/Web/Tabs/ObjectTabs.php @@ -67,7 +67,8 @@ protected function addTabsForExistingObject() 'label' => $this->translate(ucfirst($type)) ]); } - if ($object->getShortTableName() === 'host') { + + if ($object->getShortTableName() === 'host' && $auth->hasPermission(Permission::SERVICES)) { $this->add('services', [ 'url' => 'director/host/services', 'urlParams' => $params,