Revision f2e30877
Factorisation du prédicat d'accès à VigiBoard.
Les utilisateurs du groupe "managers" ont accès à toutes les données.
git-svn-id: https://vigilo-dev.si.c-s.fr/svn@3028 b22e2e97-25c9-44ff-b637-2e5ceca36478
vigiboard/controllers/root.py | ||
---|---|---|
42 | 42 |
""" |
43 | 43 |
autocomplete = AutoCompleteController() |
44 | 44 |
|
45 |
# Prédicat pour la restriction de l'accès aux interfaces. |
|
46 |
# L'utilisateur doit avoir la permission "vigiboard-read" |
|
47 |
# ou appartenir au groupe "managers" pour accéder à VigiBoard. |
|
48 |
access_restriction = All( |
|
49 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
50 |
Any(in_group('managers'), |
|
51 |
has_permission('vigiboard-read'), |
|
52 |
msg=l_("You don't have read access to VigiBoard")) |
|
53 |
) |
|
54 |
|
|
45 | 55 |
def process_form_errors(self, *argv, **kwargv): |
46 | 56 |
""" |
47 | 57 |
Gestion des erreurs de validation : On affiche les erreurs |
... | ... | |
70 | 80 |
validators=DefaultSchema(), |
71 | 81 |
error_handler = process_form_errors) |
72 | 82 |
@expose('events_table.html') |
73 |
@require( |
|
74 |
All( |
|
75 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
76 |
Any(in_group('managers'), |
|
77 |
has_permission('vigiboard-read'), |
|
78 |
msg=l_("You don't have read access to VigiBoard")) |
|
79 |
)) |
|
83 |
@require(access_restriction) |
|
80 | 84 |
def default(self, page, supitemgroup, host, service, |
81 | 85 |
output, trouble_ticket, from_date, to_date): |
82 | 86 |
""" |
... | ... | |
223 | 227 |
validators=MaskedEventsSchema(), |
224 | 228 |
error_handler = process_form_errors) |
225 | 229 |
@expose('raw_events_table.html') |
226 |
@require( |
|
227 |
All( |
|
228 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
229 |
Any(in_group('managers'), |
|
230 |
has_permission('vigiboard-read'), |
|
231 |
msg=l_("You don't have read access to VigiBoard")) |
|
232 |
)) |
|
230 |
@require(access_restriction) |
|
233 | 231 |
def masked_events(self, idcorrevent, page): |
234 | 232 |
""" |
235 | 233 |
Affichage de la liste des événements bruts masqués dans un |
... | ... | |
335 | 333 |
validators=EventSchema(), |
336 | 334 |
error_handler = process_form_errors) |
337 | 335 |
@expose('history_table.html') |
338 |
@require( |
|
339 |
All( |
|
340 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
341 |
Any(in_group('managers'), |
|
342 |
has_permission('vigiboard-read'), |
|
343 |
msg=l_("You don't have read access to VigiBoard")) |
|
344 |
)) |
|
336 |
@require(access_restriction) |
|
345 | 337 |
def event(self, idevent, page): |
346 | 338 |
""" |
347 | 339 |
Affichage de l'historique d'un événement brut. |
... | ... | |
430 | 422 |
validators=ItemSchema(), |
431 | 423 |
error_handler = process_form_errors) |
432 | 424 |
@expose('events_table.html') |
433 |
@require( |
|
434 |
All( |
|
435 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
436 |
Any(in_group('managers'), |
|
437 |
has_permission('vigiboard-read'), |
|
438 |
msg=l_("You don't have read access to VigiBoard")) |
|
439 |
)) |
|
425 |
@require(access_restriction) |
|
440 | 426 |
def item(self, page, host, service): |
441 | 427 |
""" |
442 | 428 |
Affichage de l'historique de l'ensemble des événements corrélés |
... | ... | |
658 | 644 |
validators=GetPluginValueSchema(), |
659 | 645 |
error_handler = handle_validation_errors_json) |
660 | 646 |
@expose('json') |
661 |
@require( |
|
662 |
All( |
|
663 |
not_anonymous(msg=l_("You need to be authenticated")), |
|
664 |
Any(in_group('managers'), |
|
665 |
has_permission('vigiboard-read'), |
|
666 |
msg=l_("You don't have read access to VigiBoard")) |
|
667 |
)) |
|
647 |
@require(access_restriction) |
|
668 | 648 |
def get_plugin_value(self, idcorrevent, plugin_name, *arg, **krgv): |
669 | 649 |
""" |
670 | 650 |
Permet de récupérer la valeur d'un plugin associée à un CorrEvent |
Also available in: Unified diff