Hi, I have been using Thold for years.
Now finally built a new clean 64-bit system (for more memory) and loaded all the the latest plugins.
I absolutely love!! the threshold 'log' feature, and want to pass this view on to non super users.
It appears user permissions is mostly? working in Thold 0.4.9..
Users can't see thresholds, logs, or hosts of other groups
(meaning a user accounts 'hosts' list in user perms prevent them seeing other peoples hosts
But in the 'hosts' drop down list, on the first THOLD tab (Thresholds), is shows hosts names of every host on the system.
Is this just a bug effecting me? Can someone please check this is the case?
Cheers,
Jason
Thold - User perms working? I see other peoples hosts!!!
Moderators: Developers, Moderators
Re: Thold - User perms working? I see other peoples hosts!!!
OK... having a look in to this further..
The code for Thold works very different to how the main apps graph_view.php works
I was hoping to simply copy how the graph_view.php prevents 'hosts' showing up in the drop box that does not belong to that user.
I am not good with PHP, and can't figure out where to patch to fix this.
I would really love some help here. I sold my audience of users in a recent presentation/demo.
Now putting it together, it appears Thold has a bug (on not?) that will preventing be allowing users to see alerts/logs themselves (rather than just email alerts)
I simply can't allow other users to see other peoples hosts, and the new shared system was to consolidate 3 separate Cacti instances in to a single system that each groups thinks is their own when they login e.g. they don't even see other customer names/locations/devices other than there. This silly drop list issue is holding me up.
Otherwise I might have to kill the drop list all together for the interim, but would still like to raise a bug if I am correct (is this in fact an issue?)
Here is from tholds way on presenting the hosts drop list...
And here is graph_view.php, which definitely prevents hosts showing in the drop list if the user does not have permissions on that host.
The code for Thold works very different to how the main apps graph_view.php works
I was hoping to simply copy how the graph_view.php prevents 'hosts' showing up in the drop box that does not belong to that user.
I am not good with PHP, and can't figure out where to patch to fix this.
I would really love some help here. I sold my audience of users in a recent presentation/demo.
Now putting it together, it appears Thold has a bug (on not?) that will preventing be allowing users to see alerts/logs themselves (rather than just email alerts)
I simply can't allow other users to see other peoples hosts, and the new shared system was to consolidate 3 separate Cacti instances in to a single system that each groups thinks is their own when they login e.g. they don't even see other customer names/locations/devices other than there. This silly drop list issue is holding me up.
Otherwise I might have to kill the drop list all together for the interim, but would still like to raise a bug if I am correct (is this in fact an issue?)
Here is from tholds way on presenting the hosts drop list...
Code: Select all
<td width='1'>
<select name='hostid' onChange='applyTHoldFilterChange(document.listthold)'>
<option value='ALL'>Any</option>
<?php
foreach ($hostresult as $row) {
echo "<option value='" . $row['id'] . "'" . (isset($_REQUEST['hostid']) && $row['id'] == $_REQUEST['hostid'] ? ' selected' : '') . '>' . $row['description'] . ' - (' . $row['hostname'] . ')' . '</option>';
}
?>
</select>
</td>
...
$current_user = db_fetch_row('SELECT * FROM user_auth WHERE id=' . $_SESSION['sess_user_id']);
$sql_where .= (!strlen($sql_where) ? 'WHERE ' : ' AND ') . get_graph_permissions_sql($current_user['policy_graphs'], $current_user['policy_hosts'], $current_user['policy_graph_templates']);
$sql = "SELECT * FROM thold_data
LEFT JOIN user_auth_perms on ((thold_data.graph_id=user_auth_perms.item_id and user_auth_perms.type=1 and user_auth_perms.user_id=" . $_SESSION['sess_user_id'] . ") OR (thold_data.host_id=user_auth_perms.item_id and user_auth_perms.type=3 and user_auth_perms.user_id=" . $_SESSION['sess_user_id'] . ") OR (thold_data.graph_template=user_auth_perms.item_id and user_auth_perms.type=4 and user_auth_perms.user_id=" . $_SESSION['sess_user_id'] . "))
$sql_where
ORDER BY $sort " . $_REQUEST['sort_direction'] .
$limit;
$result = db_fetch_assoc($sql);
$sql_where_hid = 'WHERE ' . get_graph_permissions_sql($current_user['policy_graphs'], $current_user['policy_hosts'], $current_user['policy_graph_templates']);
$hostresult = db_fetch_assoc("SELECT DISTINCT host.id, host.description, host.hostname
FROM host
INNER JOIN thold_data ON (host.id = thold_data.host_id)
LEFT JOIN user_auth_perms on (thold_data.host_id=user_auth_perms.item_id and user_auth_perms.type=3 and user_auth_perms.user_id=" . $_SESSION['sess_user_id'] . ")
$sql_where_hid
ORDER BY description");
And here is graph_view.php, which definitely prevents hosts showing in the drop list if the user does not have permissions on that host.
Code: Select all
<?php
if (read_config_option("auth_method") != 0) {
/* get policy information for the sql where clause */
$sql_where = get_graph_permissions_sql($current_user["policy_graphs"], $current_user["policy_hosts"], $current_user["policy_graph_templates"]);
$hosts = db_fetch_assoc("SELECT DISTINCT host.id, host.description as name
FROM host
LEFT JOIN graph_local ON ( host.id = graph_local.host_id )
LEFT JOIN graph_templates_graph ON ( graph_templates_graph.local_graph_id = graph_local.id )
LEFT JOIN graph_templates ON (graph_templates.id=graph_local.graph_template_id)
LEFT JOIN user_auth_perms ON ((graph_templates_graph.local_graph_id=user_auth_perms.item_id and user_auth_perms.type=1 and user_auth_perms.user_id=" . $_SESSION["sess_user_id"] . ") OR (host.id=user_auth_perms.item_id and user_auth_perms.type=3 and user_auth_perms.user_id=" . $_SESSION["sess_user_id"] . ") OR (graph_templates.id=user_auth_perms.item_id and user_auth_perms.type=4 and user_auth_perms.user_id=" . $_SESSION["sess_user_id"] . "))
WHERE graph_templates_graph.local_graph_id=graph_local.id
" . (empty($sql_where) ? "" : "and $sql_where") . "
ORDER BY name");
}else{
$hosts = db_fetch_assoc("SELECT DISTINCT host.id, host.description as name
FROM host
ORDER BY name");
}
if (sizeof($hosts) > 0) {
foreach ($hosts as $host) {
print "<option value='" . $host["id"] . "'"; if (get_request_var_request("host_id") == $host["id"]) { print " selected"; } print ">" . htmlspecialchars($host["name"]) . "</option>\n";
}
}
?>
Re: Thold - User perms working? I see other peoples hosts!!!
Bugger... I was wrong...
It is not just the host drop list in thresholds tab, it is also the log tab.
I see others peoples hosts in the drop list. Fortunately when I select the hosts, it does not show the event/alarm.
However, when displaying ALL log events, the alarm is displayed - thus giving away the other customer name (in host title)..
So I guess a mutil-user bug too here on the log view...
Hope these forums is still active????? I have posted a few messages the past few days, and not a single comment/reply except spam..
Cheers,
Jason
It is not just the host drop list in thresholds tab, it is also the log tab.
I see others peoples hosts in the drop list. Fortunately when I select the hosts, it does not show the event/alarm.
However, when displaying ALL log events, the alarm is displayed - thus giving away the other customer name (in host title)..
So I guess a mutil-user bug too here on the log view...
Hope these forums is still active????? I have posted a few messages the past few days, and not a single comment/reply except spam..
Cheers,
Jason
Who is online
Users browsing this forum: No registered users and 4 guests