Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NagiosBPI BETA permissions alteration

https://support.nagios.com/forum/viewtopic.php?t=6284

Page 1 of 1

NagiosBPI BETA permissions alteration

Posted: Mon Jun 25, 2012 5:26 pm
by KevinD
We have a need in the BPI plugin, that by default nothing should be hidden.
We keep a relatively clean list of the applications in the plugin, so the main page does not get to cluttered in the first place, and users can drill down from there to see things they would like to see.

The BPI Beta, DOES allow us to allow people to see, if they are assigned, but in order to keep things open and visible, we need to manually go through and add EVERY user to EVERY BPI group that exists.

Each time a user is added, they will have to be added to EVERY BPI group that exists.

With hundreds of users, this is becoming a nightmare to control/maintain.

I am trying to tweak the component, to allow a global visibility flag, but have run into a hitch.

Editing functions/bpi_functions.php:is_authorized_for_bpi_group() I can force a return true for all.
This has worked for top level elements, but it does not show children, unless its a host (image attached)
Screen Shot 2012-06-25 at 4.18.56 PM.png
While an admin user can see:
Screen Shot 2012-06-25 at 4.20.29 PM.png
If the user is granted (has ability to view all hosts & services) in the XI admin, it sees things just fine.

So... this is my theory...
It looks like the XML that is pulled from the backend is based on the logged in user.
If that user does not have access to view all hosts & services under a group, somehting errors out, and causes the output under said group to simply not output. (the ajax data that comes back has a hidden UL for the sub-group, but nothing in it)

If that sounds correct, how can I override the backend user that is being used to query the data?
I dug for a while, but could not find much as far as documentation on the functions used to query the data... Rather than spin my wheels, Ill ask for directions.

Thanks
I concede that it is also possible that its doing a DB query to get this data... but I am not sure.

Re: NagiosBPI BETA permissions alteration

Posted: Tue Jun 26, 2012 9:42 am
by mguthrie
XI's backend API is filtered based on the user's authorization level, and this version of BPI honors that as well. If a defined group member is not authorized for the contact to see, it will be hidden from view. Unfortunately we have to keep that part working that way because it's somewhat of a deal-breaker for users with multi-tenancy situations if BPI doesn't maintain the same permissions as Nagios.

However, I think you bring up a really good point about wanting to have all of your users see all groups. I will add that as a config option so that you can specify if you want all groups to be visible. I think that's going to be a necessary feature for some users. I'm going to be out of down next week, and I can't promise I'll get to it this week, so if you need to add a quick hack, what I'm basically going to do is:

Code: Select all

set_option('bpi_showallgroups',true);

get_option('bpi_showallgroups'); //this will get added to the $bpi_options array, and checked first in the is_authorized_for_bpi_group() function.

If you have need to modify the data fetch to always fetch all hosts and services, you'll have to modify the data fetch to use a custom query instead of the backend API call. It'd be something like

Code: Select all

$debug = true; 
$query = "SELECT * FROM sometable";
$resource = exec_sql_query($query,DB_NDOUTILS,$debug); 
foreach($resource as $row)
   //do stuff

Re: NagiosBPI BETA permissions alteration

Posted: Tue Jun 26, 2012 11:59 am
by mguthrie
Emailed Griffin a new revision, let me know what you think. : )
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited