Fix disabled commands preventing read access to the Icinga Api

fixes #4339
Icinga · Oct 2, 2013 · ab3e658 · ab3e658
1 parent 3943ea2
commit ab3e658
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/app/modules/Api/actions/ApiCommandAction.class.php b/app/modules/Api/actions/ApiCommandAction.class.php
@@ -36,7 +36,17 @@ public function executeWrite(AgaviRequestDataHolder $rd) {
         if (!$this->context->getUser()->isAuthenticated() || !$this->context->getUser()->hasCredential('icinga.user')) {
             return array('Api', 'GenericError');
         }
+        try {
+            if($this->context->getUser()->getNsmUser()->getTarget('IcingaCommandRo')) {
+                $errors = array('Commands are disabled for this user');
+                $this->getContainer()->setAttributeByRef('errors', $errors, 'org.icinga.api.auth');
+                $this->getContainer()->setAttribute('success', false, 'org.icinga.api.auth');
+            }
+            return array('Api', 'GenericError');
 
+        } catch (AppKitDoctrineException $e) {
+            // PASS
+        }
         $command = $rd->getParameter("command");
 
         $targets = json_decode($rd->getParameter("target"),true);

diff --git a/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php b/app/modules/Api/lib/auth/IcingaApiAuthentificationRoutingCallback.class.php
@@ -63,13 +63,7 @@ public function onMatched(array &$parameters, AgaviExecutionContainer $container
             }
         }
 
-        try {
-            if($this->user->getNsmUser()->getTarget('IcingaCommandRo')) {
-                $errors[] = 'Commands are disabled for this user';
-            }
-        } catch (AppKitDoctrineException $e) {
-            // PASS
-        }
+
 
         if ($this->checkAuthorisation() == false) {
             $errors[] = self::INSUFFICIENT_MSG;