Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
[dev.icinga.com #3652] PHP-Problem when "Don't allow critical commands (like disabling host checks)" is enabled #1017
This issue has been migrated from Redmine: https://dev.icinga.com/issues/3652
Created by gbotti on 2013-02-07 19:55:59 +00:00
I have created a user, that should be allowed to maintain some servers without critical commands.
The user is in role "appkit_user" only. Everything works fine until I activate the "Don't allow critical commands (like disabling host checks)" option.
To reproduce it I enabled this option. When I open the "services ok" tab and press "Refresh" I get the message "Request failed" (see Icinga-Web-Error.tiff). In the logfile the line
If I try to open "Host Details" the complete Interface freezes and the mentioned Error appears 4 times.
2013-02-07 21:43:53 +00:00 by mfrosch 0d565b1
2013-02-11 14:17:16 +00:00 by mfrosch 72f9533
2013-02-11 18:39:56 +00:00 by mfrosch ac56d25
Updated by mfrosch on 2013-02-07 20:29:56 +00:00
Well actually that sounds like an error we fixed in Web 1.8.1.
Please verify that your database has been updated to its 1.8.1 version, because its a database definition of the actual permission.
Updated by gbotti on 2013-02-07 21:14:22 +00:00
I didn't update this server. I made a fresh installalation about a week ago. It was the first time I installed Icinga Web.
Anyway. You were right, the value 'IcingaDataCommandRestrictionPrincipalTarget' was not in my database. After I have added it the Error message is gone.
Thank you very much for your support.
Updated by gbotti on 2013-02-07 21:34:17 +00:00
First I installed some depencies with
then I downloaded the file icinga-web-1.8.1.tar.gz from sourceforge and unpacked it.
I also ran "make testdeps". There were no errors shown.
Then I created the database with:
I checked the rights and the database with phpmyadmin.
Then "make db-initialize", where I confirmed the db-user specified-question with yes...
After that I could log in with root and "password" into icinga-web.
Updated by mfrosch on 2013-02-07 21:46:52 +00:00
Ah i see, I missed to fix the model itself.
Guess the most users either don't use that feature, or install the db schema via the sql files.
dnsmichi: Please merge into 1.8.2
Btw. there are Debian packages of 1.8.1 for squeeze - see http://www.debmon.org
Updated by mfriedrich on 2013-02-07 22:59:01 +00:00
ok, so this make db-initialize command will use those generated models. likely there could be other null'ed targets as well which may have been fixed in sql, but not in the nsm targets.
how about this one?
plus - i see ^M windows style here.
so i guess there's a little more to review here, so marius decides to merge/fix then as it's not obvious to me how this should look like.
Updated by mfrosch on 2013-02-11 13:56:31 +00:00
So, I diffed the mysql.sql file with the schema created my "make db-initialize" and it looks quite good.
Not all of these principals have an actual target - only those handled by specific permission classes.
I'd say this issue should be fixed with my commit.