Add permission support to Oxidized config search (#11928)

2024-10-07 16:52:45 +00:00 · 2020-07-22 03:34:42 +02:00
parent dba165c49e
commit 3c78e0ccc7
2 changed files with 15 additions and 3 deletions
--- a/includes/html/forms/search-oxidized-config.inc.php
+++ b/includes/html/forms/search-oxidized-config.inc.php
@@ -15,11 +15,11 @@ $status    = 'error';
 $message   = 'unknown error';
 $parameters = clean($_POST['search_in_conf_textbox']);
 if (isset($parameters)) {
-    $status  = 'ok';
    $message = 'Queried';
-    $output = search_oxidized_config($parameters);
+    if ($output = search_oxidized_config($parameters)) {
+        $status  = 'ok';
+    }
 } else {
-    $status  = 'error';
    $message = 'ERROR: Could not query';
 }
 echo display(_json_encode(array(
--- a/includes/html/functions.inc.php
+++ b/includes/html/functions.inc.php
@@ -1104,6 +1104,10 @@ function get_rules_from_json()

 function search_oxidized_config($search_in_conf_textbox)
 {
+    if (!Auth::user()->hasGlobalRead()) {
+        return false;
+    }
+
    $oxidized_search_url = Config::get('oxidized.url') . '/nodes/conf_search?format=json';
    $postdata = http_build_query(
        array(
@@ -1125,6 +1129,14 @@ function search_oxidized_config($search_in_conf_textbox)
        $dev = device_by_name($n['node']);
        $n['dev_id'] = $dev ? $dev['device_id'] : false;
    }
+
+    /*
+    // Filter nodes we don't have access too
+    $nodes = array_filter($nodes, function($device) {
+        return \Permissions::canAccessDevice($device['dev_id'], Auth::id());
+    });
+    */
+
    return $nodes;
 }