-
Patch request
-
Resolution: Won't fix
-
Major
-
None
-
1.8.4
-
Linux, Apache, Php 5.3
-
Sprint 18
In 1.8.4 (and earlier versions), guests (or other users with read only permissions) can acknowledge triggers that they can see, even without read/write permissions for the host. It's possible that this was by design, but that defies the Law of Least Astonishment, since giving someone read-only permissions shouldn't let them make any updates/changes.
I have a patch (attached) that checks for read/write permissions for acknowledging triggers (on tr_status.php and acknow.php).
- is duplicated by
-
ZBX-5412 Guest user can ack issues v 2.0.1
- Closed