Loading...

XML

Word

Printable

Type: Incident report
Resolution: Duplicate
Priority: Minor
Fix Version/s: None
Affects Version/s: 2.0.9
Component/s: API (A)
Labels:
- api
- screens
Environment:

Hide
[kristopher@zabbix ~]$ uname -a
Linux zabbix.domain.com 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[kristopher@zabbix ~]$ cat /etc/redhat-release
CentOS release 6.4 (Final)

[kristopher@zabbix ~]$ cat /etc/yum.repos.d/zabbix.repo
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://repo.zabbix.com/zabbix/2.0/rhel/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX

[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch
baseurl=http://repo.zabbix.com/non-supported/rhel/6/$basearch/
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX
gpgcheck=1

[kristopher@zabbix ~]$ yum info zabbix-web
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centosc6.centos.org
* epel: epel.mirror.constant.com
* extras: mirror.linux.duke.edu
* updates: centost5.centos.org
Installed Packages
Name : zabbix-web
Arch : noarch
Version : 2.0.9
Release : 1.el6
Size : 22 M
Repo : installed
From repo : zabbix
Summary : Zabbix Web Frontend
URL : http://www.zabbix.com/
License : GPLv2+
Description : The php frontend to display the zabbix web interface.

Show
[ kristopher@zabbix ~]$ uname -a Linux zabbix.domain.com 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [ kristopher@zabbix ~]$ cat /etc/redhat-release CentOS release 6.4 (Final) [ kristopher@zabbix ~]$ cat /etc/yum.repos.d/zabbix.repo [zabbix] name=Zabbix Official Repository - $basearch baseurl= http://repo.zabbix.com/zabbix/2.0/rhel/6/$basearch/ enabled=1 gpgcheck=1 gpgkey= file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX [zabbix-non-supported] name=Zabbix Official Repository non-supported - $basearch baseurl= http://repo.zabbix.com/non-supported/rhel/6/$basearch/ enabled=1 gpgkey= file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ZABBIX gpgcheck=1 [ kristopher@zabbix ~]$ yum info zabbix-web Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centosc6.centos.org * epel: epel.mirror.constant.com * extras: mirror.linux.duke.edu * updates: centost5.centos.org Installed Packages Name : zabbix-web Arch : noarch Version : 2.0.9 Release : 1.el6 Size : 22 M Repo : installed From repo : zabbix Summary : Zabbix Web Frontend URL : http://www.zabbix.com/ License : GPLv2+ Description : The php frontend to display the zabbix web interface.

Using the API a user, who is a Zabbix User (rather than Zabbix Admin), with Read-Write to a host group is able to create screens. Below are some curl commands I was able to run to recreate the problem. After running the third, I am able to navigate to the newly created screen in the web UI.

[kristopher@zabbix ~]$ curl -i -X POST -H "Content-Type: application/json" -d '{
"jsonrpc": "2.0",
"method": "user.login",
"params":

{ "user": "rstallman", "password": "zabbix" }

,
"id": 1
}' http://zabbix.domain.com/zabbix/api_jsonrpc.php && echo
HTTP/1.1 200 OK
Date: Fri, 22 Nov 2013 17:45:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 68
Connection: close
Content-Type: application/json

{"jsonrpc":"2.0","result":"6a0757cfb6d320135bd39ed4183d865a","id":1}

[kristopher@zabbix ~]$ curl -i -X POST -H "Content-Type: application/json" -d '{
"jsonrpc": "2.0",
"method": "user.get",
"params":

{ "output": "extend" }

,
"auth": "6a0757cfb6d320135bd39ed4183d865a",
"id": 1
}' http://zabbix.domain.com/zabbix/api_jsonrpc.php && echo

HTTP/1.1 200 OK
Date: Fri, 22 Nov 2013 18:22:36 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 287
Connection: close
Content-Type: application/json

{"jsonrpc":"2.0","result":[

{"userid":"4","alias":"rstallman","name":"Richard","surname":"Stallman","url":"","autologin":"1","autologout":"0","lang":"en_GB","refresh":"30","type":"1","theme":"default","attempt_failed":"0","attempt_ip":"","attempt_clock":"0","rows_per_page":"50"}

],"id":1}

[kristopher@zabbix ~]$ curl -i -X POST -H "Content-Type: application/json" -d '{
"jsonrpc": "2.0",
"method": "screen.create",
"params":

{ "name": "New Screen", "hsize": 3, "vsize": 2 }

,
"auth": "6a0757cfb6d320135bd39ed4183d865a",
"id": 1
}' http://zabbix.domain.com/zabbix/api_jsonrpc.php && echo
HTTP/1.1 200 OK
Date: Fri, 22 Nov 2013 18:20:53 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 2
Connection: close
Content-Type: application/json

[]

duplicates

ZBX-6345 user's permission not affect API

Open

Assignee:: Unassigned

Reporter:: Kristopher Kirkland

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2013 Nov 22 20:29

Updated:: 2017 May 30 18:01

Resolved:: 2013 Nov 23 01:20

Details

Description

Attachments

Issue Links

Activity

People

Dates