[ZBX-6678] Write permissions are not checked for Y scale items used in graphs and graph prototypes Created: 2013 Jun 10  Updated: 2017 May 30  Resolved: 2013 Jun 17

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A)
Affects Version/s: 2.1.0
Fix Version/s: 2.1.0

Type: Incident report Priority: Major
Reporter: Pavels Jelisejevs (Inactive) Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: api, graph, graphprototype, permissions
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

When a user creates a graph with an Y MAX/MIN item we only check for read permissions. We must require write permissions.

 Comments   
Comment by Alexander Vladishev [ 2013 Jun 10 ]

Graphs with read-only Y MAX/MIN items shouldn't be displayed in the RW configuration graphs lists.

Comment by Ivo Kurzemnieks [ 2013 Jun 14 ]

RESOLVED in svn://svn.zabbix.com/branches/dev/ZBX-6678

Comment by Pavels Jelisejevs (Inactive) [ 2013 Jun 17 ]

(1) If graph.create is called with "ymax_type" set to GRAPH_YAXIS_TYPE_ITEM_VALUE and no "ymax_item" is given, it should trigger the "Incorrect item for axis value." error, not "No permissions to referred object or it does not exist!".

Here's an example request:

{
    "name": "MySQL bandwidth",
    "width": 900,
    "height": 200,
    "ymax_type": 2,
    "gitems": [
        {
            "itemid": "23384",
            "color": "00AA00"
        }
    ]
}

iivs
Proposal to add more detailed error message:
For missing ymin_itemid: Missing "itemid" field for Y MIN axis item.
For missing ymax_itemid: Missing "itemid" field for Y MAX axis item.

RESOLVED in r36394

jelisejev I've made some changes in r36398, please review. If everything is OK, this issue can be closed.

iivs Line length was exceeded by small amount. Modified code to fit into 120 simbol length. See r36410.

jelisejev Good. CLOSED.

Comment by Pavels Jelisejevs (Inactive) [ 2013 Jun 17 ]

TESTED.

Please review and close (1) before merging.

Comment by Ivo Kurzemnieks [ 2013 Jun 17 ]

Fixed in pre-2.1.0 (trunk) r36416

Comment by richlv [ 2013 Sep 14 ]

this could have resulted in a regression : ZBX-6995

Generated at Sat Apr 20 01:14:22 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.