Global Read Access to Configs - Adding flag for this

I’d like to add a flag to allow global read users to access configs. I’ve integrated with Oxidized (and run Oxidized with hide secrets option) so the configs are not sensitive to me. I’d like to override LibreNMS hiding them for global read users.

I see this is checked in two places:

And also:

I propose to add the following to those statements:

if (is_admin() || (is_read() && $config['allow_global_read_to_see_configs']  === true)) {

This would add a config variable with default false.

Some trickiness is that there are separate config variables for rancid and oxidized. Though this variable would be shared between them. The alternative is to restructure those statements and have separate $config['rancid']['allow_global_read] and $config['oxidized']['allow_global_read].

Let me know your thoughts and if something of this nature will be merged.

I’m pretty sure it would. I prefer one option, but it needs a shorter name. You should also add it to the the settings page.

Like this: https://github.com/librenms/librenms/blob/612186dabfe9f7fe649f451df0902fbec0917547/sql-schema/191.sql

Please send a PR, that is the best way to discuss things like this :slight_smile:

OK

Not sure what that link is referring to?

Well wanted to start with a Issue but the guidance in the default issue said discuss here…
Was a CATCH :two::two:

You don’t need an issue to create a pull request.

I need to make device configurations accessible by Global Read users. Sure I should add a configuration option for that, but for now just for testing I’ve changed this line:

--- ./includes/html/pages/device/showconfig.inc.php.orig        2020-06-11 11:01:47.910831000 +0300
+++ ./includes/html/pages/device/showconfig.inc.php     2020-06-11 12:32:00.635838000 +0300
@@ -4,7 +4,7 @@
 use LibreNMS\Config;
 use Symfony\Component\Process\Process;

-if (Auth::user()->hasGlobalAdmin()) {
+if (Auth::user()->hasGlobalRead()) {
     if (Config::has('rancid_configs') && !is_array(Config::get('rancid_configs'))) {
         Config::set('rancid_configs', (array)Config::get('rancid_configs', []));
     }

Everything works fine except the “Config” tab doesn’t appear on device pages. Could anyone give me a hint how to enable the “Config” tab?