I’d like to add a flag to allow global read users to access configs. I’ve integrated with Oxidized (and run Oxidized with hide secrets option) so the configs are not sensitive to me. I’d like to override LibreNMS hiding them for global read users.
I see this is checked in two places:
And also:
I propose to add the following to those statements:
if (is_admin() || (is_read() && $config['allow_global_read_to_see_configs'] === true)) {
This would add a config variable with default false.
Some trickiness is that there are separate config variables for rancid and oxidized. Though this variable would be shared between them. The alternative is to restructure those statements and have separate $config['rancid']['allow_global_read] and $config['oxidized']['allow_global_read].
Let me know your thoughts and if something of this nature will be merged.
I need to make device configurations accessible by Global Read users. Sure I should add a configuration option for that, but for now just for testing I’ve changed this line:
I just ran across the same problem. I have two admins and about a dozen people with Global Read access. Before installing oxidized, I was thinking that “Global Read” really means “Global Read” and not “Global Read except this and that”.
It’s intended that some people have Global Read permission and not Admin. It’s the people I trust to view anything. And I need these people to have read access to the fetched oxidized files as well.
I don’t see any reason why this ticket must mold around for almost 4,5 years.
LibreNMS now supports roles and permissions. But there is currently no webui to add and manage custom permissions yet (and currently no one is working on that that I know of).
So, waiting for someone to contribute code for that.
I would be happy to use this new roles and permissions system without webui, I only care about giving access to oxidized to my global read users, no matter which kind of interface to use.
Unfortunately, the docs page at Authentication Options - LibreNMS Docs still seems to reference to the old system, so any hint on how to use the new roles and permissions system is appreciated.