Fix: /v1/console should only use a single permission

fixes #10563

diff --git a/doc/9-icinga2-api.md b/doc/9-icinga2-api.md
index f6f31a941d5cae4db2f6b5ea2a0d91af5280812e..90beb98e6a956df60c4978de78489b19aaf69c9c 100644 (file)
--- a/doc/9-icinga2-api.md
+++ b/doc/9-icinga2-api.md
@@ -209,8 +209,7 @@ Available permissions for specific URL endpoints:
   objects/delete/<type>   | /v1/objects   | Yes
   status/query/<type>     | /v1/status    | Yes
   events/<type>           | /v1/events    | No
-  console/execute-script        | /v1/console   | No
-  console/auto-complete-script  | /v1/console   | No
+  console                       | /v1/console   | No
 
 The required actions or types can be replaced by using a wildcard match ("*").
 

diff --git a/lib/remote/consolehandler.cpp b/lib/remote/consolehandler.cpp
index 5bd43553cc9484b7fc54ec8b3571f91be6b6d2e5..c239b99b8cea47df0f5ad502ddc095d7f85b2795 100644 (file)
--- a/lib/remote/consolehandler.cpp
+++ b/lib/remote/consolehandler.cpp
@@ -81,7 +81,7 @@ bool ConsoleHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& reques
 
        String methodName = request.RequestUrl->GetPath()[2];
        
-       String permission = "console/" + methodName;
+       String permission = "console";
        FilterUtility::CheckPermission(user, permission);
 
        String session = HttpUtility::GetLastParameter(params, "session");