From: Gunnar Beutner <gunnar.beutner@netways.de>
Date: Mon, 13 Jun 2016 06:52:03 +0000 (+0200)
Subject: Fix default behavior when none of the specified objects pass the user's permission... 
X-Git-Tag: v2.5.0~272
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9e29a3f8a0c423d27c08436167ef077aec7bb625;p=icinga2

Fix default behavior when none of the specified objects pass the user's permission filter

fixes #11926
---

diff --git a/lib/remote/filterutility.cpp b/lib/remote/filterutility.cpp
index d9f50e7bc..c3f2049f0 100644
--- a/lib/remote/filterutility.cpp
+++ b/lib/remote/filterutility.cpp
@@ -211,10 +211,13 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 			attr = "name";
 
 		if (query->Contains(attr)) {
-			Object::Ptr target = provider->GetTargetByName(type, HttpUtility::GetLastParameter(query, attr));
+			String name = HttpUtility::GetLastParameter(query, attr);
+			Object::Ptr target = provider->GetTargetByName(type, name);
 
-			if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-				result.push_back(target);
+			if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+				BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+			result.push_back(target);
 		}
 
 		attr = provider->GetPluralName(type);
@@ -227,8 +230,10 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
 				BOOST_FOREACH(const String& name, names) {
 					Object::Ptr target = provider->GetTargetByName(type, name);
 
-					if (FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
-						result.push_back(target);
+					if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target))
+						BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
+
+					result.push_back(target);
 				}
 			}
 		}