Merging upstream version 2.0.3+dfsg (Closes: #923993, #1042533, #1045145).

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 62 insertions, 42 deletions

diff --git a/src/libnetdata/http/content_type.c b/src/libnetdata/http/content_type.c
index 3e388a1da..e8f273912 100644
--- a/src/libnetdata/http/content_type.c
+++ b/src/libnetdata/http/content_type.c
@@ -10,14 +10,14 @@ static struct {
     const char *options;
 } content_types[] = {
     // primary - preferred during id-to-string conversions
-    { .format = "text/html",                    CT_TEXT_HTML, true },
+    { .format = "application/json",             CT_APPLICATION_JSON, true },
     { .format = "text/plain",                   CT_TEXT_PLAIN, true },
+    { .format = "text/html",                    CT_TEXT_HTML, true },
     { .format = "text/css",                     CT_TEXT_CSS, true },
     { .format = "text/yaml",                    CT_TEXT_YAML, true },
     { .format = "application/yaml",             CT_APPLICATION_YAML, true },
     { .format = "text/xml",                     CT_TEXT_XML, true },
     { .format = "text/xsl",                     CT_TEXT_XSL, true },
-    { .format = "application/json",             CT_APPLICATION_JSON, true },
     { .format = "application/xml",              CT_APPLICATION_XML, true },
     { .format = "application/javascript",       CT_APPLICATION_X_JAVASCRIPT, true },
     { .format = "application/octet-stream",     CT_APPLICATION_OCTET_STREAM, false },
@@ -42,16 +42,16 @@ static struct {
 
     // secondary - overlapping with primary
 
-    { .format = "text/plain",                   CT_PROMETHEUS, false, "version=0.0.4" },
-    { .format = "prometheus",                   CT_PROMETHEUS },
-    { .format = "text",                         CT_TEXT_PLAIN },
-    { .format = "txt",                          CT_TEXT_PLAIN },
-    { .format = "json",                         CT_APPLICATION_JSON },
-    { .format = "html",                         CT_TEXT_HTML },
-    { .format = "xml",                          CT_APPLICATION_XML },
+    { .format = "text/plain",                   CT_PROMETHEUS, true, "version=0.0.4" },
+    { .format = "prometheus",                   CT_PROMETHEUS, true },
+    { .format = "text",                         CT_TEXT_PLAIN, true },
+    { .format = "txt",                          CT_TEXT_PLAIN, true },
+    { .format = "json",                         CT_APPLICATION_JSON, true },
+    { .format = "html",                         CT_TEXT_HTML, true },
+    { .format = "xml",                          CT_APPLICATION_XML, true },
 
     // terminator
-    { .format = NULL,                           CT_TEXT_PLAIN },
+    { .format = NULL,                           CT_TEXT_PLAIN, true },
 };
 
 HTTP_CONTENT_TYPE content_type_string2id(const char *format) {
diff --git a/src/libnetdata/http/http_access.c b/src/libnetdata/http/http_access.c
index 5be63bb19..398015cd3 100644
--- a/src/libnetdata/http/http_access.c
+++ b/src/libnetdata/http/http_access.c
@@ -3,24 +3,24 @@
 #include "../libnetdata.h"
 
 static struct {
-    HTTP_USER_ROLE access;
+    HTTP_USER_ROLE role;
     const char *name;
 } user_roles[] = {
-    { .access = HTTP_USER_ROLE_NONE, .name = "none" },
-    { .access = HTTP_USER_ROLE_ADMIN, .name = "admin" },
-    { .access = HTTP_USER_ROLE_MANAGER, .name = "manager" },
-    { .access = HTTP_USER_ROLE_TROUBLESHOOTER, .name = "troubleshooter" },
-    { .access = HTTP_USER_ROLE_OBSERVER, .name = "observer" },
-    { .access = HTTP_USER_ROLE_MEMBER, .name = "member" },
-    { .access = HTTP_USER_ROLE_BILLING, .name = "billing" },
-    { .access = HTTP_USER_ROLE_ANY, .name = "any" },
-
-    { .access = HTTP_USER_ROLE_MEMBER, .name = "members" },
-    { .access = HTTP_USER_ROLE_ADMIN, .name = "admins" },
-    { .access = HTTP_USER_ROLE_ANY, .name = "all" },
+    { .role = HTTP_USER_ROLE_NONE, .name = "none" },
+    { .role = HTTP_USER_ROLE_ADMIN, .name = "admin" },
+    { .role = HTTP_USER_ROLE_MANAGER, .name = "manager" },
+    { .role = HTTP_USER_ROLE_TROUBLESHOOTER, .name = "troubleshooter" },
+    { .role = HTTP_USER_ROLE_OBSERVER, .name = "observer" },
+    { .role = HTTP_USER_ROLE_MEMBER, .name = "member" },
+    { .role = HTTP_USER_ROLE_BILLING, .name = "billing" },
+    { .role = HTTP_USER_ROLE_ANY, .name = "any" },
+
+    { .role = HTTP_USER_ROLE_MEMBER, .name = "members" },
+    { .role = HTTP_USER_ROLE_ADMIN, .name = "admins" },
+    { .role = HTTP_USER_ROLE_ANY, .name = "all" },
 
     // terminator
-    { .access = 0, .name = NULL },
+    { .role = 0, .name = NULL },
 };
 
 HTTP_USER_ROLE http_user_role2id(const char *role) {
@@ -29,7 +29,7 @@ HTTP_USER_ROLE http_user_role2id(const char *role) {
 
     for(size_t i = 0; user_roles[i].name ;i++) {
         if(strcmp(user_roles[i].name, role) == 0)
-            return user_roles[i].access;
+            return user_roles[i].role;
     }
 
     nd_log(NDLS_DAEMON, NDLP_WARNING, "HTTP user role '%s' is not valid", role);
@@ -38,7 +38,7 @@ HTTP_USER_ROLE http_user_role2id(const char *role) {
 
 const char *http_id2user_role(HTTP_USER_ROLE role) {
     for(size_t i = 0; user_roles[i].name ;i++) {
-        if(role == user_roles[i].access)
+        if(role == user_roles[i].role)
             return user_roles[i].name;
     }
 
diff --git a/src/libnetdata/http/http_access.h b/src/libnetdata/http/http_access.h
index afc2e1dc7..00929f9b4 100644
--- a/src/libnetdata/http/http_access.h
+++ b/src/libnetdata/http/http_access.h
@@ -93,12 +93,16 @@ typedef enum __attribute__((packed)) {
     HTTP_ACL_WEBRTC                 = (1 << 6), // from WebRTC
 
     // HTTP_ACL_API takes the following additional ACLs, based on pattern matching of the client IP
-    HTTP_ACL_DASHBOARD              = (1 << 10),
-    HTTP_ACL_REGISTRY               = (1 << 11),
-    HTTP_ACL_BADGES                 = (1 << 12),
-    HTTP_ACL_MANAGEMENT             = (1 << 13),
-    HTTP_ACL_STREAMING              = (1 << 14),
-    HTTP_ACL_NETDATACONF            = (1 << 15),
+    HTTP_ACL_METRICS                = (1 << 10),
+    HTTP_ACL_FUNCTIONS              = (1 << 11),
+    HTTP_ACL_NODES                  = (1 << 12),
+    HTTP_ACL_ALERTS                 = (1 << 13),
+    HTTP_ACL_DYNCFG                 = (1 << 14),
+    HTTP_ACL_REGISTRY               = (1 << 15),
+    HTTP_ACL_BADGES                 = (1 << 16),
+    HTTP_ACL_MANAGEMENT             = (1 << 17),
+    HTTP_ACL_STREAMING              = (1 << 18),
+    HTTP_ACL_NETDATACONF            = (1 << 19),
 
     // SSL related
     HTTP_ACL_SSL_OPTIONAL           = (1 << 28),
@@ -106,6 +110,14 @@ typedef enum __attribute__((packed)) {
     HTTP_ACL_SSL_DEFAULT            = (1 << 30),
 } HTTP_ACL;
 
+#define HTTP_ACL_DASHBOARD (HTTP_ACL)(                                  \
+      HTTP_ACL_METRICS                                                  \
+    | HTTP_ACL_FUNCTIONS                                                \
+    | HTTP_ACL_ALERTS                                                   \
+    | HTTP_ACL_NODES                                                    \
+    | HTTP_ACL_DYNCFG                                                   \
+ )
+
 #define HTTP_ACL_TRANSPORTS (HTTP_ACL)(                                 \
       HTTP_ACL_API                                                      \
     | HTTP_ACL_API_UDP                                                  \
@@ -121,7 +133,11 @@ typedef enum __attribute__((packed)) {
 )
 
 #define HTTP_ACL_ALL_FEATURES (HTTP_ACL)(                               \
-      HTTP_ACL_DASHBOARD                                                \
+      HTTP_ACL_METRICS                                                  \
+    | HTTP_ACL_FUNCTIONS                                                \
+    | HTTP_ACL_NODES                                                    \
+    | HTTP_ACL_ALERTS                                                   \
+    | HTTP_ACL_DYNCFG                                                   \
     | HTTP_ACL_REGISTRY                                                 \
     | HTTP_ACL_BADGES                                                   \
     | HTTP_ACL_MANAGEMENT                                               \
@@ -129,20 +145,24 @@ typedef enum __attribute__((packed)) {
     | HTTP_ACL_NETDATACONF                                              \
 )
 
+#define HTTP_ACL_ACLK_LICENSE_MANAGER (HTTP_ACL)(                       \
+    HTTP_ACL_NODES                                                      \
+)
+
 #ifdef NETDATA_DEV_MODE
 #define ACL_DEV_OPEN_ACCESS HTTP_ACL_NOCHECK
 #else
 #define ACL_DEV_OPEN_ACCESS 0
 #endif
 
-#define http_can_access_dashboard(w) ((w)->acl & HTTP_ACL_DASHBOARD)
-#define http_can_access_registry(w) ((w)->acl & HTTP_ACL_REGISTRY)
-#define http_can_access_badges(w) ((w)->acl & HTTP_ACL_BADGES)
-#define http_can_access_mgmt(w) ((w)->acl & HTTP_ACL_MANAGEMENT)
-#define http_can_access_stream(w) ((w)->acl & HTTP_ACL_STREAMING)
-#define http_can_access_netdataconf(w) ((w)->acl & HTTP_ACL_NETDATACONF)
-#define http_is_using_ssl_optional(w) ((w)->port_acl & HTTP_ACL_SSL_OPTIONAL)
-#define http_is_using_ssl_force(w) ((w)->port_acl & HTTP_ACL_SSL_FORCE)
-#define http_is_using_ssl_default(w) ((w)->port_acl & HTTP_ACL_SSL_DEFAULT)
+#define http_can_access_dashboard(w) (((w)->acl & HTTP_ACL_DASHBOARD) == HTTP_ACL_DASHBOARD)
+#define http_can_access_registry(w) (((w)->acl & HTTP_ACL_REGISTRY) == HTTP_ACL_REGISTRY)
+#define http_can_access_badges(w) (((w)->acl & HTTP_ACL_BADGES) == HTTP_ACL_BADGES)
+#define http_can_access_mgmt(w) (((w)->acl & HTTP_ACL_MANAGEMENT) == HTTP_ACL_MANAGEMENT)
+#define http_can_access_stream(w) (((w)->acl & HTTP_ACL_STREAMING) == HTTP_ACL_STREAMING)
+#define http_can_access_netdataconf(w) (((w)->acl & HTTP_ACL_NETDATACONF) == HTTP_ACL_NETDATACONF)
+#define http_is_using_ssl_optional(w) (((w)->port_acl & HTTP_ACL_SSL_OPTIONAL) == HTTP_ACL_SSL_OPTIONAL)
+#define http_is_using_ssl_force(w) (((w)->port_acl & HTTP_ACL_SSL_FORCE) == HTTP_ACL_SSL_FORCE)
+#define http_is_using_ssl_default(w) (((w)->port_acl & HTTP_ACL_SSL_DEFAULT) == HTTP_ACL_SSL_DEFAULT)
 
 #endif //NETDATA_HTTP_ACCESS_H