From e6159ca86a48aa50f80b19110935d0bf5bbcdc15 Mon Sep 17 00:00:00 2001
From: Michael Friedrich <michael.friedrich@netways.de>
Date: Sun, 8 Nov 2015 14:17:13 +0100
Subject: [PATCH] Fix: /v1/console should only use a single permission

fixes #10563
---
 doc/9-icinga2-api.md          | 3 +--
 lib/remote/consolehandler.cpp | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/9-icinga2-api.md b/doc/9-icinga2-api.md
index f6f31a941..90beb98e6 100644
--- a/doc/9-icinga2-api.md
+++ b/doc/9-icinga2-api.md
@@ -209,8 +209,7 @@ Available permissions for specific URL endpoints:
   objects/delete/&lt;type&gt;   | /v1/objects   | Yes
   status/query/&lt;type&gt;     | /v1/status    | Yes
   events/&lt;type&gt;           | /v1/events    | No
-  console/execute-script        | /v1/console   | No
-  console/auto-complete-script  | /v1/console   | No
+  console                       | /v1/console   | No
 
 The required actions or types can be replaced by using a wildcard match ("*").
 
diff --git a/lib/remote/consolehandler.cpp b/lib/remote/consolehandler.cpp
index 5bd43553c..c239b99b8 100644
--- a/lib/remote/consolehandler.cpp
+++ b/lib/remote/consolehandler.cpp
@@ -81,7 +81,7 @@ bool ConsoleHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& reques
 
 	String methodName = request.RequestUrl->GetPath()[2];
 	
-	String permission = "console/" + methodName;
+	String permission = "console";
 	FilterUtility::CheckPermission(user, permission);
 
 	String session = HttpUtility::GetLastParameter(params, "session");