From fc6a0c1605b4c86fe9bd9090f9dd46b227f962cc Mon Sep 17 00:00:00 2001
From: Christoph Gasser <cg@stranto.com>
Date: Fri, 17 Apr 2026 10:16:49 +0200
Subject: [PATCH] Improve hostgroup permission error message

When the API token user cannot see the host group (returns empty from
hostgroup.get), the code fell through to hostgroup.create and gave a
confusing permissions error. Now catches this and explains exactly what
to fix in Zabbix (User groups -> Permissions).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 app/zabbix.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/zabbix.py b/app/zabbix.py
index 7007212..1adf194 100644
--- a/app/zabbix.py
+++ b/app/zabbix.py
@@ -72,7 +72,17 @@ class ZabbixClient:
         existing = self._call('hostgroup.get', {'filter': {'name': name}, 'output': ['groupid']})
         if existing:
             return existing[0]['groupid']
-        return self._call('hostgroup.create', {'name': name})['groupids'][0]
+        try:
+            return self._call('hostgroup.create', {'name': name})['groupids'][0]
+        except RuntimeError as exc:
+            if 'permission' in str(exc).lower():
+                raise RuntimeError(
+                    f"Host group '{name}' not found or not visible to the API token user. "
+                    f"Fix in Zabbix: Administration -> User groups -> [your group] -> "
+                    f"Permissions -> add '{name}' with Read-write access. "
+                    f"Alternatively assign Super admin role to the API token user."
+                ) from exc
+            raise
 
     # ------------------------------------------------------------------ hosts