diff --git a/application/forms/DirectorDatalistEntryForm.php b/application/forms/DirectorDatalistEntryForm.php index 8bb6fee5..84165381 100644 --- a/application/forms/DirectorDatalistEntryForm.php +++ b/application/forms/DirectorDatalistEntryForm.php @@ -2,6 +2,7 @@ namespace Icinga\Module\Director\Forms; +use Icinga\Application\Config; use Icinga\Module\Director\Objects\DirectorDatalist; use Icinga\Module\Director\Web\Form\DirectorObjectForm; @@ -29,13 +30,28 @@ class DirectorDatalistEntryForm extends DirectorObjectForm ) )); + $rolesConfig = Config::app('roles', true); + $roles = []; + foreach ($rolesConfig as $name => $role) { + $roles[$name] = $name; + } + + $this->addElement('extensibleSet', 'allowed_roles', array( + 'label' => $this->translate('Allowed roles'), + 'required' => false, + 'multiOptions' => $roles, + 'description' => $this->translate( + 'Allow to use this entry only to users with one of these Icinga Web 2 roles' + ) + )); + $this->addHidden('list_id', $this->datalist->get('id')); $this->addHidden('format', 'string'); if (!$this->isNew()) { $this->addHidden('entry_name', $this->object->get('entry_name')); } - $this->addSimpleDisplayGroup(array('entry_name', 'entry_value'), 'entry', array( + $this->addSimpleDisplayGroup(array('entry_name', 'entry_value', 'allowed_roles'), 'entry', array( 'legend' => $this->isNew() ? $this->translate('Add data list entry') : $this->translate('Modify data list entry') diff --git a/library/Director/DataType/DataTypeDatalist.php b/library/Director/DataType/DataTypeDatalist.php index f9635127..baa7dcda 100644 --- a/library/Director/DataType/DataTypeDatalist.php +++ b/library/Director/DataType/DataTypeDatalist.php @@ -2,6 +2,7 @@ namespace Icinga\Module\Director\DataType; +use Icinga\Module\Director\Acl; use Icinga\Module\Director\Hook\DataTypeHook; use Icinga\Module\Director\Web\Form\QuickForm; use Icinga\Module\Director\Web\Form\DirectorObjectForm; @@ -23,11 +24,18 @@ class DataTypeDatalist extends DataTypeHook /** @var DirectorObjectForm $form */ $db = $form->getDb()->getDbAdapter(); + $roles = array_map('json_encode', Acl::instance()->listRoleNames()); $select = $db->select() ->from('director_datalist_entry', array('entry_name', 'entry_value')) ->where('list_id = ?', $this->getSetting('datalist_id')) ->order('entry_value ASC'); + if (empty($roles)) { + $select->where('allowed_roles IS NULL'); + } else { + $select->where('(allowed_roles IS NULL OR allowed_roles IN (?))', $roles); + } + return $db->fetchPairs($select); } diff --git a/library/Director/Objects/DirectorDatalistEntry.php b/library/Director/Objects/DirectorDatalistEntry.php index de07b060..b9252c42 100644 --- a/library/Director/Objects/DirectorDatalistEntry.php +++ b/library/Director/Objects/DirectorDatalistEntry.php @@ -2,6 +2,8 @@ namespace Icinga\Module\Director\Objects; +use Icinga\Exception\IcingaException; +use Icinga\Exception\ProgrammingError; use Icinga\Module\Director\Data\Db\DbObject; class DirectorDatalistEntry extends DbObject @@ -17,8 +19,45 @@ class DirectorDatalistEntry extends DbObject 'entry_name' => null, 'entry_value' => null, 'format' => null, + 'allowed_roles' => null, ); + /** + * @param $roles + * @throws IcingaException + * @codingStandardsIgnoreStart + */ + public function setAllowed_roles($roles) + { + // @codingStandardsIgnoreEnd + $key = 'allowed_roles'; + if (is_array($roles)) { + $this->reallySet($key, json_encode($roles)); + } elseif (null === $roles) { + $this->reallySet($key, null); + } else { + throw new ProgrammingError( + 'Expected array or null for allowed_roles, got %s', + var_export($roles, 1) + ); + } + } + + /** + * @return array|null + * @codingStandardsIgnoreStart + */ + public function getAllowed_roles() + { + // @codingStandardsIgnoreEnd + $roles = $this->getProperty('allowed_roles'); + if (is_string($roles)) { + return json_decode($roles); + } else { + return $roles; + } + } + public function replaceWith(DirectorDatalistEntry $object) { $this->entry_value = $object->entry_value; diff --git a/schema/mysql-migrations/upgrade_136.sql b/schema/mysql-migrations/upgrade_136.sql new file mode 100644 index 00000000..d3080626 --- /dev/null +++ b/schema/mysql-migrations/upgrade_136.sql @@ -0,0 +1,6 @@ +ALTER TABLE director_datalist_entry + ADD COLUMN allowed_roles VARCHAR(255) DEFAULT NULL; + +INSERT INTO director_schema_migration +(schema_version, migration_time) +VALUES (136, NOW()); diff --git a/schema/mysql.sql b/schema/mysql.sql index e6e6c679..95cd16c3 100644 --- a/schema/mysql.sql +++ b/schema/mysql.sql @@ -110,6 +110,7 @@ CREATE TABLE director_datalist_entry ( entry_name VARCHAR(255) COLLATE utf8_bin NOT NULL, entry_value TEXT DEFAULT NULL, format enum ('string', 'expression', 'json'), + allowed_roles VARCHAR(255) DEFAULT NULL, PRIMARY KEY (list_id, entry_name), CONSTRAINT director_datalist_value_datalist FOREIGN KEY datalist (list_id) @@ -1558,4 +1559,4 @@ CREATE TABLE icinga_user_resolved_var ( INSERT INTO director_schema_migration (schema_version, migration_time) - VALUES (135, NOW()); + VALUES (136, NOW()); diff --git a/schema/pgsql-migrations/upgrade_136.sql b/schema/pgsql-migrations/upgrade_136.sql new file mode 100644 index 00000000..2aadf005 --- /dev/null +++ b/schema/pgsql-migrations/upgrade_136.sql @@ -0,0 +1,6 @@ +ALTER TABLE director_datalist_entry + ADD COLUMN allowed_roles varying(255) DEFAULT NULL; + +INSERT INTO director_schema_migration + (schema_version, migration_time) + VALUES (136, NOW()); diff --git a/schema/pgsql.sql b/schema/pgsql.sql index 19b1cda4..793cec77 100644 --- a/schema/pgsql.sql +++ b/schema/pgsql.sql @@ -170,6 +170,7 @@ CREATE TABLE director_datalist_entry ( entry_name character varying(255) NOT NULL, entry_value text DEFAULT NULL, format enum_property_format, + allowed_roles varying(255) DEFAULT NULL, PRIMARY KEY (list_id, entry_name), CONSTRAINT director_datalist_entry_datalist FOREIGN KEY (list_id) @@ -1835,4 +1836,4 @@ CREATE INDEX user_resolved_var_schecksum ON icinga_user_resolved_var (checksum); INSERT INTO director_schema_migration (schema_version, migration_time) - VALUES (135, NOW()); + VALUES (136, NOW());