tyler.durden/icingaweb2-module-director
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2-module-director.git synced 2025-07-31 01:34:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Datalist: Allow to restrict entries by role

Browse Source 
fixes #1012
This commit is contained in:
Thomas Gelf 2017-07-14 09:52:48 +02:00
parent 45832f94e5
commit 05d8e5bb00
7 changed files with 80 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
application/forms/DirectorDatalistEntryForm.php
View File

@ -2,6 +2,7 @@
namespace Icinga\Module\Director\Forms; namespace Icinga\Module\Director\Forms;
use Icinga\Application\Config;
use Icinga\Module\Director\Objects\DirectorDatalist; use Icinga\Module\Director\Objects\DirectorDatalist;
use Icinga\Module\Director\Web\Form\DirectorObjectForm; use Icinga\Module\Director\Web\Form\DirectorObjectForm;
@ -29,13 +30,28 @@ class DirectorDatalistEntryForm extends DirectorObjectForm
) )
)); ));
$rolesConfig = Config::app('roles', true);
$roles = [];
foreach ($rolesConfig as $name => $role) {
$roles[$name] = $name;
}
$this->addElement('extensibleSet', 'allowed_roles', array(
'label' => $this->translate('Allowed roles'),
'required' => false,
'multiOptions' => $roles,
'description' => $this->translate(
'Allow to use this entry only to users with one of these Icinga Web 2 roles'
)
));
$this->addHidden('list_id', $this->datalist->get('id')); $this->addHidden('list_id', $this->datalist->get('id'));
$this->addHidden('format', 'string'); $this->addHidden('format', 'string');
if (!$this->isNew()) { if (!$this->isNew()) {
$this->addHidden('entry_name', $this->object->get('entry_name')); $this->addHidden('entry_name', $this->object->get('entry_name'));
} }
$this->addSimpleDisplayGroup(array('entry_name', 'entry_value'), 'entry', array( $this->addSimpleDisplayGroup(array('entry_name', 'entry_value', 'allowed_roles'), 'entry', array(
'legend' => $this->isNew() 'legend' => $this->isNew()
? $this->translate('Add data list entry') ? $this->translate('Add data list entry')
: $this->translate('Modify data list entry') : $this->translate('Modify data list entry')

8
library/Director/DataType/DataTypeDatalist.php
View File

@ -2,6 +2,7 @@
namespace Icinga\Module\Director\DataType; namespace Icinga\Module\Director\DataType;
use Icinga\Module\Director\Acl;
use Icinga\Module\Director\Hook\DataTypeHook; use Icinga\Module\Director\Hook\DataTypeHook;
use Icinga\Module\Director\Web\Form\QuickForm; use Icinga\Module\Director\Web\Form\QuickForm;
use Icinga\Module\Director\Web\Form\DirectorObjectForm; use Icinga\Module\Director\Web\Form\DirectorObjectForm;
@ -23,11 +24,18 @@ class DataTypeDatalist extends DataTypeHook
/** @var DirectorObjectForm $form */ /** @var DirectorObjectForm $form */
$db = $form->getDb()->getDbAdapter(); $db = $form->getDb()->getDbAdapter();
$roles = array_map('json_encode', Acl::instance()->listRoleNames());
$select = $db->select() $select = $db->select()
->from('director_datalist_entry', array('entry_name', 'entry_value')) ->from('director_datalist_entry', array('entry_name', 'entry_value'))
->where('list_id = ?', $this->getSetting('datalist_id')) ->where('list_id = ?', $this->getSetting('datalist_id'))
->order('entry_value ASC'); ->order('entry_value ASC');
if (empty($roles)) {
$select->where('allowed_roles IS NULL');
} else {
$select->where('(allowed_roles IS NULL OR allowed_roles IN (?))', $roles);
}
return $db->fetchPairs($select); return $db->fetchPairs($select);
} }

39
library/Director/Objects/DirectorDatalistEntry.php
View File

@ -2,6 +2,8 @@
namespace Icinga\Module\Director\Objects; namespace Icinga\Module\Director\Objects;
use Icinga\Exception\IcingaException;
use Icinga\Exception\ProgrammingError;
use Icinga\Module\Director\Data\Db\DbObject; use Icinga\Module\Director\Data\Db\DbObject;
class DirectorDatalistEntry extends DbObject class DirectorDatalistEntry extends DbObject
@ -17,8 +19,45 @@ class DirectorDatalistEntry extends DbObject
'entry_name' => null, 'entry_name' => null,
'entry_value' => null, 'entry_value' => null,
'format' => null, 'format' => null,
'allowed_roles' => null,
); );
/**
* @param $roles
* @throws IcingaException
* @codingStandardsIgnoreStart
*/
public function setAllowed_roles($roles)
{
// @codingStandardsIgnoreEnd
$key = 'allowed_roles';
if (is_array($roles)) {
$this->reallySet($key, json_encode($roles));
} elseif (null === $roles) {
$this->reallySet($key, null);
} else {
throw new ProgrammingError(
'Expected array or null for allowed_roles, got %s',
var_export($roles, 1)
);
}
}
/**
* @return array|null
* @codingStandardsIgnoreStart
*/
public function getAllowed_roles()
{
// @codingStandardsIgnoreEnd
$roles = $this->getProperty('allowed_roles');
if (is_string($roles)) {
return json_decode($roles);
} else {
return $roles;
}
}
public function replaceWith(DirectorDatalistEntry $object) public function replaceWith(DirectorDatalistEntry $object)
{ {
$this->entry_value = $object->entry_value; $this->entry_value = $object->entry_value;

6
schema/mysql-migrations/upgrade_136.sql Normal file
View File

@ -0,0 +1,6 @@
ALTER TABLE director_datalist_entry
ADD COLUMN allowed_roles VARCHAR(255) DEFAULT NULL;
INSERT INTO director_schema_migration
(schema_version, migration_time)
VALUES (136, NOW());

3
schema/mysql.sql
View File

@ -110,6 +110,7 @@ CREATE TABLE director_datalist_entry (
entry_name VARCHAR(255) COLLATE utf8_bin NOT NULL, entry_name VARCHAR(255) COLLATE utf8_bin NOT NULL,
entry_value TEXT DEFAULT NULL, entry_value TEXT DEFAULT NULL,
format enum ('string', 'expression', 'json'), format enum ('string', 'expression', 'json'),
allowed_roles VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (list_id, entry_name), PRIMARY KEY (list_id, entry_name),
CONSTRAINT director_datalist_value_datalist CONSTRAINT director_datalist_value_datalist
FOREIGN KEY datalist (list_id) FOREIGN KEY datalist (list_id)
@ -1558,4 +1559,4 @@ CREATE TABLE icinga_user_resolved_var (
INSERT INTO director_schema_migration INSERT INTO director_schema_migration
(schema_version, migration_time) (schema_version, migration_time)
VALUES (135, NOW()); VALUES (136, NOW());

6
schema/pgsql-migrations/upgrade_136.sql Normal file
View File

@ -0,0 +1,6 @@
ALTER TABLE director_datalist_entry
ADD COLUMN allowed_roles varying(255) DEFAULT NULL;
INSERT INTO director_schema_migration
(schema_version, migration_time)
VALUES (136, NOW());

3
schema/pgsql.sql
View File

@ -170,6 +170,7 @@ CREATE TABLE director_datalist_entry (
entry_name character varying(255) NOT NULL, entry_name character varying(255) NOT NULL,
entry_value text DEFAULT NULL, entry_value text DEFAULT NULL,
format enum_property_format, format enum_property_format,
allowed_roles varying(255) DEFAULT NULL,
PRIMARY KEY (list_id, entry_name), PRIMARY KEY (list_id, entry_name),
CONSTRAINT director_datalist_entry_datalist CONSTRAINT director_datalist_entry_datalist
FOREIGN KEY (list_id) FOREIGN KEY (list_id)
@ -1835,4 +1836,4 @@ CREATE INDEX user_resolved_var_schecksum ON icinga_user_resolved_var (checksum);
INSERT INTO director_schema_migration INSERT INTO director_schema_migration
(schema_version, migration_time) (schema_version, migration_time)
VALUES (135, NOW()); VALUES (136, NOW());