tyler.durden
/
icingaweb2-module-director
mirror of https://github.com/Icinga/icingaweb2-module-director.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

configuration.php: Only provide monitoring/icingadb permissions/restrictions if module exists

This commit is contained in:
Sukhwinder Dhillon 2023-11-17 16:51:56 +01:00
parent a272b0d242
commit 1048c33fa4
1 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
configuration.php
View File

@ -1,15 +1,19 @@
<?php <?php
use Icinga\Application\Icinga; use Icinga\Application\Icinga;
use Icinga\Application\Modules\Module;
use Icinga\Module\Director\Auth\Permission; use Icinga\Module\Director\Auth\Permission;
use Icinga\Module\Director\Auth\Restriction; use Icinga\Module\Director\Auth\Restriction;
use Icinga\Web\Window; use Icinga\Web\Window;
/** @var \Icinga\Application\Modules\Module $this */ /** @var Module $this */
if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') { if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') {
return; return;
} }
$monitoringExists = Module::exists('monitoring');
$icingadbExists = Module::exists('icingadb');
$this->providePermission(Permission::ALL_PERMISSIONS, $this->translate('Allow unrestricted access to Icinga Director')); $this->providePermission(Permission::ALL_PERMISSIONS, $this->translate('Allow unrestricted access to Icinga Director'));
$this->providePermission(Permission::API, $this->translate('Allow to access the director API')); $this->providePermission(Permission::API, $this->translate('Allow to access the director API'));
$this->providePermission(Permission::AUDIT, $this->translate('Allow to access the full audit log')); $this->providePermission(Permission::AUDIT, $this->translate('Allow to access the full audit log'));
@ -37,22 +41,46 @@ $this->providePermission(Permission::USERS, $this->translate('Allow to configure
$this->providePermission(Permission::SCHEDULED_DOWNTIMES, $this->translate( $this->providePermission(Permission::SCHEDULED_DOWNTIMES, $this->translate(
'Allow to configure notifications (unrestricted)' 'Allow to configure notifications (unrestricted)'
)); ));
$this->providePermission(Permission::MONITORING_HOSTS, $this->translate(
'Allow users to modify Hosts they are allowed to see in the monitoring module' if ($monitoringExists) {
)); $this->providePermission(Permission::MONITORING_HOSTS, $this->translate(
$this->providePermission(Permission::MONITORING_SERVICES, $this->translate( 'Allow users to modify Hosts they are allowed to see in the monitoring module'
'Allow users to modify Service they are allowed to see in the monitoring module' ));
)); $this->providePermission(Permission::MONITORING_SERVICES, $this->translate(
$this->providePermission(Permission::MONITORING_SERVICES_RO, $this->translate( 'Allow users to modify Service they are allowed to see in the monitoring module'
'Allow readonly users to see where a Service came from' ));
)); $this->providePermission(Permission::MONITORING_SERVICES_RO, $this->translate(
'Allow readonly users to see where a Service came from'
));
}
if ($icingadbExists) {
$this->providePermission(Permission::ICINGADB_HOSTS, $this->translate(
'Allow users to modify Hosts they are allowed to see in Icinga DB Web'
));
$this->providePermission(Permission::ICINGADB_SERVICES, $this->translate(
'Allow users to modify Service they are allowed to see in Icinga DB Web'
));
$this->providePermission(Permission::ICINGADB_SERVICES_RO, $this->translate(
'Allow readonly users to see where a Service came from'
));
}
if ($monitoringExists) {
$this->provideRestriction(Restriction::MONITORING_RW_OBJECT_FILTER, $this->translate(
'Additional (monitoring module) object filter to further restrict write access'
));
}
if ($icingadbExists) {
$this->provideRestriction(Restriction::ICINGADB_RW_OBJECT_FILTER, $this->translate(
'Additional (Icinga DB Web) object filter to further restrict write access'
));
}
$this->provideRestriction(Restriction::FILTER_HOSTGROUPS, $this->translate( $this->provideRestriction(Restriction::FILTER_HOSTGROUPS, $this->translate(
'Limit access to the given comma-separated list of hostgroups' 'Limit access to the given comma-separated list of hostgroups'
)); ));
$this->provideRestriction(Restriction::MONITORING_RW_OBJECT_FILTER, $this->translate(
'Additional (monitoring module) object filter to further restrict write access'
));
$this->provideRestriction(Restriction::NOTIFICATION_APPLY_FILTER_BY_NAME, $this->translate( $this->provideRestriction(Restriction::NOTIFICATION_APPLY_FILTER_BY_NAME, $this->translate(
'Filter available notification apply rules' 'Filter available notification apply rules'
)); ));