ScheduledDowntime: introduce a new permission...
...and a related name-based restriction fixes #2086
This commit is contained in:
Thomas Gelf
parent
ebe1af13ea
commit
c5e25cdcc7
|
|
@ -11,6 +11,11 @@ class ScheduledDowntimeController extends ObjectController
|
||||||
{
|
{
|
||||||
protected $objectBaseUrl = 'director/scheduled-downtime';
|
protected $objectBaseUrl = 'director/scheduled-downtime';
|
||||||
|
|
||||||
|
protected function checkDirectorPermissions()
|
||||||
|
{
|
||||||
|
$this->assertPermission('director/scheduled-downtimes');
|
||||||
|
}
|
||||||
|
|
||||||
public function rangesAction()
|
public function rangesAction()
|
||||||
{
|
{
|
||||||
/** @var IcingaScheduledDowntime $object */
|
/** @var IcingaScheduledDowntime $object */
|
||||||
|
|
|
||||||
|
|
@ -34,4 +34,14 @@ class ScheduledDowntimesController extends ObjectsController
|
||||||
{
|
{
|
||||||
return 'scheduled-downtime';
|
return 'scheduled-downtime';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function assertApplyRulePermission()
|
||||||
|
{
|
||||||
|
return $this->assertPermission('director/scheduled-downtimes');
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function checkDirectorPermissions()
|
||||||
|
{
|
||||||
|
$this->assertPermission('director/scheduled-downtimes');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,10 @@ class IcingaScheduledDowntimeForm extends DirectorObjectForm
|
||||||
'required' => true,
|
'required' => true,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($this->object()->isApplyRule()) {
|
||||||
|
$this->eventuallyAddNameRestriction('director/scheduled-downtime/apply/filter-by-name');
|
||||||
|
}
|
||||||
$this->addImportsElement();
|
$this->addImportsElement();
|
||||||
$this->addElement('text', 'author', [
|
$this->addElement('text', 'author', [
|
||||||
'label' => $this->translate('Author'),
|
'label' => $this->translate('Author'),
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,11 @@ $this->providePermission('director/services', $this->translate('Allow to configu
|
||||||
$this->providePermission('director/servicesets', $this->translate('Allow to configure service sets'));
|
$this->providePermission('director/servicesets', $this->translate('Allow to configure service sets'));
|
||||||
$this->providePermission('director/service_set/apply', $this->translate('Allow to define Service Set Apply Rules'));
|
$this->providePermission('director/service_set/apply', $this->translate('Allow to define Service Set Apply Rules'));
|
||||||
$this->providePermission('director/users', $this->translate('Allow to configure users'));
|
$this->providePermission('director/users', $this->translate('Allow to configure users'));
|
||||||
$this->providePermission('director/notifications', $this->translate('Allow to configure notifications'));
|
$this->providePermission('director/notifications', $this->translate('Allow to configure notifications (unrestricted)'));
|
||||||
|
$this->providePermission(
|
||||||
|
'director/scheduled-downtimes',
|
||||||
|
$this->translate('Allow to configure notifications (unrestricted)')
|
||||||
|
);
|
||||||
$this->providePermission(
|
$this->providePermission(
|
||||||
'director/inspect',
|
'director/inspect',
|
||||||
$this->translate(
|
$this->translate(
|
||||||
|
|
@ -76,6 +80,13 @@ $this->provideRestriction(
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$this->provideRestriction(
|
||||||
|
'director/scheduled-downtime/apply/filter-by-name',
|
||||||
|
$this->translate(
|
||||||
|
'Filter available scheduled downtime rules'
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
$this->provideRestriction(
|
$this->provideRestriction(
|
||||||
'director/service_set/filter-by-name',
|
'director/service_set/filter-by-name',
|
||||||
$this->translate(
|
$this->translate(
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ next (will be 1.9.0)
|
||||||
|
|
||||||
### Permissions and Restrictions
|
### Permissions and Restrictions
|
||||||
* FEATURE: allow using monitoring module permissions (#2304)
|
* FEATURE: allow using monitoring module permissions (#2304)
|
||||||
|
* FEATURE: it's now possible to grant (global) access to scheduled downtimes (#2086)
|
||||||
|
|
||||||
### User Interface
|
### User Interface
|
||||||
* FIX: allow switching DB config while connection is failing (#2300)
|
* FIX: allow switching DB config while connection is failing (#2300)
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,11 @@ class ScheduledDowntimeApplyDashlet extends Dashlet
|
||||||
return $this->translate('Scheduled Downtimes');
|
return $this->translate('Scheduled Downtimes');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function listRequiredPermissions()
|
||||||
|
{
|
||||||
|
return array('director/scheduled-downtimes');
|
||||||
|
}
|
||||||
|
|
||||||
public function getUrl()
|
public function getUrl()
|
||||||
{
|
{
|
||||||
return 'director/scheduled-downtimes/applyrules';
|
return 'director/scheduled-downtimes/applyrules';
|
||||||
|
|
|
||||||
|
|
@ -434,9 +434,13 @@ abstract class ObjectController extends ActionController
|
||||||
|
|
||||||
protected function assertTypePermission()
|
protected function assertTypePermission()
|
||||||
{
|
{
|
||||||
return $this->assertPermission(
|
$type = strtolower($this->getPluralType());
|
||||||
'director/' . strtolower($this->getPluralType())
|
// TODO: Check getPluralType usage, fix it there.
|
||||||
);
|
if ($type === 'scheduleddowntimes') {
|
||||||
|
$type = 'scheduled-downtimes';
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->assertPermission("director/$type");
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function eventuallyLoadObject()
|
protected function eventuallyLoadObject()
|
||||||
|
|
|
||||||
|
|
@ -175,6 +175,10 @@ class ApplyRulesTable extends ZfQueryBasedTable
|
||||||
{
|
{
|
||||||
$auth = Auth::getInstance();
|
$auth = Auth::getInstance();
|
||||||
$type = $this->type;
|
$type = $this->type;
|
||||||
|
// TODO: Centralize this logic
|
||||||
|
if ($type === 'scheduledDowntime') {
|
||||||
|
$type = 'scheduled-downtime';
|
||||||
|
}
|
||||||
$restrictions = $auth->getRestrictions("director/$type/apply/filter-by-name");
|
$restrictions = $auth->getRestrictions("director/$type/apply/filter-by-name");
|
||||||
if (empty($restrictions)) {
|
if (empty($restrictions)) {
|
||||||
return $query;
|
return $query;
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ class ObjectsTabs extends Tabs
|
||||||
$shortName = $object->getShortTableName();
|
$shortName = $object->getShortTableName();
|
||||||
|
|
||||||
$plType = strtolower(preg_replace('/cys$/', 'cies', $shortName . 's'));
|
$plType = strtolower(preg_replace('/cys$/', 'cies', $shortName . 's'));
|
||||||
|
$plType = str_replace('_', '-', $plType);
|
||||||
if ($auth->hasPermission("director/${plType}")) {
|
if ($auth->hasPermission("director/${plType}")) {
|
||||||
$this->add('index', array(
|
$this->add('index', array(
|
||||||
'url' => sprintf('director/%s', $plType),
|
'url' => sprintf('director/%s', $plType),
|
||||||
|
|
@ -38,6 +39,9 @@ class ObjectsTabs extends Tabs
|
||||||
if ($auth->hasPermission('director/admin') || (
|
if ($auth->hasPermission('director/admin') || (
|
||||||
$object->getShortTableName() === 'notification'
|
$object->getShortTableName() === 'notification'
|
||||||
&& $auth->hasPermission('director/notifications')
|
&& $auth->hasPermission('director/notifications')
|
||||||
|
) || (
|
||||||
|
$object->getShortTableName() === 'scheduled_downtime'
|
||||||
|
&& $auth->hasPermission('director/scheduled-downtimes')
|
||||||
)) {
|
)) {
|
||||||
if ($object->supportsApplyRules()) {
|
if ($object->supportsApplyRules()) {
|
||||||
$this->add('applyrules', array(
|
$this->add('applyrules', array(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue