178 lines
7.0 KiB
PHP
178 lines
7.0 KiB
PHP
<?php
|
|
|
|
use Icinga\Application\Icinga;
|
|
use Icinga\Application\Modules\Module;
|
|
use Icinga\Module\Director\Auth\Permission;
|
|
use Icinga\Module\Director\Auth\Restriction;
|
|
use Icinga\Web\Window;
|
|
|
|
/** @var Module $this */
|
|
if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') {
|
|
return;
|
|
}
|
|
|
|
$monitoringExists = Module::exists('monitoring');
|
|
$icingadbExists = Module::exists('icingadb');
|
|
|
|
$this->providePermission(Permission::ALL_PERMISSIONS, $this->translate('Allow unrestricted access to Icinga Director'));
|
|
$this->providePermission(Permission::API, $this->translate('Allow to access the director API'));
|
|
$this->providePermission(Permission::AUDIT, $this->translate('Allow to access the full audit log'));
|
|
$this->providePermission(Permission::DEPLOY, $this->translate('Allow to deploy configuration'));
|
|
$this->providePermission(Permission::INSPECT, $this->translate(
|
|
'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)'
|
|
));
|
|
$this->providePermission(Permission::SHOW_CONFIG, $this->translate(
|
|
'Allow to show configuration (could contain sensitive information)'
|
|
));
|
|
$this->providePermission(Permission::SHOW_SQL, $this->translate(
|
|
'Allow to show the full executed SQL queries in some places'
|
|
));
|
|
$this->providePermission(Permission::GROUPS_FOR_RESTRICTED_HOSTS, $this->translate(
|
|
'Allow users with Hostgroup restrictions to access the Groups field'
|
|
));
|
|
$this->providePermission(Permission::HOSTS, $this->translate('Allow to configure hosts'));
|
|
$this->providePermission(Permission::NOTIFICATIONS, $this->translate(
|
|
'Allow to configure notifications (unrestricted)'
|
|
));
|
|
$this->providePermission(Permission::SERVICES, $this->translate('Allow to configure services'));
|
|
$this->providePermission(Permission::SERVICE_SETS, $this->translate('Allow to configure service sets'));
|
|
$this->providePermission(Permission::SERVICE_SET_APPLY, $this->translate('Allow to define Service Set Apply Rules'));
|
|
$this->providePermission(Permission::USERS, $this->translate('Allow to configure users'));
|
|
$this->providePermission(Permission::SCHEDULED_DOWNTIMES, $this->translate(
|
|
'Allow to configure notifications (unrestricted)'
|
|
));
|
|
|
|
if ($monitoringExists) {
|
|
$this->providePermission(Permission::MONITORING_HOSTS, $this->translate(
|
|
'Allow users to modify Hosts they are allowed to see in the monitoring module'
|
|
));
|
|
$this->providePermission(Permission::MONITORING_SERVICES, $this->translate(
|
|
'Allow users to modify Service they are allowed to see in the monitoring module'
|
|
));
|
|
$this->providePermission(Permission::MONITORING_SERVICES_RO, $this->translate(
|
|
'Allow readonly users to see where a Service came from'
|
|
));
|
|
}
|
|
|
|
if ($icingadbExists) {
|
|
$this->providePermission(Permission::ICINGADB_HOSTS, $this->translate(
|
|
'Allow users to modify Hosts they are allowed to see in Icinga DB Web'
|
|
));
|
|
$this->providePermission(Permission::ICINGADB_SERVICES, $this->translate(
|
|
'Allow users to modify Service they are allowed to see in Icinga DB Web'
|
|
));
|
|
$this->providePermission(Permission::ICINGADB_SERVICES_RO, $this->translate(
|
|
'Allow readonly users to see where a Service came from'
|
|
));
|
|
}
|
|
|
|
if ($monitoringExists) {
|
|
$this->provideRestriction(Restriction::MONITORING_RW_OBJECT_FILTER, $this->translate(
|
|
'Additional (monitoring module) object filter to further restrict write access'
|
|
));
|
|
}
|
|
|
|
if ($icingadbExists) {
|
|
$this->provideRestriction(Restriction::ICINGADB_RW_OBJECT_FILTER, $this->translate(
|
|
'Additional (Icinga DB Web) object filter to further restrict write access'
|
|
));
|
|
}
|
|
|
|
$this->provideRestriction(Restriction::FILTER_HOSTGROUPS, $this->translate(
|
|
'Limit access to the given comma-separated list of hostgroups'
|
|
));
|
|
$this->provideRestriction(Restriction::NOTIFICATION_APPLY_FILTER_BY_NAME, $this->translate(
|
|
'Filter available notification apply rules'
|
|
));
|
|
$this->provideRestriction(Restriction::SCHEDULED_DOWNTIME_APPLY_FILTER_BY_NAME, $this->translate(
|
|
'Filter available scheduled downtime rules'
|
|
));
|
|
$this->provideRestriction(Restriction::SERVICE_APPLY_FILTER_BY_NAME, $this->translate(
|
|
'Filter available service apply rules'
|
|
));
|
|
$this->provideRestriction(Restriction::SERVICE_SET_FILTER_BY_NAME, $this->translate(
|
|
'Filter available service set templates. Use asterisks (*) as wildcards,'
|
|
. ' like in DB* or *net*'
|
|
));
|
|
|
|
$this->provideSearchUrl($this->translate('Host configs'), 'director/hosts?limit=10', 60);
|
|
|
|
/*
|
|
// Disabled unless available
|
|
$this->provideRestriction(
|
|
'director/hosttemplates/filter',
|
|
$this->translate('Allow to use only host templates matching this filter')
|
|
);
|
|
|
|
$this->provideRestriction(
|
|
'director/db_resource',
|
|
$this->translate('Allow to use only these db resources (comma separated list)')
|
|
);
|
|
*/
|
|
|
|
$this->provideConfigTab('config', [
|
|
'title' => 'Configuration',
|
|
'url' => 'settings'
|
|
]);
|
|
$mainTitle = N_('Icinga Director');
|
|
|
|
try {
|
|
$app = Icinga::app();
|
|
if ($app->isWeb()) {
|
|
$request = $app->getRequest();
|
|
$id = $request->getHeader('X-Icinga-WindowId');
|
|
if ($id !== false) {
|
|
$window = new Window($id);
|
|
/** @var \Icinga\Web\Session\SessionNamespace $session */
|
|
$session = $window->getSessionNamespace('director');
|
|
$dbName = $session->get('db_resource');
|
|
if ($dbName && $dbName !== $this->getConfig()->get('db', 'resource')) {
|
|
$dbName = ucfirst(str_replace('_', ' ', $dbName));
|
|
if (stripos($dbName, 'Director') === false) {
|
|
$dbName = 'Director: ' . $dbName;
|
|
}
|
|
$mainTitle = $dbName;
|
|
}
|
|
}
|
|
}
|
|
} catch (\Exception $e) {
|
|
// There isn't much we can do, we don't want to break the menu
|
|
$mainTitle .= ' (?!)';
|
|
}
|
|
|
|
// Hint: director/admin and director/deployments are intentionally
|
|
$section = $this->menuSection($mainTitle)
|
|
->setUrl('director')
|
|
->setPriority(60)
|
|
->setIcon('cubes')
|
|
->setRenderer(['SummaryNavigationItemRenderer', 'state' => 'critical']);
|
|
$section->add(N_('Hosts'))
|
|
->setUrl('director/dashboard?name=hosts')
|
|
->setPermission(Permission::HOSTS)
|
|
->setPriority(30);
|
|
$section->add(N_('Services'))
|
|
->setUrl('director/dashboard?name=services')
|
|
->setPermission(Permission::SERVICES)
|
|
->setPriority(40);
|
|
$section->add(N_('Commands'))
|
|
->setUrl('director/dashboard?name=commands')
|
|
->setPermission(Permission::ADMIN)
|
|
->setPriority(50);
|
|
$section->add(N_('Notifications'))
|
|
->setUrl('director/dashboard?name=notifications')
|
|
->setPermission(Permission::NOTIFICATIONS)
|
|
->setPriority(70);
|
|
$section->add(N_('Automation'))
|
|
->setUrl('director/importsources')
|
|
->setPermission(Permission::ADMIN)
|
|
->setPriority(901);
|
|
$section->add(N_('Activity log'))
|
|
->setUrl('director/config/activities')
|
|
->setPriority(902)
|
|
->setPermission(Permission::AUDIT)
|
|
->setRenderer('ConfigHealthItemRenderer');
|
|
$section->add(N_('Deployments'))
|
|
->setUrl('director/config/deployments')
|
|
->setPriority(902)
|
|
->setPermission(Permission::DEPLOYMENTS);
|