icingaweb2/application/controllers/RoleController.php

<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */

use Icinga\Application\Config;
use Icinga\Forms\ConfirmRemovalForm;
use Icinga\Forms\Security\RoleForm;
use Icinga\Web\Controller\AuthBackendController;
use Icinga\Web\Notification;

class RoleController extends AuthBackendController
{
    /**
     * List roles
     */
    public function listAction()
    {
        $this->assertPermission('config/authentication/roles/show');
        $this->createListTabs()->activate('role/list');
        $this->view->roles = Config::app('roles', true);
    }

    /**
     * Create a new role
     */
    public function addAction()
    {
        $this->assertPermission('config/authentication/roles/add');
        $role = new RoleForm(array(
            'onSuccess' => function (RoleForm $role) {
                $name = $role->getElement('name')->getValue();
                $values = $role->getValues();
                try {
                    $role->add($name, $values);
                } catch (InvalidArgumentException $e) {
                    $role->addError($e->getMessage());
                    return false;
                }
                if ($role->save()) {
                    Notification::success(t('Role created'));
                    return true;
                }
                return false;
            }
        ));
        $role
            ->setTitle($this->translate('New Role'))
            ->setSubmitLabel($this->translate('Create Role'))
            ->setIniConfig(Config::app('roles', true))
            ->setRedirectUrl('role/list')
            ->handleRequest();
        $this->view->form = $role;
        $this->render('form');
    }

    /**
     * Update a role
     *
     * @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist
     */
    public function editAction()
    {
        $this->assertPermission('config/authentication/roles/edit');
        $name = $this->_request->getParam('role');
        if (empty($name)) {
            throw new Zend_Controller_Action_Exception(
                sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),
                400
            );
        }
        $role = new RoleForm();
        $role->setTitle(sprintf($this->translate('Update Role %s'), $name));
        $role->setSubmitLabel($this->translate('Update Role'));
        try {
            $role
                ->setIniConfig(Config::app('roles', true))
                ->load($name);
        } catch (InvalidArgumentException $e) {
            throw new Zend_Controller_Action_Exception(
                $e->getMessage(),
                400
            );
        }
        $role
            ->setOnSuccess(function (RoleForm $role) use ($name) {
                $oldName = $name;
                $name = $role->getElement('name')->getValue();
                $values = $role->getValues();
                try {
                    $role->update($name, $values, $oldName);
                } catch (InvalidArgumentException $e) {
                    $role->addError($e->getMessage());
                    return false;
                }
                if ($role->save()) {
                    Notification::success(t('Role updated'));
                    return true;
                }
                return false;
            })
            ->setRedirectUrl('role/list')
            ->handleRequest();
        $this->view->form = $role;
        $this->render('form');
    }

    /**
     * Remove a role
     *
     * @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist
     */
    public function removeAction()
    {
        $this->assertPermission('config/authentication/roles/remove');
        $name = $this->_request->getParam('role');
        if (empty($name)) {
            throw new Zend_Controller_Action_Exception(
                sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),
                400
            );
        }
        $role = new RoleForm();
        try {
            $role
                ->setIniConfig(Config::app('roles', true))
                ->load($name);
        } catch (InvalidArgumentException $e) {
            throw new Zend_Controller_Action_Exception(
                $e->getMessage(),
                400
            );
        }
        $confirmation = new ConfirmRemovalForm(array(
            'onSuccess' => function (ConfirmRemovalForm $confirmation) use ($name, $role) {
                try {
                    $role->remove($name);
                } catch (InvalidArgumentException $e) {
                    Notification::error($e->getMessage());
                    return false;
                }
                if ($role->save()) {
                    Notification::success(t('Role removed'));
                    return true;
                }
                return false;
            }
        ));
        $confirmation
            ->setTitle(sprintf($this->translate('Remove Role %s'), $name))
            ->setSubmitLabel($this->translate('Remove Role'))
            ->setRedirectUrl('role/list')
            ->handleRequest();
        $this->view->form = $confirmation;
        $this->render('form');
    }

    /**
     * Create the tabs to display when listing roles
     */
    protected function createListTabs()
    {
        $tabs = $this->getTabs();
        $tabs->add(
            'role/list',
            array(
                'title' => $this->translate(
                    'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
                ),
                'label' => $this->translate('Roles'),
                'url'   => 'role/list',
                'baseTarget' => '_main'
            )
        );

        return $tabs;
    }
}
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`<?php`
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL 2015-02-04 10:46:36 +01:00			`/* Icinga Web 2 \| (c) 2013-2015 Icinga Development Team \| GPLv2+ */`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00
			`use Icinga\Application\Config;`
			`use Icinga\Forms\ConfirmRemovalForm;`
			`use Icinga\Forms\Security\RoleForm;`
Link the roles configuration with the user and group management refs #8826 2015-06-01 16:43:11 +02:00			`use Icinga\Web\Controller\AuthBackendController;`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`use Icinga\Web\Notification;`

RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`class RoleController extends AuthBackendController`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`{`
security: Guard configuring roles 2015-02-02 13:30:52 +01:00			`/**`
			`* List roles`
			`*/`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`public function listAction()`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`{`
Rename permission config/application/roles* to config/authentication/... Does also split it into *, show, add, edit, remove as this should behave like any other authentication configuration. refs #8826 2015-06-02 09:07:06 +02:00			`$this->assertPermission('config/authentication/roles/show');`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`$this->createListTabs()->activate('role/list');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`$this->view->roles = Config::app('roles', true);`
			`}`

security: Guard configuring roles 2015-02-02 13:30:52 +01:00			`/**`
			`* Create a new role`
			`*/`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`public function addAction()`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`{`
Rename permission config/application/roles* to config/authentication/... Does also split it into *, show, add, edit, remove as this should behave like any other authentication configuration. refs #8826 2015-06-02 09:07:06 +02:00			`$this->assertPermission('config/authentication/roles/add');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`$role = new RoleForm(array(`
			`'onSuccess' => function (RoleForm $role) {`
			`$name = $role->getElement('name')->getValue();`
			`$values = $role->getValues();`
			`try {`
			`$role->add($name, $values);`
			`} catch (InvalidArgumentException $e) {`
			`$role->addError($e->getMessage());`
			`return false;`
			`}`
			`if ($role->save()) {`
			`Notification::success(t('Role created'));`
			`return true;`
			`}`
			`return false;`
			`}`
			`));`
			`$role`
Config: Use native form title and description support where appropriate refs #7947 refs #7976 2015-03-02 18:37:54 +01:00			`->setTitle($this->translate('New Role'))`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`->setSubmitLabel($this->translate('Create Role'))`
			`->setIniConfig(Config::app('roles', true))`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`->setRedirectUrl('role/list')`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`->handleRequest();`
			`$this->view->form = $role;`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`$this->render('form');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`}`

security: Guard configuring roles 2015-02-02 13:30:52 +01:00			`/**`
			`* Update a role`
			`*`
			`* @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist`
			`*/`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`public function editAction()`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`{`
Rename permission config/application/roles* to config/authentication/... Does also split it into *, show, add, edit, remove as this should behave like any other authentication configuration. refs #8826 2015-06-02 09:07:06 +02:00			`$this->assertPermission('config/authentication/roles/edit');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`$name = $this->_request->getParam('role');`
			`if (empty($name)) {`
			`throw new Zend_Controller_Action_Exception(`
			`sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),`
			`400`
			`);`
			`}`
			`$role = new RoleForm();`
Config: Use native form title and description support where appropriate refs #7947 refs #7976 2015-03-02 18:37:54 +01:00			`$role->setTitle(sprintf($this->translate('Update Role %s'), $name));`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`$role->setSubmitLabel($this->translate('Update Role'));`
			`try {`
			`$role`
			`->setIniConfig(Config::app('roles', true))`
			`->load($name);`
			`} catch (InvalidArgumentException $e) {`
			`throw new Zend_Controller_Action_Exception(`
			`$e->getMessage(),`
			`400`
			`);`
			`}`
			`$role`
			`->setOnSuccess(function (RoleForm $role) use ($name) {`
			`$oldName = $name;`
			`$name = $role->getElement('name')->getValue();`
			`$values = $role->getValues();`
			`try {`
			`$role->update($name, $values, $oldName);`
			`} catch (InvalidArgumentException $e) {`
			`$role->addError($e->getMessage());`
			`return false;`
			`}`
			`if ($role->save()) {`
			`Notification::success(t('Role updated'));`
			`return true;`
			`}`
			`return false;`
			`})`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`->setRedirectUrl('role/list')`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`->handleRequest();`
			`$this->view->form = $role;`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`$this->render('form');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`}`

security: Guard configuring roles 2015-02-02 13:30:52 +01:00			`/**`
			`* Remove a role`
			`*`
			`* @throws Zend_Controller_Action_Exception If the required parameter 'role' is missing or the role does not exist`
			`*/`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`public function removeAction()`
			`{`
Rename permission config/application/roles* to config/authentication/... Does also split it into *, show, add, edit, remove as this should behave like any other authentication configuration. refs #8826 2015-06-02 09:07:06 +02:00			`$this->assertPermission('config/authentication/roles/remove');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`$name = $this->_request->getParam('role');`
			`if (empty($name)) {`
			`throw new Zend_Controller_Action_Exception(`
			`sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),`
			`400`
			`);`
			`}`
			`$role = new RoleForm();`
			`try {`
			`$role`
			`->setIniConfig(Config::app('roles', true))`
			`->load($name);`
			`} catch (InvalidArgumentException $e) {`
			`throw new Zend_Controller_Action_Exception(`
			`$e->getMessage(),`
			`400`
			`);`
			`}`
			`$confirmation = new ConfirmRemovalForm(array(`
			`'onSuccess' => function (ConfirmRemovalForm $confirmation) use ($name, $role) {`
			`try {`
			`$role->remove($name);`
			`} catch (InvalidArgumentException $e) {`
			`Notification::error($e->getMessage());`
			`return false;`
			`}`
			`if ($role->save()) {`
			`Notification::success(t('Role removed'));`
			`return true;`
			`}`
			`return false;`
			`}`
			`));`
			`$confirmation`
Config: Use native form title and description support where appropriate refs #7947 refs #7976 2015-03-02 18:37:54 +01:00			`->setTitle(sprintf($this->translate('Remove Role %s'), $name))`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`->setSubmitLabel($this->translate('Remove Role'))`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`->setRedirectUrl('role/list')`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`->handleRequest();`
			`$this->view->form = $confirmation;`
RolesController: Rename to RoleController 2015-06-02 11:57:13 +02:00			`$this->render('form');`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`}`
Navigation: Restructure authentication backend configuration This moves the configuration tabs for user and group backends into a dedicated menu entry called "Authentication". All tabs previously available in this menu entry were moved into their own dedicated menu entry as well to not to confuse users. fixes #9398 2015-06-22 13:26:24 +02:00
			`/**`
			`* Create the tabs to display when listing roles`
			`*/`
			`protected function createListTabs()`
			`{`
			`$tabs = $this->getTabs();`
			`$tabs->add(`
			`'role/list',`
			`array(`
			`'title' => $this->translate(`
			`'Configure roles to permit or restrict users and groups accessing Icinga Web 2'`
			`),`
			`'label' => $this->translate('Roles'),`
Fix issue that caused the refresh button to remove side bar Do not apply base target globally for all toolbar elements, but specifically for those that should remove side-bars. refs #8623 refs #6436 2015-07-29 17:18:52 +02:00			`'url' => 'role/list',`
			`'baseTarget' => '_main'`
Navigation: Restructure authentication backend configuration This moves the configuration tabs for user and group backends into a dedicated menu entry called "Authentication". All tabs previously available in this menu entry were moved into their own dedicated menu entry as well to not to confuse users. fixes #9398 2015-06-22 13:26:24 +02:00			`)`
			`);`

			`return $tabs;`
			`}`
Revert "Remove permissions and restrictions for now" This reverts commit 8335bdcb32063549b8b7dec1c32edc1d7c457b96. Readd permissions and restrictions. 2014-11-25 15:18:49 +01:00			`}`