2015-05-04 17:04:50 +02:00
|
|
|
<?php
|
|
|
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
|
|
|
|
|
2015-05-13 13:50:19 +02:00
|
|
|
use \Exception;
|
2015-05-04 17:04:50 +02:00
|
|
|
use \Zend_Controller_Action_Exception;
|
|
|
|
|
use Icinga\Application\Config;
|
2015-05-13 13:58:40 +02:00
|
|
|
use Icinga\Application\Logger;
|
2015-05-04 17:04:50 +02:00
|
|
|
use Icinga\Authentication\User\UserBackend;
|
|
|
|
|
use Icinga\Authentication\User\UserBackendInterface;
|
2015-05-22 15:53:47 +02:00
|
|
|
use Icinga\Authentication\UserGroup\UserGroupBackend;
|
2015-05-20 10:54:42 +02:00
|
|
|
use Icinga\Forms\Config\UserForm;
|
2015-05-22 15:53:47 +02:00
|
|
|
use Icinga\Data\DataArray\ArrayDatasource;
|
|
|
|
|
use Icinga\User;
|
2015-05-04 17:04:50 +02:00
|
|
|
use Icinga\Web\Controller;
|
2015-05-08 09:54:45 +02:00
|
|
|
use Icinga\Web\Form;
|
2015-05-13 13:50:19 +02:00
|
|
|
use Icinga\Web\Notification;
|
2015-05-20 13:54:05 +02:00
|
|
|
use Icinga\Web\Url;
|
2015-05-04 17:04:50 +02:00
|
|
|
use Icinga\Web\Widget;
|
|
|
|
|
|
|
|
|
|
class UserController extends Controller
|
|
|
|
|
{
|
2015-05-05 07:36:14 +02:00
|
|
|
/**
|
|
|
|
|
* Initialize this controller
|
|
|
|
|
*/
|
|
|
|
|
public function init()
|
|
|
|
|
{
|
2015-05-12 15:49:45 +02:00
|
|
|
parent::init();
|
2015-05-05 07:36:14 +02:00
|
|
|
$this->createTabs();
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-04 17:04:50 +02:00
|
|
|
/**
|
|
|
|
|
* Redirect to this controller's list action
|
|
|
|
|
*/
|
|
|
|
|
public function indexAction()
|
|
|
|
|
{
|
|
|
|
|
$this->redirectNow('user/list');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* List all users of a single backend
|
|
|
|
|
*/
|
|
|
|
|
public function listAction()
|
|
|
|
|
{
|
2015-05-08 09:54:45 +02:00
|
|
|
$backendNames = array_map(
|
|
|
|
|
function ($b) { return $b->getName(); },
|
|
|
|
|
$this->loadUserBackends('Icinga\Data\Selectable')
|
|
|
|
|
);
|
|
|
|
|
$this->view->backendSelection = new Form();
|
|
|
|
|
$this->view->backendSelection->setAttrib('class', 'backend-selection');
|
|
|
|
|
$this->view->backendSelection->setUidDisabled();
|
|
|
|
|
$this->view->backendSelection->setMethod('GET');
|
|
|
|
|
$this->view->backendSelection->setTokenDisabled();
|
|
|
|
|
$this->view->backendSelection->addElement(
|
|
|
|
|
'select',
|
|
|
|
|
'backend',
|
|
|
|
|
array(
|
|
|
|
|
'autosubmit' => true,
|
|
|
|
|
'label' => $this->translate('Authentication Backend'),
|
|
|
|
|
'multiOptions' => array_combine($backendNames, $backendNames),
|
|
|
|
|
'value' => $this->params->get('backend')
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
2015-05-04 17:04:50 +02:00
|
|
|
$backend = $this->getUserBackend($this->params->get('backend'));
|
|
|
|
|
if ($backend === null) {
|
|
|
|
|
$this->view->backend = null;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-20 15:00:29 +02:00
|
|
|
$query = $backend->select(array('user_name'));
|
2015-05-04 17:04:50 +02:00
|
|
|
$filterEditor = Widget::create('filterEditor')
|
|
|
|
|
->setQuery($query)
|
|
|
|
|
->preserveParams('limit', 'sort', 'dir', 'view', 'backend')
|
|
|
|
|
->ignoreParams('page')
|
|
|
|
|
->handleRequest($this->getRequest());
|
|
|
|
|
$query->applyFilter($filterEditor->getFilter());
|
|
|
|
|
$this->setupFilterControl($filterEditor);
|
|
|
|
|
|
2015-05-13 13:50:19 +02:00
|
|
|
try {
|
2015-05-18 14:03:22 +02:00
|
|
|
$this->setupPaginationControl($query);
|
|
|
|
|
$this->view->users = $query;
|
2015-05-13 13:50:19 +02:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
Notification::error($e->getMessage());
|
2015-05-13 13:58:40 +02:00
|
|
|
Logger::error($e);
|
2015-05-13 13:50:19 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-04 17:04:50 +02:00
|
|
|
$this->view->backend = $backend;
|
2015-05-13 13:50:19 +02:00
|
|
|
$this->getTabs()->activate('user/list');
|
2015-05-04 17:04:50 +02:00
|
|
|
|
|
|
|
|
$this->setupLimitControl();
|
2015-05-12 15:49:45 +02:00
|
|
|
$this->setupSortControl(
|
|
|
|
|
array(
|
|
|
|
|
'user_name' => $this->translate('Username'),
|
|
|
|
|
'is_active' => $this->translate('Active'),
|
|
|
|
|
'created_at' => $this->translate('Created at'),
|
|
|
|
|
'last_modified' => $this->translate('Last modified')
|
|
|
|
|
),
|
|
|
|
|
$query
|
|
|
|
|
);
|
2015-05-04 17:04:50 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-20 15:41:02 +02:00
|
|
|
/**
|
|
|
|
|
* Show a user
|
|
|
|
|
*/
|
|
|
|
|
public function showAction()
|
|
|
|
|
{
|
|
|
|
|
$userName = $this->params->getRequired('user');
|
|
|
|
|
$backend = $this->getUserBackend($this->params->getRequired('backend'));
|
|
|
|
|
|
|
|
|
|
$user = $backend->select(array(
|
|
|
|
|
'user_name',
|
|
|
|
|
'is_active',
|
|
|
|
|
'created_at',
|
|
|
|
|
'last_modified'
|
|
|
|
|
))->where('user_name', $userName)->fetchRow();
|
|
|
|
|
if ($user === false) {
|
|
|
|
|
$this->httpNotFound(sprintf($this->translate('User "%s" not found'), $userName));
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-22 15:53:47 +02:00
|
|
|
$memberships = $this->loadMemberships(new User($userName))->select();
|
|
|
|
|
|
|
|
|
|
$filterEditor = Widget::create('filterEditor')
|
|
|
|
|
->setQuery($memberships)
|
|
|
|
|
->preserveParams('limit', 'sort', 'dir', 'view', 'backend', 'user')
|
|
|
|
|
->ignoreParams('page')
|
|
|
|
|
->handleRequest($this->getRequest());
|
|
|
|
|
$memberships->applyFilter($filterEditor->getFilter());
|
|
|
|
|
|
|
|
|
|
$this->setupFilterControl($filterEditor);
|
|
|
|
|
$this->setupPaginationControl($memberships);
|
|
|
|
|
$this->setupLimitControl();
|
|
|
|
|
$this->setupSortControl(
|
|
|
|
|
array(
|
|
|
|
|
'group_name' => $this->translate('Group')
|
|
|
|
|
),
|
|
|
|
|
$memberships
|
|
|
|
|
);
|
|
|
|
|
|
2015-05-20 15:41:02 +02:00
|
|
|
$this->view->user = $user;
|
|
|
|
|
$this->view->backend = $backend;
|
2015-05-22 15:53:47 +02:00
|
|
|
$this->view->memberships = $memberships;
|
|
|
|
|
|
|
|
|
|
$removeForm = new Form();
|
|
|
|
|
$removeForm->setUidDisabled();
|
|
|
|
|
$removeForm->addElement('hidden', 'user_name', array(
|
|
|
|
|
'isArray' => true,
|
|
|
|
|
'value' => $userName,
|
|
|
|
|
'decorators' => array('ViewHelper')
|
|
|
|
|
));
|
|
|
|
|
$removeForm->addElement('hidden', 'redirect', array(
|
|
|
|
|
'value' => Url::fromPath('user/show', array(
|
|
|
|
|
'backend' => $backend->getName(),
|
|
|
|
|
'user' => $userName
|
|
|
|
|
)),
|
|
|
|
|
'decorators' => array('ViewHelper')
|
|
|
|
|
));
|
|
|
|
|
$removeForm->addElement('button', 'btn_submit', array(
|
|
|
|
|
'escape' => false,
|
|
|
|
|
'type' => 'submit',
|
|
|
|
|
'class' => 'link-like',
|
|
|
|
|
'value' => 'btn_submit',
|
|
|
|
|
'decorators' => array('ViewHelper'),
|
|
|
|
|
'label' => $this->view->icon('trash'),
|
|
|
|
|
'title' => $this->translate('Cancel this membership')
|
|
|
|
|
));
|
|
|
|
|
$this->view->removeForm = $removeForm;
|
2015-05-20 15:41:02 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-20 10:54:42 +02:00
|
|
|
/**
|
|
|
|
|
* Add a user
|
|
|
|
|
*/
|
|
|
|
|
public function addAction()
|
|
|
|
|
{
|
2015-05-20 13:54:05 +02:00
|
|
|
$backend = $this->getUserBackend($this->params->getRequired('backend'), 'Icinga\Data\Extensible');
|
2015-05-20 10:54:42 +02:00
|
|
|
$form = new UserForm();
|
2015-05-20 13:54:05 +02:00
|
|
|
$form->setRedirectUrl(Url::fromPath('user/list', array('backend' => $backend->getName())));
|
|
|
|
|
$form->setRepository($backend);
|
2015-05-20 10:54:42 +02:00
|
|
|
$form->add()->handleRequest();
|
|
|
|
|
|
|
|
|
|
$this->view->form = $form;
|
|
|
|
|
$this->render('form');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Edit a user
|
|
|
|
|
*/
|
|
|
|
|
public function editAction()
|
|
|
|
|
{
|
|
|
|
|
$userName = $this->params->getRequired('user');
|
|
|
|
|
$backend = $this->getUserBackend($this->params->getRequired('backend'), 'Icinga\Data\Updatable');
|
|
|
|
|
|
|
|
|
|
$row = $backend->select(array('user_name', 'is_active'))->where('user_name', $userName)->fetchRow();
|
|
|
|
|
if ($row === false) {
|
|
|
|
|
$this->httpNotFound(sprintf($this->translate('User "%s" not found'), $userName));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$form = new UserForm();
|
2015-05-20 15:41:02 +02:00
|
|
|
$form->setRedirectUrl(Url::fromPath('user/show', array('backend' => $backend->getName(), 'user' => $userName)));
|
2015-05-20 10:54:42 +02:00
|
|
|
$form->setRepository($backend);
|
|
|
|
|
$form->edit($userName, get_object_vars($row))->handleRequest();
|
|
|
|
|
|
|
|
|
|
$this->view->form = $form;
|
|
|
|
|
$this->render('form');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Remove a user
|
|
|
|
|
*/
|
|
|
|
|
public function removeAction()
|
|
|
|
|
{
|
|
|
|
|
$userName = $this->params->getRequired('user');
|
|
|
|
|
$backend = $this->getUserBackend($this->params->getRequired('backend'), 'Icinga\Data\Reducible');
|
|
|
|
|
|
|
|
|
|
if ($backend->select()->where('user_name', $userName)->count() === 0) {
|
|
|
|
|
$this->httpNotFound(sprintf($this->translate('User "%s" not found'), $userName));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$form = new UserForm();
|
2015-05-20 13:54:05 +02:00
|
|
|
$form->setRedirectUrl(Url::fromPath('user/list', array('backend' => $backend->getName())));
|
2015-05-20 10:54:42 +02:00
|
|
|
$form->setRepository($backend);
|
|
|
|
|
$form->remove($userName)->handleRequest();
|
|
|
|
|
|
|
|
|
|
$this->view->form = $form;
|
|
|
|
|
$this->render('form');
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-22 15:53:47 +02:00
|
|
|
/**
|
|
|
|
|
* Fetch and return the given user's groups from all user group backends
|
|
|
|
|
*
|
|
|
|
|
* @param User $user
|
|
|
|
|
*
|
|
|
|
|
* @return ArrayDatasource
|
|
|
|
|
*/
|
|
|
|
|
protected function loadMemberships(User $user)
|
|
|
|
|
{
|
|
|
|
|
$groups = array();
|
|
|
|
|
foreach (Config::app('groups') as $backendName => $backendConfig) {
|
|
|
|
|
$backend = UserGroupBackend::create($backendName, $backendConfig);
|
|
|
|
|
foreach ($backend->getMemberships($user) as $groupName) {
|
|
|
|
|
$groups[] = (object) array(
|
|
|
|
|
'group_name' => $groupName,
|
|
|
|
|
'backend' => $backend
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return new ArrayDatasource($groups);
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-08 09:54:45 +02:00
|
|
|
/**
|
|
|
|
|
* Return all user backends implementing the given interface
|
|
|
|
|
*
|
|
|
|
|
* @param string $interface The class path of the interface, or null if no interface check should be made
|
|
|
|
|
*
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
protected function loadUserBackends($interface = null)
|
|
|
|
|
{
|
|
|
|
|
$backends = array();
|
|
|
|
|
foreach (Config::app('authentication') as $backendName => $backendConfig) {
|
|
|
|
|
$candidate = UserBackend::create($backendName, $backendConfig);
|
|
|
|
|
if (! $interface || $candidate instanceof $interface) {
|
|
|
|
|
$backends[] = $candidate;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $backends;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-04 17:04:50 +02:00
|
|
|
/**
|
|
|
|
|
* Return the given user backend or the first match in order
|
|
|
|
|
*
|
|
|
|
|
* @param string $name The name of the backend, or null in case the first match should be returned
|
2015-05-08 09:54:45 +02:00
|
|
|
* @param string $interface The interface the backend should implement, no interface check if null
|
2015-05-04 17:04:50 +02:00
|
|
|
*
|
|
|
|
|
* @return UserBackendInterface
|
|
|
|
|
*
|
|
|
|
|
* @throws Zend_Controller_Action_Exception In case the given backend name is invalid
|
|
|
|
|
*/
|
2015-05-08 09:54:45 +02:00
|
|
|
protected function getUserBackend($name = null, $interface = 'Icinga\Data\Selectable')
|
2015-05-04 17:04:50 +02:00
|
|
|
{
|
|
|
|
|
if ($name !== null) {
|
2015-05-08 09:54:45 +02:00
|
|
|
$config = Config::app('authentication');
|
2015-05-04 17:04:50 +02:00
|
|
|
if (! $config->hasSection($name)) {
|
2015-05-20 10:52:50 +02:00
|
|
|
$this->httpNotFound(sprintf($this->translate('Authentication backend "%s" not found'), $name));
|
2015-05-04 17:04:50 +02:00
|
|
|
} else {
|
|
|
|
|
$backend = UserBackend::create($name, $config->getSection($name));
|
2015-05-08 09:54:45 +02:00
|
|
|
if ($interface && !$backend instanceof $interface) {
|
|
|
|
|
$interfaceParts = explode('\\', strtolower($interface));
|
2015-05-04 17:04:50 +02:00
|
|
|
throw new Zend_Controller_Action_Exception(
|
2015-05-08 09:54:45 +02:00
|
|
|
sprintf(
|
|
|
|
|
$this->translate('Authentication backend "%s" is not %s'),
|
|
|
|
|
$name,
|
|
|
|
|
array_pop($interfaceParts)
|
|
|
|
|
),
|
2015-05-04 17:04:50 +02:00
|
|
|
400
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2015-05-08 09:54:45 +02:00
|
|
|
$backends = $this->loadUserBackends($interface);
|
|
|
|
|
$backend = array_shift($backends);
|
2015-05-04 17:04:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $backend;
|
|
|
|
|
}
|
2015-05-05 07:36:14 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create the tabs
|
|
|
|
|
*/
|
|
|
|
|
protected function createTabs()
|
|
|
|
|
{
|
|
|
|
|
$tabs = $this->getTabs();
|
|
|
|
|
$tabs->add(
|
|
|
|
|
'user/list',
|
|
|
|
|
array(
|
|
|
|
|
'title' => $this->translate('List users of authentication backends'),
|
|
|
|
|
'label' => $this->translate('Users'),
|
|
|
|
|
'icon' => 'users',
|
|
|
|
|
'url' => 'user/list'
|
|
|
|
|
)
|
|
|
|
|
);
|
2015-05-05 09:24:28 +02:00
|
|
|
$tabs->add(
|
|
|
|
|
'group/list',
|
|
|
|
|
array(
|
|
|
|
|
'title' => $this->translate('List groups of user group backends'),
|
|
|
|
|
'label' => $this->translate('Groups'),
|
|
|
|
|
'icon' => 'cubes',
|
|
|
|
|
'url' => 'group/list'
|
|
|
|
|
)
|
|
|
|
|
);
|
2015-05-05 07:36:14 +02:00
|
|
|
}
|
2015-05-04 17:04:50 +02:00
|
|
|
}
|
