2015-05-05 09:24:28 +02:00
|
|
|
<?php
|
2016-02-08 15:41:00 +01:00
|
|
|
/* Icinga Web 2 | (c) 2015 Icinga Development Team | GPLv2+ */
|
2015-05-05 09:24:28 +02:00
|
|
|
|
2015-08-27 13:28:00 +02:00
|
|
|
namespace Icinga\Controllers;
|
|
|
|
|
2015-08-27 13:29:36 +02:00
|
|
|
use Exception;
|
2015-05-13 13:58:48 +02:00
|
|
|
use Icinga\Application\Logger;
|
2017-06-07 15:37:35 +02:00
|
|
|
use Icinga\Authentication\User\DomainAwareInterface;
|
2015-05-26 14:32:14 +02:00
|
|
|
use Icinga\Data\DataArray\ArrayDatasource;
|
2015-05-22 14:35:34 +02:00
|
|
|
use Icinga\Data\Filter\Filter;
|
2015-08-27 13:29:06 +02:00
|
|
|
use Icinga\Data\Reducible;
|
2015-05-28 16:28:59 +02:00
|
|
|
use Icinga\Exception\NotFoundError;
|
2015-05-26 14:32:14 +02:00
|
|
|
use Icinga\Forms\Config\UserGroup\AddMemberForm;
|
2015-05-26 10:24:13 +02:00
|
|
|
use Icinga\Forms\Config\UserGroup\UserGroupForm;
|
2017-06-07 15:37:35 +02:00
|
|
|
use Icinga\User;
|
2015-05-26 10:12:25 +02:00
|
|
|
use Icinga\Web\Controller\AuthBackendController;
|
2015-05-08 09:56:07 +02:00
|
|
|
use Icinga\Web\Form;
|
2015-05-13 13:50:32 +02:00
|
|
|
use Icinga\Web\Notification;
|
2015-05-20 14:06:59 +02:00
|
|
|
use Icinga\Web\Url;
|
2015-05-05 09:24:28 +02:00
|
|
|
use Icinga\Web\Widget;
|
|
|
|
|
2015-05-26 10:12:25 +02:00
|
|
|
class GroupController extends AuthBackendController
|
2015-05-05 09:24:28 +02:00
|
|
|
{
|
2019-07-12 10:22:01 +02:00
|
|
|
public function init()
|
|
|
|
{
|
|
|
|
$this->view->title = $this->translate('User Groups');
|
|
|
|
|
|
|
|
parent::init();
|
|
|
|
}
|
|
|
|
|
2015-05-05 09:24:28 +02:00
|
|
|
/**
|
|
|
|
* List all user groups of a single backend
|
|
|
|
*/
|
|
|
|
public function listAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-06-03 08:54:56 +02:00
|
|
|
$this->createListTabs()->activate('group/list');
|
2015-05-08 09:56:07 +02:00
|
|
|
$backendNames = array_map(
|
2017-01-27 14:48:59 +01:00
|
|
|
function ($b) {
|
|
|
|
return $b->getName();
|
|
|
|
},
|
2015-05-08 09:56:07 +02:00
|
|
|
$this->loadUserGroupBackends('Icinga\Data\Selectable')
|
|
|
|
);
|
2015-06-08 13:28:12 +02:00
|
|
|
if (empty($backendNames)) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-05-08 09:56:07 +02:00
|
|
|
$this->view->backendSelection = new Form();
|
2019-07-19 15:34:09 +02:00
|
|
|
$this->view->backendSelection->setAttrib('class', 'backend-selection icinga-controls');
|
2015-05-08 09:56:07 +02:00
|
|
|
$this->view->backendSelection->setUidDisabled();
|
|
|
|
$this->view->backendSelection->setMethod('GET');
|
|
|
|
$this->view->backendSelection->setTokenDisabled();
|
|
|
|
$this->view->backendSelection->addElement(
|
|
|
|
'select',
|
|
|
|
'backend',
|
|
|
|
array(
|
|
|
|
'autosubmit' => true,
|
2015-10-15 16:14:19 +02:00
|
|
|
'label' => $this->translate('User Group Backend'),
|
2015-05-08 09:56:07 +02:00
|
|
|
'multiOptions' => array_combine($backendNames, $backendNames),
|
|
|
|
'value' => $this->params->get('backend')
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
2015-05-05 09:24:28 +02:00
|
|
|
$backend = $this->getUserGroupBackend($this->params->get('backend'));
|
|
|
|
if ($backend === null) {
|
|
|
|
$this->view->backend = null;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-05-20 15:54:47 +02:00
|
|
|
$query = $backend->select(array('group_name'));
|
2015-05-05 09:24:28 +02:00
|
|
|
|
2015-05-27 08:53:13 +02:00
|
|
|
$this->view->groups = $query;
|
2015-05-05 09:24:28 +02:00
|
|
|
$this->view->backend = $backend;
|
|
|
|
|
2015-05-27 08:53:13 +02:00
|
|
|
$this->setupPaginationControl($query);
|
2015-08-13 17:05:13 +02:00
|
|
|
$this->setupFilterControl($query);
|
2015-05-05 09:24:28 +02:00
|
|
|
$this->setupLimitControl();
|
2015-05-12 15:49:24 +02:00
|
|
|
$this->setupSortControl(
|
|
|
|
array(
|
2015-10-15 16:14:19 +02:00
|
|
|
'group_name' => $this->translate('User Group'),
|
2015-05-12 15:49:24 +02:00
|
|
|
'created_at' => $this->translate('Created at'),
|
|
|
|
'last_modified' => $this->translate('Last modified')
|
|
|
|
),
|
|
|
|
$query
|
|
|
|
);
|
2015-05-05 09:24:28 +02:00
|
|
|
}
|
|
|
|
|
2015-05-20 16:17:37 +02:00
|
|
|
/**
|
|
|
|
* Show a group
|
|
|
|
*/
|
|
|
|
public function showAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-20 16:17:37 +02:00
|
|
|
$groupName = $this->params->getRequired('group');
|
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'));
|
|
|
|
|
|
|
|
$group = $backend->select(array(
|
|
|
|
'group_name',
|
|
|
|
'created_at',
|
|
|
|
'last_modified'
|
|
|
|
))->where('group_name', $groupName)->fetchRow();
|
|
|
|
if ($group === false) {
|
|
|
|
$this->httpNotFound(sprintf($this->translate('Group "%s" not found'), $groupName));
|
|
|
|
}
|
|
|
|
|
2015-05-21 16:38:47 +02:00
|
|
|
$members = $backend
|
|
|
|
->select()
|
|
|
|
->from('group_membership', array('user_name'))
|
|
|
|
->where('group_name', $groupName);
|
|
|
|
|
2015-11-10 11:51:26 +01:00
|
|
|
$this->setupFilterControl($members, null, array('user'), array('group'));
|
2015-05-21 16:38:47 +02:00
|
|
|
$this->setupPaginationControl($members);
|
|
|
|
$this->setupLimitControl();
|
|
|
|
$this->setupSortControl(
|
|
|
|
array(
|
|
|
|
'user_name' => $this->translate('Username'),
|
|
|
|
'created_at' => $this->translate('Created at'),
|
|
|
|
'last_modified' => $this->translate('Last modified')
|
|
|
|
),
|
|
|
|
$members
|
|
|
|
);
|
|
|
|
|
2015-05-20 16:17:37 +02:00
|
|
|
$this->view->group = $group;
|
|
|
|
$this->view->backend = $backend;
|
2015-05-21 16:38:47 +02:00
|
|
|
$this->view->members = $members;
|
2015-05-22 16:13:38 +02:00
|
|
|
$this->createShowTabs($backend->getName(), $groupName)->activate('group/show');
|
2015-05-21 16:38:47 +02:00
|
|
|
|
2021-02-18 08:52:57 +01:00
|
|
|
if ($this->hasPermission('config/access-control/groups') && $backend instanceof Reducible) {
|
2015-05-21 16:38:47 +02:00
|
|
|
$removeForm = new Form();
|
2015-05-22 14:35:34 +02:00
|
|
|
$removeForm->setUidDisabled();
|
2019-07-26 13:51:00 +02:00
|
|
|
$removeForm->setAttrib('class', 'inline');
|
2015-05-21 16:38:47 +02:00
|
|
|
$removeForm->setAction(
|
|
|
|
Url::fromPath('group/removemember', array('backend' => $backend->getName(), 'group' => $groupName))
|
|
|
|
);
|
2015-05-22 14:35:34 +02:00
|
|
|
$removeForm->addElement('hidden', 'user_name', array(
|
|
|
|
'isArray' => true,
|
|
|
|
'decorators' => array('ViewHelper')
|
|
|
|
));
|
|
|
|
$removeForm->addElement('hidden', 'redirect', array(
|
|
|
|
'value' => Url::fromPath('group/show', array(
|
|
|
|
'backend' => $backend->getName(),
|
|
|
|
'group' => $groupName
|
|
|
|
)),
|
|
|
|
'decorators' => array('ViewHelper')
|
|
|
|
));
|
2015-05-21 16:38:47 +02:00
|
|
|
$removeForm->addElement('button', 'btn_submit', array(
|
|
|
|
'escape' => false,
|
|
|
|
'type' => 'submit',
|
2015-10-15 15:47:38 +02:00
|
|
|
'class' => 'link-button spinner',
|
2015-05-21 16:38:47 +02:00
|
|
|
'value' => 'btn_submit',
|
|
|
|
'decorators' => array('ViewHelper'),
|
|
|
|
'label' => $this->view->icon('trash'),
|
|
|
|
'title' => $this->translate('Remove this member')
|
|
|
|
));
|
|
|
|
$this->view->removeForm = $removeForm;
|
|
|
|
}
|
2015-05-20 16:17:37 +02:00
|
|
|
}
|
|
|
|
|
2015-05-20 11:54:28 +02:00
|
|
|
/**
|
|
|
|
* Add a group
|
|
|
|
*/
|
|
|
|
public function addAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-20 14:06:59 +02:00
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Extensible');
|
2015-05-20 11:54:28 +02:00
|
|
|
$form = new UserGroupForm();
|
2015-05-20 14:06:59 +02:00
|
|
|
$form->setRedirectUrl(Url::fromPath('group/list', array('backend' => $backend->getName())));
|
|
|
|
$form->setRepository($backend);
|
2015-05-20 11:54:28 +02:00
|
|
|
$form->add()->handleRequest();
|
|
|
|
|
2015-10-01 10:03:29 +02:00
|
|
|
$this->renderForm($form, $this->translate('New User Group'));
|
2015-05-20 11:54:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Edit a group
|
|
|
|
*/
|
|
|
|
public function editAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-20 11:54:28 +02:00
|
|
|
$groupName = $this->params->getRequired('group');
|
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Updatable');
|
|
|
|
|
|
|
|
$form = new UserGroupForm();
|
2015-05-20 16:17:37 +02:00
|
|
|
$form->setRedirectUrl(
|
|
|
|
Url::fromPath('group/show', array('backend' => $backend->getName(), 'group' => $groupName))
|
|
|
|
);
|
2015-05-20 11:54:28 +02:00
|
|
|
$form->setRepository($backend);
|
2015-05-28 16:28:59 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
$form->edit($groupName)->handleRequest();
|
|
|
|
} catch (NotFoundError $_) {
|
|
|
|
$this->httpNotFound(sprintf($this->translate('Group "%s" not found'), $groupName));
|
|
|
|
}
|
2015-05-20 11:54:28 +02:00
|
|
|
|
2015-10-01 10:03:29 +02:00
|
|
|
$this->renderForm($form, $this->translate('Update User Group'));
|
2015-05-20 11:54:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove a group
|
|
|
|
*/
|
|
|
|
public function removeAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-20 11:54:28 +02:00
|
|
|
$groupName = $this->params->getRequired('group');
|
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Reducible');
|
|
|
|
|
|
|
|
$form = new UserGroupForm();
|
2015-05-20 14:06:59 +02:00
|
|
|
$form->setRedirectUrl(Url::fromPath('group/list', array('backend' => $backend->getName())));
|
2015-05-20 11:54:28 +02:00
|
|
|
$form->setRepository($backend);
|
2015-05-28 16:28:59 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
$form->remove($groupName)->handleRequest();
|
|
|
|
} catch (NotFoundError $_) {
|
|
|
|
$this->httpNotFound(sprintf($this->translate('Group "%s" not found'), $groupName));
|
|
|
|
}
|
2015-05-20 11:54:28 +02:00
|
|
|
|
2015-10-01 10:03:29 +02:00
|
|
|
$this->renderForm($form, $this->translate('Remove User Group'));
|
2015-05-20 11:54:28 +02:00
|
|
|
}
|
|
|
|
|
2015-05-26 14:32:14 +02:00
|
|
|
/**
|
|
|
|
* Add a group member
|
|
|
|
*/
|
|
|
|
public function addmemberAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-26 14:32:14 +02:00
|
|
|
$groupName = $this->params->getRequired('group');
|
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Extensible');
|
|
|
|
|
|
|
|
$form = new AddMemberForm();
|
|
|
|
$form->setDataSource($this->fetchUsers())
|
|
|
|
->setBackend($backend)
|
|
|
|
->setGroupName($groupName)
|
|
|
|
->setRedirectUrl(
|
|
|
|
Url::fromPath('group/show', array('backend' => $backend->getName(), 'group' => $groupName))
|
|
|
|
)
|
2015-05-29 12:57:39 +02:00
|
|
|
->setUidDisabled();
|
|
|
|
|
|
|
|
try {
|
|
|
|
$form->handleRequest();
|
|
|
|
} catch (NotFoundError $_) {
|
|
|
|
$this->httpNotFound(sprintf($this->translate('Group "%s" not found'), $groupName));
|
|
|
|
}
|
2015-05-26 14:32:14 +02:00
|
|
|
|
2015-10-01 10:03:29 +02:00
|
|
|
$this->renderForm($form, $this->translate('New User Group Member'));
|
2015-05-26 14:32:14 +02:00
|
|
|
}
|
|
|
|
|
2015-05-22 14:35:34 +02:00
|
|
|
/**
|
|
|
|
* Remove a group member
|
|
|
|
*/
|
|
|
|
public function removememberAction()
|
|
|
|
{
|
2021-02-18 08:52:57 +01:00
|
|
|
$this->assertPermission('config/access-control/groups');
|
2015-05-22 14:35:34 +02:00
|
|
|
$this->assertHttpMethod('POST');
|
|
|
|
$groupName = $this->params->getRequired('group');
|
|
|
|
$backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Reducible');
|
|
|
|
|
|
|
|
$form = new Form(array(
|
|
|
|
'onSuccess' => function ($form) use ($groupName, $backend) {
|
|
|
|
foreach ($form->getValue('user_name') as $userName) {
|
|
|
|
try {
|
|
|
|
$backend->delete(
|
|
|
|
'group_membership',
|
|
|
|
Filter::matchAll(
|
|
|
|
Filter::where('group_name', $groupName),
|
|
|
|
Filter::where('user_name', $userName)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
Notification::success(sprintf(
|
|
|
|
t('User "%s" has been removed from group "%s"'),
|
|
|
|
$userName,
|
|
|
|
$groupName
|
|
|
|
));
|
2015-05-29 12:57:39 +02:00
|
|
|
} catch (NotFoundError $e) {
|
|
|
|
throw $e;
|
2015-05-22 14:35:34 +02:00
|
|
|
} catch (Exception $e) {
|
|
|
|
Notification::error($e->getMessage());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$redirect = $form->getValue('redirect');
|
|
|
|
if (! empty($redirect)) {
|
|
|
|
$form->setRedirectUrl(htmlspecialchars_decode($redirect));
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
));
|
|
|
|
$form->setUidDisabled();
|
|
|
|
$form->setSubmitLabel('btn_submit'); // Required to ensure that isSubmitted() is called
|
|
|
|
$form->addElement('hidden', 'user_name', array('required' => true, 'isArray' => true));
|
|
|
|
$form->addElement('hidden', 'redirect');
|
2015-05-29 12:57:39 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
$form->handleRequest();
|
|
|
|
} catch (NotFoundError $_) {
|
|
|
|
$this->httpNotFound(sprintf($this->translate('Group "%s" not found'), $groupName));
|
|
|
|
}
|
2015-05-22 14:35:34 +02:00
|
|
|
}
|
|
|
|
|
2015-05-26 14:32:14 +02:00
|
|
|
/**
|
|
|
|
* Fetch and return all users from all user backends
|
|
|
|
*
|
|
|
|
* @return ArrayDatasource
|
|
|
|
*/
|
|
|
|
protected function fetchUsers()
|
|
|
|
{
|
|
|
|
$users = array();
|
|
|
|
foreach ($this->loadUserBackends('Icinga\Data\Selectable') as $backend) {
|
2015-05-27 08:55:02 +02:00
|
|
|
try {
|
2017-06-07 15:37:35 +02:00
|
|
|
if ($backend instanceof DomainAwareInterface) {
|
|
|
|
$domain = $backend->getDomain();
|
|
|
|
} else {
|
|
|
|
$domain = null;
|
|
|
|
}
|
|
|
|
foreach ($backend->select(array('user_name')) as $user) {
|
|
|
|
$userObj = new User($user->user_name);
|
|
|
|
if ($domain !== null) {
|
|
|
|
if ($userObj->hasDomain() && $userObj->getDomain() !== $domain) {
|
|
|
|
// Users listed in a user backend which is configured to be responsible for a domain should
|
|
|
|
// not have a domain in their username. Ultimately, if the username has a domain, it must
|
|
|
|
// not differ from the backend's domain. We could log here - but hey, who cares :)
|
|
|
|
continue;
|
|
|
|
} else {
|
|
|
|
$userObj->setDomain($domain);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$user->user_name = $userObj->getUsername();
|
|
|
|
|
|
|
|
$users[] = $user;
|
2015-05-27 08:55:02 +02:00
|
|
|
}
|
|
|
|
} catch (Exception $e) {
|
|
|
|
Logger::error($e);
|
|
|
|
Notification::warning(sprintf(
|
|
|
|
$this->translate('Failed to fetch any users from backend %s. Please check your log'),
|
|
|
|
$backend->getName()
|
|
|
|
));
|
2015-05-26 14:32:14 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return new ArrayDatasource($users);
|
|
|
|
}
|
|
|
|
|
2015-05-22 16:13:38 +02:00
|
|
|
/**
|
|
|
|
* Create the tabs to display when showing a group
|
|
|
|
*
|
|
|
|
* @param string $backendName
|
|
|
|
* @param string $groupName
|
|
|
|
*/
|
|
|
|
protected function createShowTabs($backendName, $groupName)
|
|
|
|
{
|
|
|
|
$tabs = $this->getTabs();
|
|
|
|
$tabs->add(
|
|
|
|
'group/show',
|
|
|
|
array(
|
|
|
|
'title' => sprintf($this->translate('Show group %s'), $groupName),
|
|
|
|
'label' => $this->translate('Group'),
|
|
|
|
'url' => Url::fromPath('group/show', array('backend' => $backendName, 'group' => $groupName))
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
return $tabs;
|
2015-05-05 09:24:28 +02:00
|
|
|
}
|
2015-06-22 13:26:24 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Create the tabs to display when listing groups
|
|
|
|
*/
|
|
|
|
protected function createListTabs()
|
|
|
|
{
|
|
|
|
$tabs = $this->getTabs();
|
2015-10-01 09:01:03 +02:00
|
|
|
|
2021-02-18 08:52:57 +01:00
|
|
|
if ($this->hasPermission('config/access-control/roles')) {
|
|
|
|
$tabs->add(
|
|
|
|
'role/list',
|
|
|
|
array(
|
|
|
|
'baseTarget' => '_main',
|
|
|
|
'label' => $this->translate('Roles'),
|
|
|
|
'title' => $this->translate(
|
|
|
|
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
|
|
|
|
),
|
|
|
|
'url' => 'role/list'
|
|
|
|
)
|
|
|
|
);
|
2021-03-18 17:03:12 +01:00
|
|
|
|
|
|
|
$tabs->add(
|
|
|
|
'role/audit',
|
|
|
|
[
|
2021-03-19 17:12:49 +01:00
|
|
|
'title' => $this->translate('Audit a user\'s or group\'s privileges'),
|
2021-03-18 17:03:12 +01:00
|
|
|
'label' => $this->translate('Audit'),
|
|
|
|
'url' => 'role/audit'
|
|
|
|
]
|
|
|
|
);
|
2021-02-18 08:52:57 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($this->hasPermission('config/access-control/users')) {
|
|
|
|
$tabs->add(
|
|
|
|
'user/list',
|
|
|
|
array(
|
|
|
|
'title' => $this->translate('List users of authentication backends'),
|
|
|
|
'label' => $this->translate('Users'),
|
|
|
|
'url' => 'user/list'
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2015-06-22 13:26:24 +02:00
|
|
|
$tabs->add(
|
|
|
|
'group/list',
|
|
|
|
array(
|
|
|
|
'title' => $this->translate('List groups of user group backends'),
|
2015-10-01 09:01:03 +02:00
|
|
|
'label' => $this->translate('User Groups'),
|
2015-06-22 13:26:24 +02:00
|
|
|
'url' => 'group/list'
|
|
|
|
)
|
|
|
|
);
|
2021-02-18 08:52:57 +01:00
|
|
|
|
2015-06-22 13:26:24 +02:00
|
|
|
return $tabs;
|
|
|
|
}
|
2015-05-05 09:24:28 +02:00
|
|
|
}
|