diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php index 321fcf882..ab4b62049 100644 --- a/application/controllers/ConfigController.php +++ b/application/controllers/ConfigController.php @@ -61,16 +61,6 @@ class ConfigController extends Controller )); $allowedActions[] = 'resource'; } - if ($auth->hasPermission('config/application/roles')) { - $tabs->add('roles', array( - 'title' => $this->translate( - 'Configure roles to permit or restrict users and groups accessing Icinga Web 2' - ), - 'label' => $this->translate('Roles'), - 'url' => 'roles' - )); - $allowedActions[] = 'roles'; - } $this->firstAllowedAction = array_shift($allowedActions); } diff --git a/application/controllers/RolesController.php b/application/controllers/RolesController.php index d4b7b7c63..b889083c6 100644 --- a/application/controllers/RolesController.php +++ b/application/controllers/RolesController.php @@ -4,61 +4,21 @@ use Icinga\Application\Config; use Icinga\Forms\ConfirmRemovalForm; use Icinga\Forms\Security\RoleForm; -use Icinga\Web\Controller\ActionController; +use Icinga\Web\Controller\AuthBackendController; use Icinga\Web\Notification; -use Icinga\Web\Widget; /** * Roles configuration */ -class RolesController extends ActionController +class RolesController extends AuthBackendController { - /** - * Initialize tabs and validate the user's permissions - * - * @throws \Icinga\Security\SecurityException If the user lacks permissions for configuring roles - */ - public function init() - { - $this->assertPermission('config/application/roles'); - $tabs = $this->getTabs(); - $auth = $this->Auth(); - if ($auth->hasPermission('config/application/general')) { - $tabs->add('application', array( - 'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), - 'label' => $this->translate('Application'), - 'url' => 'config' - )); - } - if ($auth->hasPermission('config/application/authentication')) { - $tabs->add('authentication', array( - 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), - 'label' => $this->translate('Authentication'), - 'url' => 'config/authentication' - )); - } - if ($auth->hasPermission('config/application/resources')) { - $tabs->add('resource', array( - 'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'), - 'label' => $this->translate('Resources'), - 'url' => 'config/resource' - )); - } - $tabs->add('roles', array( - 'title' => $this->translate( - 'Configure roles to permit or restrict users and groups accessing Icinga Web 2' - ), - 'label' => $this->translate('Roles'), - 'url' => 'roles' - )); - } - /** * List roles */ public function indexAction() { - $this->view->tabs->activate('roles'); + $this->assertPermission('config/application/roles'); + $this->createListTabs()->activate('roles'); $this->view->roles = Config::app('roles', true); } @@ -67,6 +27,7 @@ class RolesController extends ActionController */ public function newAction() { + $this->assertPermission('config/application/roles'); $role = new RoleForm(array( 'onSuccess' => function (RoleForm $role) { $name = $role->getElement('name')->getValue(); @@ -100,6 +61,7 @@ class RolesController extends ActionController */ public function updateAction() { + $this->assertPermission('config/application/roles'); $name = $this->_request->getParam('role'); if (empty($name)) { throw new Zend_Controller_Action_Exception( @@ -149,6 +111,7 @@ class RolesController extends ActionController */ public function removeAction() { + $this->assertPermission('config/application/roles'); $name = $this->_request->getParam('role'); if (empty($name)) { throw new Zend_Controller_Action_Exception( diff --git a/library/Icinga/Web/Controller/AuthBackendController.php b/library/Icinga/Web/Controller/AuthBackendController.php index 5b2a4f18e..a3d93e0f8 100644 --- a/library/Icinga/Web/Controller/AuthBackendController.php +++ b/library/Icinga/Web/Controller/AuthBackendController.php @@ -163,6 +163,19 @@ class AuthBackendController extends Controller ); } + if ($this->hasPermission('config/application/roles')) { + $tabs->add( + 'roles', + array( + 'title' => $this->translate( + 'Configure roles to permit or restrict users and groups accessing Icinga Web 2' + ), + 'label' => $this->translate('Roles'), + 'url' => 'roles' + ) + ); + } + return $tabs; } }