Link the roles configuration with the user and group management

refs #8826
2015-06-01 16:43:11 +02:00 · 2015-06-01 16:43:11 +02:00 · 17e7f1e754
parent 66fd7dfd93
commit 17e7f1e754
3 changed files with 20 additions and 54 deletions
--- a/application/controllers/ConfigController.php
+++ b/application/controllers/ConfigController.php
@ -61,16 +61,6 @@ class ConfigController extends Controller
            ));
            $allowedActions[] = 'resource';
        }
-        if ($auth->hasPermission('config/application/roles')) {
-            $tabs->add('roles', array(
-                'title' => $this->translate(
-                    'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
-                ),
-                'label' => $this->translate('Roles'),
-                'url'   => 'roles'
-            ));
-            $allowedActions[] = 'roles';
-        }
        $this->firstAllowedAction = array_shift($allowedActions);
    }

--- a/application/controllers/RolesController.php
+++ b/application/controllers/RolesController.php
@ -4,61 +4,21 @@
 use Icinga\Application\Config;
 use Icinga\Forms\ConfirmRemovalForm;
 use Icinga\Forms\Security\RoleForm;
-use Icinga\Web\Controller\ActionController;
+use Icinga\Web\Controller\AuthBackendController;
 use Icinga\Web\Notification;
-use Icinga\Web\Widget;

 /**
 * Roles configuration
 */
-class RolesController extends ActionController
+class RolesController extends AuthBackendController
 {
-    /**
-     * Initialize tabs and validate the user's permissions
-     *
-     * @throws \Icinga\Security\SecurityException   If the user lacks permissions for configuring roles
-     */
-    public function init()
-    {
-        $this->assertPermission('config/application/roles');
-        $tabs = $this->getTabs();
-        $auth = $this->Auth();
-        if ($auth->hasPermission('config/application/general')) {
-            $tabs->add('application', array(
-                'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
-                'label' => $this->translate('Application'),
-                'url'   => 'config'
-            ));
-        }
-        if ($auth->hasPermission('config/application/authentication')) {
-            $tabs->add('authentication', array(
-                'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
-                'label' => $this->translate('Authentication'),
-                'url'   => 'config/authentication'
-            ));
-        }
-        if ($auth->hasPermission('config/application/resources')) {
-            $tabs->add('resource', array(
-                'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
-                'label' => $this->translate('Resources'),
-                'url'   => 'config/resource'
-            ));
-        }
-        $tabs->add('roles', array(
-            'title' => $this->translate(
-                'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
-            ),
-            'label' => $this->translate('Roles'),
-            'url'   => 'roles'
-        ));
-    }
-
    /**
     * List roles
     */
    public function indexAction()
    {
-        $this->view->tabs->activate('roles');
+        $this->assertPermission('config/application/roles');
+        $this->createListTabs()->activate('roles');
        $this->view->roles = Config::app('roles', true);
    }

@ -67,6 +27,7 @@ class RolesController extends ActionController
     */
    public function newAction()
    {
+        $this->assertPermission('config/application/roles');
        $role = new RoleForm(array(
            'onSuccess' => function (RoleForm $role) {
                $name = $role->getElement('name')->getValue();
@ -100,6 +61,7 @@ class RolesController extends ActionController
     */
    public function updateAction()
    {
+        $this->assertPermission('config/application/roles');
        $name = $this->_request->getParam('role');
        if (empty($name)) {
            throw new Zend_Controller_Action_Exception(
@ -149,6 +111,7 @@ class RolesController extends ActionController
     */
    public function removeAction()
    {
+        $this->assertPermission('config/application/roles');
        $name = $this->_request->getParam('role');
        if (empty($name)) {
            throw new Zend_Controller_Action_Exception(
--- a/library/Icinga/Web/Controller/AuthBackendController.php
+++ b/library/Icinga/Web/Controller/AuthBackendController.php
@ -163,6 +163,19 @@ class AuthBackendController extends Controller
            );
        }

+        if ($this->hasPermission('config/application/roles')) {
+            $tabs->add(
+                'roles',
+                array(
+                    'title' => $this->translate(
+                        'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
+                    ),
+                    'label' => $this->translate('Roles'),
+                    'url'   => 'roles'
+                )
+            );
+        }
+
        return $tabs;
    }
 }