tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-21 17:07:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

setup: store roles in database

Browse Source
This commit is contained in:
Alexander A. Klimov 2024-04-17 17:13:47 +02:00
parent 0baa788cc0
commit 287cfaa87d
3 changed files with 75 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/setup/application/forms/GeneralConfigPage.php
View File

@ -33,6 +33,8 @@ class GeneralConfigPage extends Form
$appConfigForm->createElements($formData); $appConfigForm->createElements($formData);
$appConfigForm->removeElement('global_module_path'); $appConfigForm->removeElement('global_module_path');
$appConfigForm->removeElement('global_config_resource'); $appConfigForm->removeElement('global_config_resource');
$appConfigForm->removeElement('global_store_roles_in_db');
$this->addElement('hidden', 'global_store_roles_in_db', ['disabled' => true, 'value' => 1]);
$this->addElements($appConfigForm->getElements()); $this->addElements($appConfigForm->getElements());
$loggingConfigForm = new LoggingConfigForm(); $loggingConfigForm = new LoggingConfigForm();

79
modules/setup/library/Setup/Steps/AuthenticationStep.php
View File

@ -3,23 +3,29 @@
namespace Icinga\Module\Setup\Steps; namespace Icinga\Module\Setup\Steps;
use DateTime;
use Exception; use Exception;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Common\Database;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\Data\ResourceFactory; use Icinga\Data\ResourceFactory;
use Icinga\Exception\IcingaException; use Icinga\Exception\IcingaException;
use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\DbUserBackend;
use Icinga\Module\Setup\Step; use Icinga\Module\Setup\Step;
use ipl\Sql\Connection;
use ipl\Sql\Insert;
class AuthenticationStep extends Step class AuthenticationStep extends Step
{ {
use Database;
protected $data; protected $data;
protected $dbError; protected $dbError;
protected $authIniError; protected $authIniError;
protected $permIniError; protected $roleError;
public function __construct(array $data) public function __construct(array $data)
{ {
@ -29,11 +35,15 @@ class AuthenticationStep extends Step
public function apply() public function apply()
{ {
$success = $this->createAuthenticationIni(); $success = $this->createAuthenticationIni();
if (isset($this->data['adminAccountData']['resourceConfig'])) { if (isset($this->data['adminAccountData']['resourceConfig'])) {
$success &= $this->createAccount(); $success &= $this->createAccount();
} }
$success &= $this->createRolesIni(); if (isset($this->data['rolesResourceConfig'])) {
$success &= $this->createRoles();
}
return $success; return $success;
} }
@ -61,34 +71,59 @@ class AuthenticationStep extends Step
return true; return true;
} }
protected function createRolesIni() protected function createRoles(): bool
{ {
try {
$this->getDb(new ConfigObject($this->data['rolesResourceConfig']))->transaction(function (Connection $db) {
$admins = mt('setup', 'Administrators', 'setup.role.name');
$db->prepexec(
(new Insert())
->into('icingaweb_role')
->columns(['name', 'ctime'])
->values([$admins, (new DateTime())->getTimestamp() * 1000])
);
$id = $db->lastInsertId();
$db->prepexec(
(new Insert())
->into('icingaweb_role_permission')
->columns(['role_id', 'permission', 'allowed'])
->values([$id, '*', 'y'])
);
if (isset($this->data['adminAccountData']['username'])) { if (isset($this->data['adminAccountData']['username'])) {
$config = array( $db->prepexec(
'users' => $this->data['adminAccountData']['username'], (new Insert())
'permissions' => '*' ->into('icingaweb_role_user')
->columns(['role_id', 'user_name'])
->values([$id, $this->data['adminAccountData']['username']])
); );
if ($this->data['backendConfig']['backend'] === 'db') { if ($this->data['backendConfig']['backend'] === 'db') {
$config['groups'] = mt('setup', 'Administrators', 'setup.role.name'); $db->prepexec(
} (new Insert())
} else { // isset($this->data['adminAccountData']['groupname']) ->into('icingaweb_role_group')
$config = array( ->columns(['role_id', 'group_name'])
'groups' => $this->data['adminAccountData']['groupname'], ->values([$id, $admins])
'permissions' => '*'
); );
} }
} else {
try { $db->prepexec(
Config::fromArray(array(mt('setup', 'Administrators', 'setup.role.name') => $config)) (new Insert())
->setConfigFile(Config::resolvePath('roles.ini')) ->into('icingaweb_role_group')
->saveIni(); ->columns(['role_id', 'group_name'])
->values([$id, $this->data['adminAccountData']['groupname']])
);
}
});
} catch (Exception $e) { } catch (Exception $e) {
$this->permIniError = $e; $this->roleError = $e;
return false; return false;
} }
$this->permIniError = false; $this->roleError = false;
return true; return true;
} }
@ -211,7 +246,7 @@ class AuthenticationStep extends Step
$report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->dbError)); $report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->dbError));
} }
if ($this->permIniError === false) { if ($this->roleError === false) {
$report[] = isset($this->data['adminAccountData']['username']) ? sprintf( $report[] = isset($this->data['adminAccountData']['username']) ? sprintf(
mt('setup', 'Account "%s" has been successfully defined as initial administrator.'), mt('setup', 'Account "%s" has been successfully defined as initial administrator.'),
$this->data['adminAccountData']['username'] $this->data['adminAccountData']['username']
@ -219,7 +254,7 @@ class AuthenticationStep extends Step
mt('setup', 'The members of the user group "%s" were successfully defined as initial administrators.'), mt('setup', 'The members of the user group "%s" were successfully defined as initial administrators.'),
$this->data['adminAccountData']['groupname'] $this->data['adminAccountData']['groupname']
); );
} elseif ($this->permIniError !== null) { } elseif ($this->roleError !== null) {
$report[] = isset($this->data['adminAccountData']['username']) ? sprintf( $report[] = isset($this->data['adminAccountData']['username']) ? sprintf(
mt('setup', 'Unable to define account "%s" as initial administrator. An error occured:'), mt('setup', 'Unable to define account "%s" as initial administrator. An error occured:'),
$this->data['adminAccountData']['username'] $this->data['adminAccountData']['username']
@ -230,7 +265,7 @@ class AuthenticationStep extends Step
), ),
$this->data['adminAccountData']['groupname'] $this->data['adminAccountData']['groupname']
); );
$report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->permIniError)); $report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->roleError));
} }
return $report; return $report;

9
modules/setup/library/Setup/WebWizard.php
View File

@ -97,6 +97,11 @@ class WebWizard extends Wizard implements SetupWizard
'icingaweb_group', 'icingaweb_group',
'icingaweb_group_membership', 'icingaweb_group_membership',
'icingaweb_user', 'icingaweb_user',
'icingaweb_role',
'icingaweb_role_user',
'icingaweb_role_group',
'icingaweb_role_permission',
'icingaweb_role_restriction',
'icingaweb_user_preference', 'icingaweb_user_preference',
'icingaweb_rememberme', 'icingaweb_rememberme',
'icingaweb_schema' 'icingaweb_schema'
@ -518,7 +523,9 @@ class WebWizard extends Wizard implements SetupWizard
'backendConfig' => $pageData['setup_authentication_backend'], 'backendConfig' => $pageData['setup_authentication_backend'],
'resourceName' => $authType === 'db' ? $pageData['setup_auth_db_resource']['name'] : ( 'resourceName' => $authType === 'db' ? $pageData['setup_auth_db_resource']['name'] : (
$authType === 'ldap' ? $pageData['setup_ldap_resource']['name'] : null $authType === 'ldap' ? $pageData['setup_ldap_resource']['name'] : null
) ),
'rolesResourceConfig' => $pageData['setup_auth_db_resource']
?? $pageData['setup_config_db_resource'] ?? null
)) ))
); );