tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove permissions and restrictions for now 

Our first beta release will not include permissions and restrictions.
We'll better test it before making it public.
This commit is contained in:
Eric Lippmann 2014-11-20 16:14:00 +01:00
parent bf33c9c13b
commit 8335bdcb32
7 changed files with 0 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
application/controllers/ConfigController.php
View File

@ -32,9 +32,6 @@ class ConfigController extends ActionController
))->add('resources', array( ))->add('resources', array(
'title' => $this->translate('Resources'), 'title' => $this->translate('Resources'),
'url' => 'config/resource' 'url' => 'config/resource'
))->add('permissions', array(
'title' => $this->translate('Permissions'),
'url' => 'permissions'
)); ));
} }

150
application/controllers/PermissionsController.php
View File

@ -1,150 +0,0 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
use Icinga\Application\Config;
use Icinga\Forms\ConfirmRemovalForm;
use Icinga\Forms\Security\RoleForm;
use Icinga\Web\Controller\ActionController;
use Icinga\Web\Notification;
use Icinga\Web\Widget;
class PermissionsController extends ActionController
{
public function init()
{
$this->view->tabs = Widget::create('tabs')->add('index', array(
'title' => $this->translate('Application'),
'url' => 'config'
))->add('authentication', array(
'title' => $this->translate('Authentication'),
'url' => 'config/authentication'
))->add('resources', array(
'title' => $this->translate('Resources'),
'url' => 'config/resource'
))->add('permissions', array(
'title' => $this->translate('Permissions'),
'url' => 'permissions'
));
}
public function indexAction()
{
$this->view->tabs->activate('permissions');
$this->view->roles = Config::app('roles', true);
}
public function newAction()
{
$role = new RoleForm(array(
'onSuccess' => function (RoleForm $role) {
$name = $role->getElement('name')->getValue();
$values = $role->getValues();
try {
$role->add($name, $values);
} catch (InvalidArgumentException $e) {
$role->addError($e->getMessage());
return false;
}
if ($role->save()) {
Notification::success(t('Role created'));
return true;
}
return false;
}
));
$role
->setSubmitLabel($this->translate('Create Role'))
->setIniConfig(Config::app('roles', true))
->setRedirectUrl('permissions')
->handleRequest();
$this->view->form = $role;
}
public function updateAction()
{
$name = $this->_request->getParam('role');
if (empty($name)) {
throw new Zend_Controller_Action_Exception(
sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),
400
);
}
$role = new RoleForm();
$role->setSubmitLabel($this->translate('Update Role'));
try {
$role
->setIniConfig(Config::app('roles', true))
->load($name);
} catch (InvalidArgumentException $e) {
throw new Zend_Controller_Action_Exception(
$e->getMessage(),
400
);
}
$role
->setOnSuccess(function (RoleForm $role) use ($name) {
$oldName = $name;
$name = $role->getElement('name')->getValue();
$values = $role->getValues();
try {
$role->update($name, $values, $oldName);
} catch (InvalidArgumentException $e) {
$role->addError($e->getMessage());
return false;
}
if ($role->save()) {
Notification::success(t('Role updated'));
return true;
}
return false;
})
->setRedirectUrl('permissions')
->handleRequest();
$this->view->name = $name;
$this->view->form = $role;
}
public function removeAction()
{
$name = $this->_request->getParam('role');
if (empty($name)) {
throw new Zend_Controller_Action_Exception(
sprintf($this->translate('Required parameter \'%s\' missing'), 'role'),
400
);
}
$role = new RoleForm();
try {
$role
->setIniConfig(Config::app('roles', true))
->load($name);
} catch (InvalidArgumentException $e) {
throw new Zend_Controller_Action_Exception(
$e->getMessage(),
400
);
}
$confirmation = new ConfirmRemovalForm(array(
'onSuccess' => function (ConfirmRemovalForm $confirmation) use ($name, $role) {
try {
$role->remove($name);
} catch (InvalidArgumentException $e) {
Notification::error($e->getMessage());
return false;
}
if ($role->save()) {
Notification::success(t('Role removed'));
return true;
}
return false;
}
));
$confirmation
->setSubmitLabel($this->translate('Remove Role'))
->setRedirectUrl('permissions')
->handleRequest();
$this->view->name = $name;
$this->view->form = $confirmation;
}
}

235
application/forms/Security/RoleForm.php
View File

@ -1,235 +0,0 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
namespace Icinga\Forms\Security;
use InvalidArgumentException;
use LogicException;
use Icinga\Application\Icinga;
use Icinga\Forms\ConfigForm;
use Icinga\Util\String;
/**
* Form for managing roles
*/
class RoleForm extends ConfigForm
{
/**
* Provided permissions by currently loaded modules
*
* @var array
*/
protected $providedPermissions = array();
/**
* Provided restrictions by currently loaded modules
*
* @var array
*/
protected $providedRestrictions = array();
/**
* (non-PHPDoc)
* @see \Icinga\Web\Form::init() For the method documentation.
*/
public function init()
{
foreach (Icinga::app()->getModuleManager()->getLoadedModules() as $module) {
foreach ($module->getProvidedPermissions() as $permission) {
/** @var object $permission */
$this->providedPermissions[$permission->name] = $permission->name . ': ' . $permission->description;
}
foreach ($module->getProvidedRestrictions() as $restriction) {
/** @var object $restriction */
$this->providedRestrictions[$restriction->name] = $restriction->description;
}
}
}
/**
* (non-PHPDoc)
* @see \Icinga\Web\Form::createElements() For the method documentation.
*/
public function createElements(array $formData = array())
{
$this->addElements(array(
array(
'text',
'name',
array(
'required' => true,
'label' => t('Role Name'),
'description' => t('The name of the role'),
'ignore' => true
),
),
array(
'textarea',
'users',
array(
'label' => t('Users'),
'description' => t('Comma-separated list of users that are assigned to the role')
),
),
array(
'textarea',
'groups',
array(
'label' => t('Groups'),
'description' => t('Comma-separated list of groups that are assigned to the role')
),
),
array(
'multiselect',
'permissions',
array(
'label' => t('Permissions Set'),
'description' => t('The permissions to grant. You may select more than one permission'),
'multiOptions' => $this->providedPermissions
)
)
));
foreach ($this->providedRestrictions as $name => $description) {
$this->addElement(
'text',
$name,
array(
'label' => $name,
'description' => $description
)
);
}
return $this;
}
/**
* Load a role
*
* @param string $name The name of the role
*
* @return $this
*
* @throws LogicException If the config is not set
* @see ConfigForm::setConfig() For setting the config.
*/
public function load($name)
{
if (! isset($this->config)) {
throw new LogicException(sprintf('Can\'t load role \'%s\'. Config is not set', $name));
}
if (! $this->config->hasSection($name)) {
throw new InvalidArgumentException(sprintf(
t('Can\'t load role \'%s\'. Role does not exist'),
$name
));
}
$role = $this->config->getSection($name)->toArray();
$role['permissions'] = ! empty($role['permissions'])
? String::trimSplit($role['permissions'])
: null;
$role['name'] = $name;
$this->populate($role);
return $this;
}
/**
* Add a role
*
* @param string $name The name of the role
* @param array $values
*
* @return $this
*
* @throws LogicException If the config is not set
* @throws InvalidArgumentException If the role to add already exists
* @see ConfigForm::setConfig() For setting the config.
*/
public function add($name, array $values)
{
if (! isset($this->config)) {
throw new LogicException(sprintf('Can\'t add role \'%s\'. Config is not set', $name));
}
if ($this->config->hasSection($name)) {
throw new InvalidArgumentException(sprintf(
t('Can\'t add role \'%s\'. Role already exists'),
$name
));
}
$this->config->setSection($name, $values);
return $this;
}
/**
* Remove a role
*
* @param string $name The name of the role
*
* @return $this
*
* @throws LogicException If the config is not set
* @throws InvalidArgumentException If the role does not exist
* @see ConfigForm::setConfig() For setting the config.
*/
public function remove($name)
{
if (! isset($this->config)) {
throw new LogicException(sprintf('Can\'t remove role \'%s\'. Config is not set', $name));
}
if (! $this->config->hasSection($name)) {
throw new InvalidArgumentException(sprintf(
t('Can\'t remove role \'%s\'. Role does not exist'),
$name
));
}
$this->config->removeSection($name);
return $this;
}
/**
* Update a role
*
* @param string $name The possibly new name of the role
* @param array $values
* @param string $oldName The name of the role to update
*
* @return $this
*
* @throws LogicException If the config is not set
* @throws InvalidArgumentException If the role to update does not exist
* @see ConfigForm::setConfig() For setting the config.
*/
public function update($name, array $values, $oldName)
{
if (! isset($this->config)) {
throw new LogicException(sprintf('Can\'t update role \'%s\'. Config is not set', $name));
}
if ($name !== $oldName) {
// The permission got a new name
$this->remove($oldName);
$this->add($name, $values);
} else {
if (! $this->config->hasSection($name)) {
throw new InvalidArgumentException(sprintf(
t('Can\'t update role \'%s\'. Role does not exist'),
$name
));
}
$this->config->setSection($name, $values);
}
return $this;
}
/**
* (non-PHPDoc)
* @see \Zend_Form::getValues() For the method documentation.
*/
public function getValues($suppressArrayNotation = false)
{
$values = array_filter(parent::getValues($suppressArrayNotation));
if (isset($values['permissions'])) {
$values['permissions'] = implode(', ', $values['permissions']);
}
return $values;
}
}

68
application/views/scripts/permissions/index.phtml
View File

@ -1,68 +0,0 @@
<div class="controls">
<?= $tabs ?>
</div>
<div class="content">
<div>
<h1><?= $this->translate('Permissions') ?></h1>
<?php /** @var \Icinga\Application\Config $roles */ if ($roles->isEmpty()): ?>
<?= $this->translate('No permissions found.') ?>
<?php else: ?>
<table class="avp action" data-base-target="_next">
<thead>
<tr>
<th><?= $this->translate('Name') ?></th>
<th><?= $this->translate('Permissions') ?></th>
<th><?= $this->translate('Restrictions') ?></th>
<th><?= $this->translate('Users') ?></th>
<th><?= $this->translate('Groups') ?></th>
</tr>
</thead>
<tbody>
<?php foreach ($roles as $name => $role): /** @var object $role */ ?>
<tr>
<td>
<?= $this->escape($name) ?>
<div class="hidden">
<a href="<?= $this->url('permissions/update', array('role' => $name)) ?>"></a>
</div>
</td>
<td><?= $this->escape($role->permissions, 0, 50) ?></td>
<td>
<?php
// TODO(el): $role->without(...) or $role->shift(...) would be nice!
$restrictions = $role;
unset($restrictions['users']);
unset($restrictions['groups']);
unset($restrictions['permissions']);
?>
<?php if (! empty($restrictions)): ?>
<table>
<tbody>
<?php foreach ($restrictions as $restrictionName => $restriction): ?>
<tr>
<th><?= $this->escape($restrictionName) ?></th>
<td><?= $this->escape($restriction) ?></td>
</tr>
<?php endforeach ?>
</tbody>
</table>
<?php endif ?>
</td>
<td><?= $this->escape($role->users) ?></td>
<td><?= $this->escape($role->groups) ?></td>
<td>
<a href="<?= $this->url('permissions/remove', array('role' => $name)) ?>"
title="<?= $this->translate('Remove role') ?>">
<?= $this->icon('cancel') ?>
</a>
</td>
</tr>
<?php endforeach ?>
</tbody>
</table>
<?php endif ?>
<a data-base-target="_next" href="<?= $this->href('permissions/new') ?>">
<?= $this->translate('New Role') ?>
</a>
</div>
</div>

4
application/views/scripts/permissions/new.phtml
View File

@ -1,4 +0,0 @@
<div class="content">
<h1><?= $this->translate('New Role') ?></h1>
<?= $form ?>
</div>

4
application/views/scripts/permissions/remove.phtml
View File

@ -1,4 +0,0 @@
<div class="content">
<h1><?= sprintf($this->translate('Remove Role %s'), $name) ?></h1>
<?= $form ?>
</div>

4
application/views/scripts/permissions/update.phtml
View File

@ -1,4 +0,0 @@
<div class="content">
<h1><?= sprintf($this->translate('Update Role %s'), $name) ?></h1>
<?= $form ?>
</div>