tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-07 05:54:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4014 from Icinga/feature/no-monitoring-contacts-3973

Browse Source 
New permission `no-monitoring/contacts`
This commit is contained in:
Johannes Meyer 2019-12-05 09:18:00 +01:00 committed by GitHub
commit 98e66b248b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 51 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/Icinga/User.php
View File

@ -579,7 +579,7 @@ class User
$wildcard = strpos($grantedPermission, '*'); $wildcard = strpos($grantedPermission, '*');
} }
if ($wildcard !== false) { if ($wildcard !== false && $wildcard > 0) {
if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) { if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
return true; return true;
} }

9
modules/monitoring/application/controllers/ListController.php
View File

@ -3,6 +3,7 @@
namespace Icinga\Module\Monitoring\Controllers; namespace Icinga\Module\Monitoring\Controllers;
use Icinga\Security\SecurityException;
use Icinga\Web\Form; use Icinga\Web\Form;
use Zend_Form; use Zend_Form;
use Icinga\Data\Filter\Filter; use Icinga\Data\Filter\Filter;
@ -308,6 +309,10 @@ class ListController extends Controller
*/ */
public function contactsAction() public function contactsAction()
{ {
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$this->addTitleTab( $this->addTitleTab(
'contacts', 'contacts',
$this->translate('Contacts'), $this->translate('Contacts'),
@ -387,6 +392,10 @@ class ListController extends Controller
*/ */
public function contactgroupsAction() public function contactgroupsAction()
{ {
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$this->addTitleTab( $this->addTitleTab(
'contactgroups', 'contactgroups',
$this->translate('Contact Groups'), $this->translate('Contact Groups'),

5
modules/monitoring/application/controllers/ShowController.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring\Controllers;
use Icinga\Module\Monitoring\Backend; use Icinga\Module\Monitoring\Backend;
use Icinga\Module\Monitoring\Controller; use Icinga\Module\Monitoring\Controller;
use Icinga\Security\SecurityException;
use Icinga\Web\Url; use Icinga\Web\Url;
/** /**
@ -28,6 +29,10 @@ class ShowController extends Controller
public function contactAction() public function contactAction()
{ {
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$contactName = $this->params->getRequired('contact_name'); $contactName = $this->params->getRequired('contact_name');
$this->getTabs()->add('contact-detail', [ $this->getTabs()->add('contact-detail', [

2
modules/monitoring/application/views/scripts/partials/object/detail-content.phtml
View File

@ -26,7 +26,9 @@
<table class="name-value-table"> <table class="name-value-table">
<tbody> <tbody>
<?= $this->render('show/components/notifications.phtml') ?> <?= $this->render('show/components/notifications.phtml') ?>
<?php if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')): ?>
<?= $this->render('show/components/contacts.phtml') ?> <?= $this->render('show/components/contacts.phtml') ?>
<?php endif ?>
</tbody> </tbody>
</table> </table>

12
modules/monitoring/configuration.php
View File

@ -1,6 +1,8 @@
<?php <?php
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */ /* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
use Icinga\Authentication\Auth;
/** @var $this \Icinga\Application\Modules\Module */ /** @var $this \Icinga\Application\Modules\Module */
$this->providePermission( $this->providePermission(
@ -83,6 +85,10 @@ $this->providePermission(
'monitoring/command/send-custom-notification', 'monitoring/command/send-custom-notification',
$this->translate('Allow sending custom notifications for hosts and services') $this->translate('Allow sending custom notifications for hosts and services')
); );
$this->providePermission(
'no-monitoring/contacts',
$this->translate('Prohibit access to contacts and contactgroups')
);
$this->provideRestriction( $this->provideRestriction(
'monitoring/filter/objects', 'monitoring/filter/objects',
@ -212,6 +218,10 @@ $section->add(N_('Hostgroups'), array(
'url' => 'monitoring/list/hostgroups', 'url' => 'monitoring/list/hostgroups',
'priority' => 60 'priority' => 60
)); ));
// Checking the permission here since navigation items don't support negating permissions
$auth = Auth::getInstance();
if ($auth->hasPermission('*') || ! $auth->hasPermission('no-monitoring/contacts')) {
$section->add(N_('Contacts'), array( $section->add(N_('Contacts'), array(
'icon' => 'user', 'icon' => 'user',
'description' => $this->translate('List contacts'), 'description' => $this->translate('List contacts'),
@ -224,6 +234,8 @@ $section->add(N_('Contactgroups'), array(
'url' => 'monitoring/list/contactgroups', 'url' => 'monitoring/list/contactgroups',
'priority' => 70 'priority' => 70
)); ));
}
$section->add(N_('Comments'), array( $section->add(N_('Comments'), array(
'icon' => 'chat-empty', 'icon' => 'chat-empty',
'description' => $this->translate('List comments'), 'description' => $this->translate('List comments'),

15
modules/monitoring/library/Monitoring/Web/Controller/MonitoredObjectController.php
View File

@ -149,11 +149,16 @@ abstract class MonitoredObjectController extends Controller
|| $this->getRequest()->getHeader('Accept') === 'application/json' || $this->getRequest()->getHeader('Accept') === 'application/json'
) { ) {
$payload = (array) $this->object->properties; $payload = (array) $this->object->properties;
$payload += array( $payload['vars'] = $this->object->customvars;
'contacts' => $this->object->contacts->fetchPairs(),
'contact_groups' => $this->object->contactgroups->fetchPairs(), if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')) {
'vars' => $this->object->customvars $payload['contacts'] = $this->object->contacts->fetchPairs();
); $payload['contact_groups'] = $this->object->contactgroups->fetchPairs();
} else {
$payload['contacts'] = [];
$payload['contact_groups'] = [];
}
$groupName = $this->object->getType() . 'groups'; $groupName = $this->object->getType() . 'groups';
$payload[$groupName] = $this->object->$groupName; $payload[$groupName] = $this->object->$groupName;
$this->getResponse()->json() $this->getResponse()->json()