Merge pull request #4014 from Icinga/feature/no-monitoring-contacts-3973

New permission `no-monitoring/contacts`
This commit is contained in:
Johannes Meyer 2019-12-05 09:18:00 +01:00 committed by GitHub
commit 98e66b248b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 51 additions and 18 deletions

View File

@ -579,7 +579,7 @@ class User
$wildcard = strpos($grantedPermission, '*');
}
if ($wildcard !== false) {
if ($wildcard !== false && $wildcard > 0) {
if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
return true;
}

View File

@ -3,6 +3,7 @@
namespace Icinga\Module\Monitoring\Controllers;
use Icinga\Security\SecurityException;
use Icinga\Web\Form;
use Zend_Form;
use Icinga\Data\Filter\Filter;
@ -308,6 +309,10 @@ class ListController extends Controller
*/
public function contactsAction()
{
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$this->addTitleTab(
'contacts',
$this->translate('Contacts'),
@ -387,6 +392,10 @@ class ListController extends Controller
*/
public function contactgroupsAction()
{
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$this->addTitleTab(
'contactgroups',
$this->translate('Contact Groups'),

View File

@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring\Controllers;
use Icinga\Module\Monitoring\Backend;
use Icinga\Module\Monitoring\Controller;
use Icinga\Security\SecurityException;
use Icinga\Web\Url;
/**
@ -28,6 +29,10 @@ class ShowController extends Controller
public function contactAction()
{
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
throw new SecurityException('No permission for %s', 'monitoring/contacts');
}
$contactName = $this->params->getRequired('contact_name');
$this->getTabs()->add('contact-detail', [

View File

@ -26,7 +26,9 @@
<table class="name-value-table">
<tbody>
<?= $this->render('show/components/notifications.phtml') ?>
<?php if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')): ?>
<?= $this->render('show/components/contacts.phtml') ?>
<?php endif ?>
</tbody>
</table>

View File

@ -1,6 +1,8 @@
<?php
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
use Icinga\Authentication\Auth;
/** @var $this \Icinga\Application\Modules\Module */
$this->providePermission(
@ -83,6 +85,10 @@ $this->providePermission(
'monitoring/command/send-custom-notification',
$this->translate('Allow sending custom notifications for hosts and services')
);
$this->providePermission(
'no-monitoring/contacts',
$this->translate('Prohibit access to contacts and contactgroups')
);
$this->provideRestriction(
'monitoring/filter/objects',
@ -212,18 +218,24 @@ $section->add(N_('Hostgroups'), array(
'url' => 'monitoring/list/hostgroups',
'priority' => 60
));
$section->add(N_('Contacts'), array(
// Checking the permission here since navigation items don't support negating permissions
$auth = Auth::getInstance();
if ($auth->hasPermission('*') || ! $auth->hasPermission('no-monitoring/contacts')) {
$section->add(N_('Contacts'), array(
'icon' => 'user',
'description' => $this->translate('List contacts'),
'url' => 'monitoring/list/contacts',
'priority' => 70
));
$section->add(N_('Contactgroups'), array(
));
$section->add(N_('Contactgroups'), array(
'icon' => 'users',
'description' => $this->translate('List users'),
'url' => 'monitoring/list/contactgroups',
'priority' => 70
));
));
}
$section->add(N_('Comments'), array(
'icon' => 'chat-empty',
'description' => $this->translate('List comments'),

View File

@ -149,11 +149,16 @@ abstract class MonitoredObjectController extends Controller
|| $this->getRequest()->getHeader('Accept') === 'application/json'
) {
$payload = (array) $this->object->properties;
$payload += array(
'contacts' => $this->object->contacts->fetchPairs(),
'contact_groups' => $this->object->contactgroups->fetchPairs(),
'vars' => $this->object->customvars
);
$payload['vars'] = $this->object->customvars;
if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')) {
$payload['contacts'] = $this->object->contacts->fetchPairs();
$payload['contact_groups'] = $this->object->contactgroups->fetchPairs();
} else {
$payload['contacts'] = [];
$payload['contact_groups'] = [];
}
$groupName = $this->object->getType() . 'groups';
$payload[$groupName] = $this->object->$groupName;
$this->getResponse()->json()