Merge pull request #4014 from Icinga/feature/no-monitoring-contacts-3973
New permission `no-monitoring/contacts`
This commit is contained in:
Johannes Meyer
GitHub
commit
98e66b248b
|
|
@ -579,7 +579,7 @@ class User
|
|||
$wildcard = strpos($grantedPermission, '*');
|
||||
}
|
||||
|
||||
if ($wildcard !== false) {
|
||||
if ($wildcard !== false && $wildcard > 0) {
|
||||
if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
namespace Icinga\Module\Monitoring\Controllers;
|
||||
|
||||
use Icinga\Security\SecurityException;
|
||||
use Icinga\Web\Form;
|
||||
use Zend_Form;
|
||||
use Icinga\Data\Filter\Filter;
|
||||
|
|
@ -308,6 +309,10 @@ class ListController extends Controller
|
|||
*/
|
||||
public function contactsAction()
|
||||
{
|
||||
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
|
||||
throw new SecurityException('No permission for %s', 'monitoring/contacts');
|
||||
}
|
||||
|
||||
$this->addTitleTab(
|
||||
'contacts',
|
||||
$this->translate('Contacts'),
|
||||
|
|
@ -387,6 +392,10 @@ class ListController extends Controller
|
|||
*/
|
||||
public function contactgroupsAction()
|
||||
{
|
||||
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
|
||||
throw new SecurityException('No permission for %s', 'monitoring/contacts');
|
||||
}
|
||||
|
||||
$this->addTitleTab(
|
||||
'contactgroups',
|
||||
$this->translate('Contact Groups'),
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring\Controllers;
|
|||
|
||||
use Icinga\Module\Monitoring\Backend;
|
||||
use Icinga\Module\Monitoring\Controller;
|
||||
use Icinga\Security\SecurityException;
|
||||
use Icinga\Web\Url;
|
||||
|
||||
/**
|
||||
|
|
@ -28,6 +29,10 @@ class ShowController extends Controller
|
|||
|
||||
public function contactAction()
|
||||
{
|
||||
if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) {
|
||||
throw new SecurityException('No permission for %s', 'monitoring/contacts');
|
||||
}
|
||||
|
||||
$contactName = $this->params->getRequired('contact_name');
|
||||
|
||||
$this->getTabs()->add('contact-detail', [
|
||||
|
|
|
|||
|
|
@ -26,7 +26,9 @@
|
|||
<table class="name-value-table">
|
||||
<tbody>
|
||||
<?= $this->render('show/components/notifications.phtml') ?>
|
||||
<?php if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')): ?>
|
||||
<?= $this->render('show/components/contacts.phtml') ?>
|
||||
<?php endif ?>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
<?php
|
||||
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
|
||||
|
||||
use Icinga\Authentication\Auth;
|
||||
|
||||
/** @var $this \Icinga\Application\Modules\Module */
|
||||
|
||||
$this->providePermission(
|
||||
|
|
@ -83,6 +85,10 @@ $this->providePermission(
|
|||
'monitoring/command/send-custom-notification',
|
||||
$this->translate('Allow sending custom notifications for hosts and services')
|
||||
);
|
||||
$this->providePermission(
|
||||
'no-monitoring/contacts',
|
||||
$this->translate('Prohibit access to contacts and contactgroups')
|
||||
);
|
||||
|
||||
$this->provideRestriction(
|
||||
'monitoring/filter/objects',
|
||||
|
|
@ -212,18 +218,24 @@ $section->add(N_('Hostgroups'), array(
|
|||
'url' => 'monitoring/list/hostgroups',
|
||||
'priority' => 60
|
||||
));
|
||||
$section->add(N_('Contacts'), array(
|
||||
'icon' => 'user',
|
||||
'description' => $this->translate('List contacts'),
|
||||
'url' => 'monitoring/list/contacts',
|
||||
'priority' => 70
|
||||
));
|
||||
$section->add(N_('Contactgroups'), array(
|
||||
'icon' => 'users',
|
||||
'description' => $this->translate('List users'),
|
||||
'url' => 'monitoring/list/contactgroups',
|
||||
'priority' => 70
|
||||
));
|
||||
|
||||
// Checking the permission here since navigation items don't support negating permissions
|
||||
$auth = Auth::getInstance();
|
||||
if ($auth->hasPermission('*') || ! $auth->hasPermission('no-monitoring/contacts')) {
|
||||
$section->add(N_('Contacts'), array(
|
||||
'icon' => 'user',
|
||||
'description' => $this->translate('List contacts'),
|
||||
'url' => 'monitoring/list/contacts',
|
||||
'priority' => 70
|
||||
));
|
||||
$section->add(N_('Contactgroups'), array(
|
||||
'icon' => 'users',
|
||||
'description' => $this->translate('List users'),
|
||||
'url' => 'monitoring/list/contactgroups',
|
||||
'priority' => 70
|
||||
));
|
||||
}
|
||||
|
||||
$section->add(N_('Comments'), array(
|
||||
'icon' => 'chat-empty',
|
||||
'description' => $this->translate('List comments'),
|
||||
|
|
|
|||
|
|
@ -149,11 +149,16 @@ abstract class MonitoredObjectController extends Controller
|
|||
|| $this->getRequest()->getHeader('Accept') === 'application/json'
|
||||
) {
|
||||
$payload = (array) $this->object->properties;
|
||||
$payload += array(
|
||||
'contacts' => $this->object->contacts->fetchPairs(),
|
||||
'contact_groups' => $this->object->contactgroups->fetchPairs(),
|
||||
'vars' => $this->object->customvars
|
||||
);
|
||||
$payload['vars'] = $this->object->customvars;
|
||||
|
||||
if ($this->hasPermission('*') || ! $this->hasPermission('no-monitoring/contacts')) {
|
||||
$payload['contacts'] = $this->object->contacts->fetchPairs();
|
||||
$payload['contact_groups'] = $this->object->contactgroups->fetchPairs();
|
||||
} else {
|
||||
$payload['contacts'] = [];
|
||||
$payload['contact_groups'] = [];
|
||||
}
|
||||
|
||||
$groupName = $this->object->getType() . 'groups';
|
||||
$payload[$groupName] = $this->object->$groupName;
|
||||
$this->getResponse()->json()
|
||||
|
|
|
|||
Loading…
Reference in New Issue