diff --git a/modules/setup/application/forms/AdminAccountPage.php b/modules/setup/application/forms/AdminAccountPage.php index 86d77d6e8..5551ff8d4 100644 --- a/modules/setup/application/forms/AdminAccountPage.php +++ b/modules/setup/application/forms/AdminAccountPage.php @@ -8,6 +8,8 @@ use Icinga\Application\Config; use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\LdapUserBackend; +use Icinga\Authentication\UserGroup\UserGroupBackend; +use Icinga\Authentication\UserGroup\LdapUserGroupBackend; use Icinga\Data\ConfigObject; use Icinga\Data\ResourceFactory; use Icinga\Web\Form; @@ -25,12 +27,19 @@ class AdminAccountPage extends Form protected $resourceConfig; /** - * The backend configuration to use + * The user backend configuration to use * * @var array */ protected $backendConfig; + /** + * The user group backend configuration to use + * + * @var array + */ + protected $groupConfig; + /** * Initialize this page */ @@ -39,7 +48,7 @@ class AdminAccountPage extends Form $this->setName('setup_admin_account'); $this->setTitle($this->translate('Administration', 'setup.page.title')); $this->addDescription($this->translate( - 'Now it\'s time to configure your first administrative account for Icinga Web 2.' + 'Now it\'s time to configure your first administrative account or group for Icinga Web 2.' )); } @@ -57,7 +66,7 @@ class AdminAccountPage extends Form } /** - * Set the backend configuration to use + * Set the user backend configuration to use * * @param array $config * @@ -69,6 +78,19 @@ class AdminAccountPage extends Form return $this; } + /** + * Set the user group backend configuration to use + * + * @param array $config + * + * @return $this + */ + public function setGroupConfig(array $config = null) + { + $this->groupConfig = $config; + return $this; + } + /** * @see Form::createElements() */ @@ -78,6 +100,13 @@ class AdminAccountPage extends Form if ($this->backendConfig['backend'] !== 'db') { $choices['by_name'] = $this->translate('By Name', 'setup.admin'); $choice = isset($formData['user_type']) ? $formData['user_type'] : 'by_name'; + + if (in_array($this->backendConfig['backend'], array('ldap', 'msldap'))) { + $groups = $this->fetchGroups(); + if (! empty($groups)) { + $choices['user_group'] = $this->translate('User Group', 'setup.admin'); + } + } } else { $choices['new_user'] = $this->translate('New User', 'setup.admin'); $choice = isset($formData['user_type']) ? $formData['user_type'] : 'new_user'; @@ -130,6 +159,23 @@ class AdminAccountPage extends Form ); } + if ($choice === 'user_group') { + $this->addElement( + 'select', + 'user_group', + array( + 'required' => true, + 'label' => $this->translate('Group Name'), + 'description' => $this->translate( + 'Choose a user group reported by the LDAP backend' + . ' to permit its members administrative access.', + 'setup.admin' + ), + 'multiOptions' => array_combine($groups, $groups) + ) + ); + } + if ($choice === 'existing_user') { $this->addElement( 'select', @@ -236,14 +282,18 @@ class AdminAccountPage extends Form } /** - * Return the names of all users the backend currently provides + * Return the names of all users the user backend currently provides * * @return array */ protected function fetchUsers() { try { - return $this->createBackend()->select(array('user_name'))->order('user_name', 'asc', true)->fetchColumn(); + return $this + ->createUserBackend() + ->select(array('user_name')) + ->order('user_name', 'asc', true) + ->fetchColumn(); } catch (Exception $_) { // No need to handle anything special here. Error means no users found. return array(); @@ -251,7 +301,7 @@ class AdminAccountPage extends Form } /** - * Return whether the backend provides a user with the given name + * Return whether the user backend provides a user with the given name * * @param string $username * @@ -260,18 +310,22 @@ class AdminAccountPage extends Form protected function hasUser($username) { try { - return $this->createBackend()->select()->where('user_name', $username)->count() > 1; + return $this + ->createUserBackend() + ->select() + ->where('user_name', $username) + ->count() > 1; } catch (Exception $_) { - return null; + return false; } } /** - * Create and return the backend + * Create and return the user backend * * @return DbUserBackend|LdapUserBackend */ - protected function createBackend() + protected function createUserBackend() { $resourceConfig = new Config(); $resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig); @@ -281,4 +335,73 @@ class AdminAccountPage extends Form $config->resource = $this->resourceConfig['name']; return UserBackend::create(null, $config); } + + /** + * Return the names of all user groups the user group backend currently provides + * + * @return array + */ + protected function fetchGroups() + { + try { + return $this + ->createUserGroupBackend() + ->select(array('group_name')) + ->fetchColumn(); + } catch (Exception $_) { + // No need to handle anything special here. Error means no groups found. + return array(); + } + } + + /** + * Return whether the user group backend provides a user group with the given name + * + * @param string $groupname + * + * @return bool + */ + protected function hasGroup($groupname) + { + try { + return $this + ->createUserGroupBackend() + ->select() + ->where('group_name', $groupname) + ->count() > 1; + } catch (Exception $_) { + return false; + } + } + + /** + * Create and return the user group backend + * + * @return LdapUserGroupBackend + */ + protected function createUserGroupBackend() + { + $resourceConfig = new Config(); + $resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig); + ResourceFactory::setConfig($resourceConfig); + + $backendConfig = new Config(); + $backendConfig->setSection($this->backendConfig['name'], array_merge( + $this->backendConfig, + array('resource' => $this->resourceConfig['name']) + )); + UserBackend::setConfig($backendConfig); + + if (empty($this->groupConfig)) { + $groupConfig = new ConfigObject(array( + 'backend' => $this->backendConfig['backend'], // _Should_ be "db" or "msldap" + 'resource' => $this->resourceConfig['name'], + 'user_backend' => $this->backendConfig['name'] // Gets ignored if 'backend' is "db" + )); + } else { + $groupConfig = new ConfigObject($this->groupConfig); + } + + return UserGroupBackend::create(null, $groupConfig); + } } diff --git a/modules/setup/library/Setup/WebWizard.php b/modules/setup/library/Setup/WebWizard.php index dec5c0e1b..5da1739c9 100644 --- a/modules/setup/library/Setup/WebWizard.php +++ b/modules/setup/library/Setup/WebWizard.php @@ -165,6 +165,7 @@ class WebWizard extends Wizard implements SetupWizard $page->setBackendConfig($this->getPageData('setup_authentication_backend')); } elseif ($page->getName() === 'setup_admin_account') { $page->setBackendConfig($this->getPageData('setup_authentication_backend')); + $page->setGroupConfig($this->getPageData('setup_usergroup_backend')); $authData = $this->getPageData('setup_authentication_type'); if ($authData['type'] === 'db') { $page->setResourceConfig($this->getPageData('setup_auth_db_resource'));