tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-31 01:34:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Wizard: Allow to choose a group for initial administrative access

Browse Source 
refs #9609
This commit is contained in:
Johannes Meyer 2015-07-29 17:13:06 +02:00
parent 226caac4f9
commit ba8d05af85
2 changed files with 134 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
modules/setup/application/forms/AdminAccountPage.php
View File

@ -8,6 +8,8 @@ use Icinga\Application\Config;
use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\DbUserBackend; use Icinga\Authentication\User\DbUserBackend;
use Icinga\Authentication\User\LdapUserBackend; use Icinga\Authentication\User\LdapUserBackend;
use Icinga\Authentication\UserGroup\UserGroupBackend;
use Icinga\Authentication\UserGroup\LdapUserGroupBackend;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\Data\ResourceFactory; use Icinga\Data\ResourceFactory;
use Icinga\Web\Form; use Icinga\Web\Form;
@ -25,12 +27,19 @@ class AdminAccountPage extends Form
protected $resourceConfig; protected $resourceConfig;
/** /**
* The backend configuration to use * The user backend configuration to use
* *
* @var array * @var array
*/ */
protected $backendConfig; protected $backendConfig;
/**
* The user group backend configuration to use
*
* @var array
*/
protected $groupConfig;
/** /**
* Initialize this page * Initialize this page
*/ */
@ -39,7 +48,7 @@ class AdminAccountPage extends Form
$this->setName('setup_admin_account'); $this->setName('setup_admin_account');
$this->setTitle($this->translate('Administration', 'setup.page.title')); $this->setTitle($this->translate('Administration', 'setup.page.title'));
$this->addDescription($this->translate( $this->addDescription($this->translate(
'Now it\'s time to configure your first administrative account for Icinga Web 2.' 'Now it\'s time to configure your first administrative account or group for Icinga Web 2.'
)); ));
} }
@ -57,7 +66,7 @@ class AdminAccountPage extends Form
} }
/** /**
* Set the backend configuration to use * Set the user backend configuration to use
* *
* @param array $config * @param array $config
* *
@ -69,6 +78,19 @@ class AdminAccountPage extends Form
return $this; return $this;
} }
/**
* Set the user group backend configuration to use
*
* @param array $config
*
* @return $this
*/
public function setGroupConfig(array $config = null)
{
$this->groupConfig = $config;
return $this;
}
/** /**
* @see Form::createElements() * @see Form::createElements()
*/ */
@ -78,6 +100,13 @@ class AdminAccountPage extends Form
if ($this->backendConfig['backend'] !== 'db') { if ($this->backendConfig['backend'] !== 'db') {
$choices['by_name'] = $this->translate('By Name', 'setup.admin'); $choices['by_name'] = $this->translate('By Name', 'setup.admin');
$choice = isset($formData['user_type']) ? $formData['user_type'] : 'by_name'; $choice = isset($formData['user_type']) ? $formData['user_type'] : 'by_name';
if (in_array($this->backendConfig['backend'], array('ldap', 'msldap'))) {
$groups = $this->fetchGroups();
if (! empty($groups)) {
$choices['user_group'] = $this->translate('User Group', 'setup.admin');
}
}
} else { } else {
$choices['new_user'] = $this->translate('New User', 'setup.admin'); $choices['new_user'] = $this->translate('New User', 'setup.admin');
$choice = isset($formData['user_type']) ? $formData['user_type'] : 'new_user'; $choice = isset($formData['user_type']) ? $formData['user_type'] : 'new_user';
@ -130,6 +159,23 @@ class AdminAccountPage extends Form
); );
} }
if ($choice === 'user_group') {
$this->addElement(
'select',
'user_group',
array(
'required' => true,
'label' => $this->translate('Group Name'),
'description' => $this->translate(
'Choose a user group reported by the LDAP backend'
. ' to permit its members administrative access.',
'setup.admin'
),
'multiOptions' => array_combine($groups, $groups)
)
);
}
if ($choice === 'existing_user') { if ($choice === 'existing_user') {
$this->addElement( $this->addElement(
'select', 'select',
@ -236,14 +282,18 @@ class AdminAccountPage extends Form
} }
/** /**
* Return the names of all users the backend currently provides * Return the names of all users the user backend currently provides
* *
* @return array * @return array
*/ */
protected function fetchUsers() protected function fetchUsers()
{ {
try { try {
return $this->createBackend()->select(array('user_name'))->order('user_name', 'asc', true)->fetchColumn(); return $this
->createUserBackend()
->select(array('user_name'))
->order('user_name', 'asc', true)
->fetchColumn();
} catch (Exception $_) { } catch (Exception $_) {
// No need to handle anything special here. Error means no users found. // No need to handle anything special here. Error means no users found.
return array(); return array();
@ -251,7 +301,7 @@ class AdminAccountPage extends Form
} }
/** /**
* Return whether the backend provides a user with the given name * Return whether the user backend provides a user with the given name
* *
* @param string $username * @param string $username
* *
@ -260,18 +310,22 @@ class AdminAccountPage extends Form
protected function hasUser($username) protected function hasUser($username)
{ {
try { try {
return $this->createBackend()->select()->where('user_name', $username)->count() > 1; return $this
->createUserBackend()
->select()
->where('user_name', $username)
->count() > 1;
} catch (Exception $_) { } catch (Exception $_) {
return null; return false;
} }
} }
/** /**
* Create and return the backend * Create and return the user backend
* *
* @return DbUserBackend|LdapUserBackend * @return DbUserBackend|LdapUserBackend
*/ */
protected function createBackend() protected function createUserBackend()
{ {
$resourceConfig = new Config(); $resourceConfig = new Config();
$resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig); $resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig);
@ -281,4 +335,73 @@ class AdminAccountPage extends Form
$config->resource = $this->resourceConfig['name']; $config->resource = $this->resourceConfig['name'];
return UserBackend::create(null, $config); return UserBackend::create(null, $config);
} }
/**
* Return the names of all user groups the user group backend currently provides
*
* @return array
*/
protected function fetchGroups()
{
try {
return $this
->createUserGroupBackend()
->select(array('group_name'))
->fetchColumn();
} catch (Exception $_) {
// No need to handle anything special here. Error means no groups found.
return array();
}
}
/**
* Return whether the user group backend provides a user group with the given name
*
* @param string $groupname
*
* @return bool
*/
protected function hasGroup($groupname)
{
try {
return $this
->createUserGroupBackend()
->select()
->where('group_name', $groupname)
->count() > 1;
} catch (Exception $_) {
return false;
}
}
/**
* Create and return the user group backend
*
* @return LdapUserGroupBackend
*/
protected function createUserGroupBackend()
{
$resourceConfig = new Config();
$resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig);
ResourceFactory::setConfig($resourceConfig);
$backendConfig = new Config();
$backendConfig->setSection($this->backendConfig['name'], array_merge(
$this->backendConfig,
array('resource' => $this->resourceConfig['name'])
));
UserBackend::setConfig($backendConfig);
if (empty($this->groupConfig)) {
$groupConfig = new ConfigObject(array(
'backend' => $this->backendConfig['backend'], // _Should_ be "db" or "msldap"
'resource' => $this->resourceConfig['name'],
'user_backend' => $this->backendConfig['name'] // Gets ignored if 'backend' is "db"
));
} else {
$groupConfig = new ConfigObject($this->groupConfig);
}
return UserGroupBackend::create(null, $groupConfig);
}
} }

1
modules/setup/library/Setup/WebWizard.php
View File

@ -165,6 +165,7 @@ class WebWizard extends Wizard implements SetupWizard
$page->setBackendConfig($this->getPageData('setup_authentication_backend')); $page->setBackendConfig($this->getPageData('setup_authentication_backend'));
} elseif ($page->getName() === 'setup_admin_account') { } elseif ($page->getName() === 'setup_admin_account') {
$page->setBackendConfig($this->getPageData('setup_authentication_backend')); $page->setBackendConfig($this->getPageData('setup_authentication_backend'));
$page->setGroupConfig($this->getPageData('setup_usergroup_backend'));
$authData = $this->getPageData('setup_authentication_type'); $authData = $this->getPageData('setup_authentication_type');
if ($authData['type'] === 'db') { if ($authData['type'] === 'db') {
$page->setResourceConfig($this->getPageData('setup_auth_db_resource')); $page->setResourceConfig($this->getPageData('setup_auth_db_resource'));