diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index 2215c0bbf..cecb094ca 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -24,6 +24,12 @@ class AuthenticationController extends Controller */ protected $innerLayout = 'inline'; + public function init() { + parent::init(); + + if ($this->Auth()->canLogin() === false) + $this->redirectNow('/'); + } /** * Log into the application */ @@ -34,7 +40,7 @@ class AuthenticationController extends Controller $this->redirectNow(Url::fromPath('setup')); } $form = new LoginForm(); - if ($this->Auth()->isAuthenticated()) { + if ($this->Auth()->isAuthenticated() && !$this->Auth()->getUser()->isGuest()) { $this->redirectNow($form->getRedirectUrl()); } if (! $requiresSetup) { @@ -69,6 +75,9 @@ class AuthenticationController extends Controller $auth->removeAuthorization(); if ($isExternalUser) { $this->getResponse()->setHttpResponseCode(401); + } elseif ($auth->isGuestLoginAllowed()) { + // redirect to guest view + $this->redirectNow('/'); } else { $this->redirectToLogin(); } diff --git a/library/Icinga/Application/Web.php b/library/Icinga/Application/Web.php index 7af9b9b8f..2b3e4f383 100644 --- a/library/Icinga/Application/Web.php +++ b/library/Icinga/Application/Web.php @@ -339,28 +339,44 @@ class Web extends EmbeddedWeb 'priority' => 890 ) ) - ), - 'user' => array( - 'cssClass' => 'user-nav-item', - 'label' => $this->user->getUsername(), - 'icon' => 'user', - 'priority' => 900, - 'children' => array( - 'preferences' => array( - 'label' => t('Preferences'), - 'priority' => 100, - 'url' => 'preference' - ), - 'logout' => array( - 'label' => t('Logout'), - 'priority' => 200, - 'attributes' => array('target' => '_self'), - 'url' => 'authentication/logout' - ) - ) ) ); + if ($this->user->isGuest()) { + // logged in guest can log in as a user + if (Auth::getInstance()->canLogin()) { + $menu['login'] = array( + 'cssClass' => 'user-nav-item', + 'label' => t('Login'), + 'icon' => 'user', + 'priority' => 900, + 'attributes' => array('target' => '_self'), + 'url' => 'authentication/login' + ); + } + } + else { + $menu['user'] = array( + 'cssClass' => 'user-nav-item', + 'label' => $this->user->getUsername(), + 'icon' => 'user', + 'priority' => 900, + 'children' => array( + 'preferences' => array( + 'label' => t('Preferences'), + 'priority' => 100, + 'url' => 'preference' + ), + 'logout' => array( + 'label' => t('Logout'), + 'priority' => 200, + 'attributes' => array('target' => '_self'), + 'url' => 'authentication/logout' + ) + ) + ); + } + if (Logger::writesToFile()) { $menu['system']['children']['application_log'] = array( 'label' => t('Application Log'), diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php index 9fb43922c..ebac4b645 100644 --- a/library/Icinga/Authentication/Auth.php +++ b/library/Icinga/Authentication/Auth.php @@ -47,12 +47,18 @@ class Auth */ private $user; + /** + * @var Config + */ + private $config; + /** * @see getInstance() */ private function __construct() { + $this->config = Config::app(); } /** @@ -91,17 +97,27 @@ class Auth $this->authenticateFromSession(); } if ($this->user === null && ! $this->authExternal()) { - return $this->authHttp(); + $this->authHttp(); } - return true; + // guest mode + if ($this->user === null && $this->isGuestLoginAllowed()) { + $this->user = new User('_guest_'); + $this->user->setGuest(true); + } + if ($this->user !== null) { + return true; + } + else return false; } public function setAuthenticated(User $user, $persist = true) { $username = $user->getUsername(); + // TODO: migrate to $this->config try { $config = Config::app(); } catch (NotReadableError $e) { + // TODO: wrong error? Logger::error( new IcingaException( 'Cannot load preferences for user "%s". An exception was thrown: %s', @@ -247,7 +263,9 @@ class Auth $username = getenv($field); // usually REMOTE_USER here if ( !$username || $username !== $originUsername) { $this->removeAuthorization(); + return false; } + else return true; } } @@ -365,4 +383,19 @@ class Auth $this->user = null; Session::getSession()->purge(); } + + /** + * @return boolean + */ + public function isGuestLoginAllowed() + { + return $this->config->get('global', 'guest_allowed', false) === '1'; + } + + public function canLogin() + { + if (!$this->isGuestLoginAllowed()) return true; + return $this->config->get('global', 'guest_only', false) !== '1'; + + } } diff --git a/library/Icinga/User.php b/library/Icinga/User.php index cbd8c4743..4ea6846d5 100644 --- a/library/Icinga/User.php +++ b/library/Icinga/User.php @@ -105,6 +105,8 @@ class User */ protected $isHttpUser = false; + protected $guest = false; + /** * Creates a user object given the provided information * @@ -513,4 +515,20 @@ class User return $navigation; } + + /** + * @return boolean + */ + public function isGuest() + { + return $this->guest; + } + + /** + * @param boolean $guest + */ + public function setGuest($guest) + { + $this->guest = $guest; + } }