tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feature/create-missing-directories-when-creating-inis-8219 

Conflicts:
	modules/monitoring/library/Monitoring/MonitoringWizard.php
This commit is contained in:
Johannes Meyer 2015-01-30 16:21:42 +01:00
parent f5a651664c 7b8332ccd8
commit bf470125c3
14 changed files with 204 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
application/controllers/ErrorController.php
View File

@ -1,12 +1,9 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
// namespace Icinga\Application\Controllers;
use Icinga\Application\Logger;
use Icinga\Web\Controller\ActionController;
use Icinga\Application\Icinga;
use Icinga\Application\Logger;
use Icinga\Security\SecurityException;
use Icinga\Web\Controller\ActionController;
/**
* Application wide controller for displaying exceptions
@ -22,6 +19,7 @@ class ErrorController extends ActionController
{
$error = $this->_getParam('error_handler');
$exception = $error->exception;
$this->getTabs()->showOnlyCloseButton();
Logger::error($exception);
Logger::error('Stacktrace: %s', $exception->getTraceAsString());
@ -44,6 +42,13 @@ class ErrorController extends ActionController
}
break;
case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_OTHER:
if ($exception instanceof SecurityException) {
$this->getResponse()->setHttpResponseCode(403);
$this->view->message = $exception->getMessage();
break;
}
// Move to default
default:
$title = preg_replace('/\r?\n.*$/s', '', $exception->getMessage());
$this->getResponse()->setHttpResponseCode(500);

9
application/forms/Security/RoleForm.php
View File

@ -21,7 +21,14 @@ class RoleForm extends ConfigForm
*
* @type array
*/
protected $providedPermissions = array('*' => '*');
protected $providedPermissions = array(
'*' => '*',
'system/config/*' => 'system/config/*',
'system/config/application' => 'system/config/application',
'system/config/authentication' => 'system/config/authentication',
'system/config/resources' => 'system/config/resources',
'system/config/roles' => 'system/config/roles'
);
/**
* Provided restrictions by currently loaded modules

5
application/views/scripts/error/error.phtml
View File

@ -1,8 +1,9 @@
<?php if ($this->title): ?>
<div class="controls">
<?= $this->tabs->render($this) ?>
<?php if ($this->title): ?>
<h1><?= $this->escape($title) ?></h1>
</div>
<?php endif ?>
</div>
<div class="content">
<?php if ($this->message): ?>
<p><strong><?= nl2br($this->escape($message)) ?></strong></p>

38
icingaweb2.spec
View File

@ -5,7 +5,7 @@ Version: 2.0.0
Release: %{revision}%{?dist}
Summary: Icinga Web 2
Group: Applications/System
License: GPL
License: GPLv2+ and MIT and BSD
URL: https://icinga.org
Source0: https://github.com/Icinga/%{name}/archive/v%{version}.tar.gz
BuildArch: noarch
@ -29,7 +29,6 @@ Packager: Icinga Team <info@icinga.org>
%endif
%endif
%if 0%{?suse_version}
%define wwwconfigdir %{_sysconfdir}/apache2/conf.d
%define wwwuser wwwrun
@ -43,15 +42,17 @@ Requires: apache2-mod_php5
%endif
%endif
Requires(pre): shadow-utils
Requires: %{name}-common = %{version}-%{release}
Requires: php-Icinga = %{version}-%{release}
Requires: %{name}-vendor-dompdf
Requires: %{name}-vendor-HTMLPurifier
Requires: %{name}-vendor-JShrink
Requires: %{name}-vendor-lessphp
Requires: %{name}-vendor-Parsedown
Requires: %{zend}
%{?fedora:Requires(pre): shadow-utils}
%{?rhel:Requires(pre): shadow-utils}
%{?suse_version:Requires(pre): pwdutils}
Requires: %{name}-common = %{version}-%{release}
Requires: php-Icinga = %{version}-%{release}
Requires: %{name}-vendor-dompdf
Requires: %{name}-vendor-HTMLPurifier
Requires: %{name}-vendor-JShrink
Requires: %{name}-vendor-lessphp
Requires: %{name}-vendor-Parsedown
Requires: %{zend}
%description
@ -68,8 +69,11 @@ Icinga Web 2
%package common
Summary: Common files for Icinga Web 2 and the Icinga CLI
Group: Applications/System
Summary: Common files for Icinga Web 2 and the Icinga CLI
Group: Applications/System
%{?fedora:Requires(pre): shadow-utils}
%{?rhel:Requires(pre): shadow-utils}
%{?suse_version:Requires(pre): pwdutils}
%description common
Common files for Icinga Web 2 and the Icinga CLI
@ -82,7 +86,7 @@ Requires: %{php} >= 5.3.0
Requires: %{php}-gd %{php}-intl
%{?fedora:Requires: php-pecl-imagick}
%{?rhel:Requires: php-pecl-imagick}
%{?suse_version:Requires: %{php}-gettext %{php}-openssl php5-imagick}
%{?suse_version:Requires: %{php}-gettext %{php}-json %{php}-openssl %{php}-posix}
%description -n php-Icinga
Icinga Web 2 PHP library
@ -106,6 +110,7 @@ Version: 0.6.1
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library dompdf
Group: Development/Libraries
License: LGPLv2.1
Requires: %{php} >= 5.3.0
%description vendor-dompdf
@ -117,6 +122,7 @@ Version: 4.6.0
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library HTMLPurifier
Group: Development/Libraries
License: LGPLv2.1
Requires: %{php} >= 5.3.0
%description vendor-HTMLPurifier
@ -128,6 +134,7 @@ Version: 1.0.1
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library JShrink
Group: Development/Libraries
License: BSD
Requires: %{php} >= 5.3.0
%description vendor-JShrink
@ -139,6 +146,7 @@ Version: 0.4.0
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library lessphp
Group: Development/Libraries
License: MIT
Requires: %{php} >= 5.3.0
%description vendor-lessphp
@ -150,6 +158,7 @@ Version: 1.0.0
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library Parsedown
Group: Development/Libraries
License: MIT
Requires: %{php} >= 5.3.0
%description vendor-Parsedown
@ -161,6 +170,7 @@ Version: 1.12.9
Release: 1%{?dist}
Summary: Icinga Web 2 vendor library Zend Framework
Group: Development/Libraries
License: BSD
Requires: %{php} >= 5.3.0
%description vendor-Zend

12
library/Icinga/Security/SecurityException.php Normal file
View File

@ -0,0 +1,12 @@
<?php
namespace Icinga\Security;
use Icinga\Exception\IcingaException;
/**
* Exception thrown when a caller does not have the permissions required to access a resource
*/
class SecurityException extends IcingaException
{
}

12
library/Icinga/User.php
View File

@ -426,13 +426,11 @@ class User
foreach ($this->permissions as $permitted) {
$wildcard = strpos($permitted, '*');
if ($wildcard !== false) {
if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) {
return true;
} else {
if ($permission === $permitted) {
return true;
}
}
}
if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) {
return true;
} elseif ($permission === $permitted) {
return true;
}
}
return false;

37
library/Icinga/Web/Controller/ActionController.php
View File

@ -1,23 +1,22 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
namespace Icinga\Web\Controller;
use Exception;
use Icinga\Authentication\Manager;
use Icinga\Application\Benchmark;
use Icinga\Application\Config;
use Icinga\Authentication\Manager;
use Icinga\Exception\IcingaException;
use Icinga\Exception\ProgrammingError;
use Icinga\File\Pdf;
use Icinga\Security\SecurityException;
use Icinga\Util\Translator;
use Icinga\Web\Notification;
use Icinga\Web\Session;
use Icinga\Web\Url;
use Icinga\Web\UrlParams;
use Icinga\Web\Widget\Tabs;
use Icinga\Web\Window;
use Icinga\Web\Url;
use Icinga\Web\Notification;
use Icinga\File\Pdf;
use Icinga\Exception\ProgrammingError;
use Icinga\Web\Session;
use Icinga\Web\UrlParams;
use Zend_Controller_Action;
use Zend_Controller_Action_HelperBroker as ActionHelperBroker;
use Zend_Controller_Request_Abstract as Request;
@ -50,7 +49,7 @@ class ActionController extends Zend_Controller_Action
/**
* Authentication manager
*
* @type \Icinga\Authentication\Manager|null
* @type Manager|null
*/
private $auth;
@ -106,7 +105,6 @@ class ActionController extends Zend_Controller_Action
{
}
/**
* Get the authentication manager
*
@ -133,19 +131,16 @@ class ActionController extends Zend_Controller_Action
}
/**
* Throw an exception if user lacks the given permission
* Assert that the current user has the given permission
*
* @param string $name Permission name
* @throws Exception
* @param string $permission Name of the permission
*
* @throws SecurityException If the current user lacks the given permission
*/
public function assertPermission($name)
public function assertPermission($permission)
{
if (! $this->Auth()->hasPermission($name)) {
// TODO: Shall this be an Auth Exception? Or a 404?
throw new IcingaException(
'Auth error, no permission for "%s"',
$name
);
if (! $this->Auth()->hasPermission($permission)) {
throw new SecurityException('No permission for %s', $permission);
}
}

50
library/Icinga/Web/Form.php
View File

@ -1,6 +1,4 @@
<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
namespace Icinga\Web;
@ -9,6 +7,8 @@ use Zend_Config;
use Zend_Form;
use Zend_View_Interface;
use Icinga\Application\Icinga;
use Icinga\Authentication\Manager;
use Icinga\Security\SecurityException;
use Icinga\Util\Translator;
use Icinga\Web\Form\Decorator\NoScriptApply;
use Icinga\Web\Form\Element\CsrfCounterMeasure;
@ -109,6 +109,13 @@ class Form extends Zend_Form
*/
protected $validatePartial = false;
/**
* Authentication manager
*
* @type Manager|null
*/
private $auth;
/**
* Default element decorators
*
@ -869,4 +876,43 @@ class Form extends Zend_Form
$this->create();
return parent::render($view);
}
/**
* Get the authentication manager
*
* @return Manager
*/
public function Auth()
{
if ($this->auth === null) {
$this->auth = Manager::getInstance();
}
return $this->auth;
}
/**
* Whether the current user has the given permission
*
* @param string $permission Name of the permission
*
* @return bool
*/
public function hasPermission($permission)
{
return $this->Auth()->hasPermission($permission);
}
/**
* Assert that the current user has the given permission
*
* @param string $permission Name of the permission
*
* @throws SecurityException If the current user lacks the given permission
*/
public function assertPermission($permission)
{
if (! $this->Auth()->hasPermission($permission)) {
throw new SecurityException('No permission for %s', $permission);
}
}
}

1
modules/monitoring/application/controllers/ProcessController.php
View File

@ -92,6 +92,7 @@ class Monitoring_ProcessController extends Controller
*/
public function disableNotificationsAction()
{
$this->assertPermission('monitoring/command/feature/instance');
$this->view->title = $this->translate('Disable Notifications');
$programStatus = $this->backend
->select()

48
modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php
View File

@ -59,12 +59,16 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
public function createElements(array $formData = array())
{
if ((bool) $this->status->notifications_enabled) {
$notificationDescription = sprintf(
'<a title="%s" href="%s" data-base-target="_next">%s</a>',
$this->translate('Disable notifications for a specific time on a program-wide basis'),
$this->getView()->href('monitoring/process/disable-notifications'),
$this->translate('Disable temporarily')
);
if ($this->hasPermission('monitoring/command/feature/instance')) {
$notificationDescription = sprintf(
'<a title="%s" href="%s" data-base-target="_next">%s</a>',
$this->translate('Disable notifications for a specific time on a program-wide basis'),
$this->getView()->href('monitoring/process/disable-notifications'),
$this->translate('Disable temporarily')
);
} else {
$notificationDescription = null;
}
} elseif ($this->status->disable_notif_expire_time) {
$notificationDescription = sprintf(
$this->translate('Notifications will be re-enabled in <strong>%s</strong>'),
@ -73,13 +77,15 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
} else {
$notificationDescription = null;
}
$toggleDisabled = $this->hasPermission('monitoring/command/feature/instance') ? null : '';
$this->addElements(array(
array(
'checkbox',
ToggleInstanceFeatureCommand::FEATURE_ACTIVE_HOST_CHECKS,
array(
'label' => $this->translate('Active Host Checks Being Executed'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -87,7 +93,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_ACTIVE_SERVICE_CHECKS,
array(
'label' => $this->translate('Active Service Checks Being Executed'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -95,7 +102,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_EVENT_HANDLERS,
array(
'label' => $this->translate('Event Handlers Enabled'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -103,7 +111,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_FLAP_DETECTION,
array(
'label' => $this->translate('Flap Detection Enabled'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -122,7 +131,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
),
'Label',
array('HtmlTag', array('tag' => 'div'))
)
),
'disabled' => $toggleDisabled
)
),
array(
@ -130,7 +140,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_HOST_OBSESSING,
array(
'label' => $this->translate('Obsessing Over Hosts'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -138,7 +149,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_SERVICE_OBSESSING,
array(
'label' => $this->translate('Obsessing Over Services'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -146,7 +158,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_PASSIVE_HOST_CHECKS,
array(
'label' => $this->translate('Passive Host Checks Being Accepted'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -154,7 +167,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_PASSIVE_SERVICE_CHECKS,
array(
'label' => $this->translate('Passive Service Checks Being Accepted'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -162,7 +176,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
ToggleInstanceFeatureCommand::FEATURE_PERFORMANCE_DATA,
array(
'label' => $this->translate('Performance Data Being Processed'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
)
));
@ -191,6 +206,7 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm
*/
public function onSuccess()
{
$this->assertPermission('monitoring/command/feature/instance');
foreach ($this->getValues() as $feature => $enabled) {
$toggleFeature = new ToggleInstanceFeatureCommand();
$toggleFeature

20
modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php
View File

@ -28,13 +28,15 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
*/
public function createElements(array $formData = array())
{
$toggleDisabled = $this->hasPermission('monitoring/command/feature/instance') ? null : '';
$this->addElements(array(
array(
'checkbox',
ToggleObjectFeatureCommand::FEATURE_ACTIVE_CHECKS,
array(
'label' => $this->translate('Active Checks'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -42,7 +44,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
ToggleObjectFeatureCommand::FEATURE_PASSIVE_CHECKS,
array(
'label' => $this->translate('Passive Checks'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -50,7 +53,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
ToggleObjectFeatureCommand::FEATURE_OBSESSING,
array(
'label' => $this->translate('Obsessing'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -58,7 +62,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
ToggleObjectFeatureCommand::FEATURE_NOTIFICATIONS,
array(
'label' => $this->translate('Notifications'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -66,7 +71,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
ToggleObjectFeatureCommand::FEATURE_EVENT_HANDLER,
array(
'label' => $this->translate('Event Handler'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
),
array(
@ -74,7 +80,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
ToggleObjectFeatureCommand::FEATURE_FLAP_DETECTION,
array(
'label' => $this->translate('Flap Detection'),
'autosubmit' => true
'autosubmit' => true,
'disabled' => $toggleDisabled
)
)
));
@ -107,6 +114,7 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm
*/
public function onSuccess()
{
$this->assertPermission('monitoring/command/feature/object');
foreach ($this->objects as $object) {
/** @var \Icinga\Module\Monitoring\Object\MonitoredObject $object */
foreach ($this->getValues() as $feature => $enabled) {

4
modules/monitoring/configuration.php
View File

@ -47,8 +47,8 @@ $this->providePermission(
$this->translate('Allow processing host and service check results')
);
$this->providePermission(
'monitoring/command/feature/program',
$this->translate('Allow processing commands for toggling features on a program-wide basis')
'monitoring/command/feature/instance',
$this->translate('Allow processing commands for toggling features on an instance-wide basis')
);
$this->providePermission(
'monitoring/command/feature/object',

19
modules/monitoring/library/Monitoring/MonitoringWizard.php
View File

@ -4,6 +4,7 @@
namespace Icinga\Module\Monitoring;
use Icinga\Application\Platform;
use Icinga\Web\Form;
use Icinga\Web\Wizard;
use Icinga\Web\Request;
@ -135,6 +136,22 @@ class MonitoringWizard extends Wizard implements SetupWizard
*/
public function getRequirements()
{
return new Requirements();
$requirements = new Requirements();
$requirements->addOptional(
'existing_php_mod_sockets',
mt('monitoring', 'PHP Module: Sockets'),
mt(
'monitoring',
'In case it\'s desired that a TCP connection is being used by Icinga Web 2 to'
. ' access a Livestatus interface, the Sockets module for PHP is required.'
),
Platform::extensionLoaded('sockets'),
Platform::extensionLoaded('sockets') ? mt('monitoring', 'The PHP Module sockets is available.') : (
mt('monitoring', 'The PHP Module sockets is not available.')
)
);
return $requirements;
}
}

33
public/js/icinga/loader.js
View File

@ -24,8 +24,6 @@
this.failureNotice = null;
this.exception = null;
/**
* Pending requests
*/
@ -313,15 +311,12 @@
onResponse: function (data, textStatus, req) {
var self = this;
if (this.failureNotice !== null) {
this.failureNotice.remove();
if (! this.failureNotice.hasClass('fading-out')) {
this.failureNotice.remove();
}
this.failureNotice = null;
}
if (this.exception !== null) {
this.exception.remove();
this.exception = null;
}
// Remove 'impact' class if there was such
if (req.$target.hasClass('impact')) {
req.$target.removeClass('impact');
@ -594,18 +589,7 @@
onFailure: function (req, textStatus, errorThrown) {
var url = req.url;
if (req.status === 500) {
if (this.exception === null) {
req.$target.addClass('impact');
this.exception = this.createNotice(
'error',
$('h1', $(req.responseText)).first().html(),
true
);
this.icinga.ui.fixControls();
}
} else if (req.status > 0) {
if (req.status > 0) {
this.icinga.logger.error(
req.status,
errorThrown + ':',
@ -617,9 +601,6 @@
req.action,
req.autorefresh
);
// Header example:
// Icinga.debug(req.getResponseHeader('X-Icinga-Redirect'));
} else {
if (errorThrown === 'abort') {
this.icinga.logger.debug(
@ -660,7 +641,13 @@
var $notice = $(
'<li class="' + c + '">' + message + '</li>'
).appendTo($('#notifications'));
this.icinga.ui.fixControls();
if (!persist) {
this.icinga.ui.fadeNotificationsAway();
}
return $notice;
},