From 375345f8378a8988b9b2d56b1dd42dcf5c98da80 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:06:10 +0100 Subject: [PATCH 01/23] lib: Add SecurityException All assertPermission() calls must throw this exception. --- library/Icinga/Security/SecurityException.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 library/Icinga/Security/SecurityException.php diff --git a/library/Icinga/Security/SecurityException.php b/library/Icinga/Security/SecurityException.php new file mode 100644 index 000000000..168d4a9be --- /dev/null +++ b/library/Icinga/Security/SecurityException.php @@ -0,0 +1,12 @@ + Date: Fri, 30 Jan 2015 09:31:05 +0100 Subject: [PATCH 02/23] Return HTTP 403 in case a SecurityException was thrown --- application/controllers/ErrorController.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/application/controllers/ErrorController.php b/application/controllers/ErrorController.php index 23051bd9a..0548b5c9c 100644 --- a/application/controllers/ErrorController.php +++ b/application/controllers/ErrorController.php @@ -1,12 +1,9 @@ getResponse()->setHttpResponseCode(403); + $this->view->message = $exception->getMessage(); + break; + } + // Move to default default: $title = preg_replace('/\r?\n.*$/s', '', $exception->getMessage()); $this->getResponse()->setHttpResponseCode(500); From 2faf5f0ca16aefdac755ecfb22c72b4a83d2e179 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:34:19 +0100 Subject: [PATCH 03/23] Throw SecurityException in ActionController::assertPermission() --- .../Web/Controller/ActionController.php | 37 ++++++++----------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/library/Icinga/Web/Controller/ActionController.php b/library/Icinga/Web/Controller/ActionController.php index 78fcaf7bf..87d293be6 100644 --- a/library/Icinga/Web/Controller/ActionController.php +++ b/library/Icinga/Web/Controller/ActionController.php @@ -1,23 +1,22 @@ Auth()->hasPermission($name)) { - // TODO: Shall this be an Auth Exception? Or a 404? - throw new IcingaException( - 'Auth error, no permission for "%s"', - $name - ); + if (! $this->Auth()->hasPermission($permission)) { + throw new SecurityException('No permission for %s', $permission); } } From df29dd0e7ca587cc42656dc70c59b33d821c806d Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:35:01 +0100 Subject: [PATCH 04/23] Implement Form::hasPermission() and Form::getPermission() --- library/Icinga/Web/Form.php | 50 +++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php index 1f3e0d4bd..daa6dcf40 100644 --- a/library/Icinga/Web/Form.php +++ b/library/Icinga/Web/Form.php @@ -1,6 +1,4 @@ create(); return parent::render($view); } + + /** + * Get the authentication manager + * + * @return Manager + */ + public function Auth() + { + if ($this->auth === null) { + $this->auth = Manager::getInstance(); + } + return $this->auth; + } + + /** + * Whether the current user has the given permission + * + * @param string $permission Name of the permission + * + * @return bool + */ + public function hasPermission($permission) + { + return $this->Auth()->hasPermission($permission); + } + + /** + * Assert that the current user has the given permission + * + * @param string $permission Name of the permission + * + * @throws SecurityException If the current user lacks the given permission + */ + public function assertPermission($permission) + { + if (! $this->Auth()->hasPermission($permission)) { + throw new SecurityException('No permission for %s', $permission); + } + } } From d19e36d9370542e8a62fb8c1ed0f2b41a5fbc5eb Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:57:31 +0100 Subject: [PATCH 05/23] monitoring/security: Require monitoring/command/feature/instance permission for disabling notifications --- modules/monitoring/application/controllers/ProcessController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/monitoring/application/controllers/ProcessController.php b/modules/monitoring/application/controllers/ProcessController.php index bb5a4e5c2..5530f9c52 100644 --- a/modules/monitoring/application/controllers/ProcessController.php +++ b/modules/monitoring/application/controllers/ProcessController.php @@ -92,6 +92,7 @@ class Monitoring_ProcessController extends Controller */ public function disableNotificationsAction() { + $this->assertPermission('monitoring/command/feature/instance'); $this->view->title = $this->translate('Disable Notifications'); $programStatus = $this->backend ->select() From 7dbb8c684195b5e586ba34479a9452c04441cdbe Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:58:10 +0100 Subject: [PATCH 06/23] monitoring/security: Require monitoring/command/feature/instance permission for toggling instance features --- .../forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php index 469c1b6eb..97a64dbd7 100644 --- a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php @@ -191,6 +191,7 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm */ public function onSuccess() { + $this->assertPermission('monitoring/command/feature/instance'); foreach ($this->getValues() as $feature => $enabled) { $toggleFeature = new ToggleInstanceFeatureCommand(); $toggleFeature From 26613a010662f7b9e71eaa9a2bb0d2c8f9f3cd11 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 09:58:30 +0100 Subject: [PATCH 07/23] monitoring/security: Rename permission monitoring/command/feature/program to monitoring/command/feature/instance --- modules/monitoring/configuration.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/monitoring/configuration.php b/modules/monitoring/configuration.php index 72df4e73f..7eb3bbedf 100644 --- a/modules/monitoring/configuration.php +++ b/modules/monitoring/configuration.php @@ -47,8 +47,8 @@ $this->providePermission( $this->translate('Allow processing host and service check results') ); $this->providePermission( - 'monitoring/command/feature/program', - $this->translate('Allow processing commands for toggling features on a program-wide basis') + 'monitoring/command/feature/instance', + $this->translate('Allow processing commands for toggling features on an instance-wide basis') ); $this->providePermission( 'monitoring/command/feature/object', From 3716be4a48ba79a0c2c9dffcdf048819a7202bdf Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 10:01:03 +0100 Subject: [PATCH 08/23] monitoring/security: Disable toggling instance features if user lacks the permission monitoring/command/feature/instance --- .../ToggleInstanceFeaturesCommandForm.php | 31 +++++++++++++------ 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php index 97a64dbd7..997bd378c 100644 --- a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php @@ -73,13 +73,15 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm } else { $notificationDescription = null; } + $toggleDisabled = ! $this->hasPermission('monitoring/command/feature/instance'); $this->addElements(array( array( 'checkbox', ToggleInstanceFeatureCommand::FEATURE_ACTIVE_HOST_CHECKS, array( 'label' => $this->translate('Active Host Checks Being Executed'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -87,7 +89,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_ACTIVE_SERVICE_CHECKS, array( 'label' => $this->translate('Active Service Checks Being Executed'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -95,7 +98,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_EVENT_HANDLERS, array( 'label' => $this->translate('Event Handlers Enabled'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -103,7 +107,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_FLAP_DETECTION, array( 'label' => $this->translate('Flap Detection Enabled'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -122,7 +127,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ), 'Label', array('HtmlTag', array('tag' => 'div')) - ) + ), + 'disabled' => $toggleDisabled ) ), array( @@ -130,7 +136,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_HOST_OBSESSING, array( 'label' => $this->translate('Obsessing Over Hosts'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -138,7 +145,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_SERVICE_OBSESSING, array( 'label' => $this->translate('Obsessing Over Services'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -146,7 +154,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_PASSIVE_HOST_CHECKS, array( 'label' => $this->translate('Passive Host Checks Being Accepted'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -154,7 +163,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_PASSIVE_SERVICE_CHECKS, array( 'label' => $this->translate('Passive Service Checks Being Accepted'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -162,7 +172,8 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm ToggleInstanceFeatureCommand::FEATURE_PERFORMANCE_DATA, array( 'label' => $this->translate('Performance Data Being Processed'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ) )); From 35b33647cf5bf72610289cbcfa93e4fb84144233 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 10:26:43 +0100 Subject: [PATCH 09/23] monitoring/security: Guard the link for disabling notifications on an instance-wide basis The link in the monitoring health view will only be shown if the user has the permission monitoring/command/feature/instance. --- .../ToggleInstanceFeaturesCommandForm.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php index 997bd378c..d99db37c4 100644 --- a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php @@ -59,12 +59,16 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm public function createElements(array $formData = array()) { if ((bool) $this->status->notifications_enabled) { - $notificationDescription = sprintf( - '%s', - $this->translate('Disable notifications for a specific time on a program-wide basis'), - $this->getView()->href('monitoring/process/disable-notifications'), - $this->translate('Disable temporarily') - ); + if ($this->hasPermission('monitoring/command/feature/instance')) { + $notificationDescription = sprintf( + '%s', + $this->translate('Disable notifications for a specific time on a program-wide basis'), + $this->getView()->href('monitoring/process/disable-notifications'), + $this->translate('Disable temporarily') + ); + } else { + $notificationDescription = null; + } } elseif ($this->status->disable_notif_expire_time) { $notificationDescription = sprintf( $this->translate('Notifications will be re-enabled in %s'), From bdc637ff67af3506fa57eb71761bf61bb54d5fe9 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 10:31:49 +0100 Subject: [PATCH 10/23] monitoring/security: Guard toggling object features Toggling object features will only be possible if the user has the permission monitoring/command/feature/object. --- .../forms/Command/Object/ToggleObjectFeaturesCommandForm.php | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php index bf0a1d8b1..46858555f 100644 --- a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php @@ -107,6 +107,7 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm */ public function onSuccess() { + $this->assertPermission('monitoring/command/feature/object'); foreach ($this->objects as $object) { /** @var \Icinga\Module\Monitoring\Object\MonitoredObject $object */ foreach ($this->getValues() as $feature => $enabled) { From 1681f746c1ef5df9c1c14584a790a2b22757f389 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 10:46:24 +0100 Subject: [PATCH 11/23] monitoring/security: Disable toggling object features if user lacks the permission monitoring/command/feature/object --- .../ToggleObjectFeaturesCommandForm.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php index 46858555f..d3cc63ecf 100644 --- a/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Object/ToggleObjectFeaturesCommandForm.php @@ -28,13 +28,15 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm */ public function createElements(array $formData = array()) { + $toggleDisabled = $this->hasPermission('monitoring/command/feature/instance') ? null : ''; $this->addElements(array( array( 'checkbox', ToggleObjectFeatureCommand::FEATURE_ACTIVE_CHECKS, array( 'label' => $this->translate('Active Checks'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -42,7 +44,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm ToggleObjectFeatureCommand::FEATURE_PASSIVE_CHECKS, array( 'label' => $this->translate('Passive Checks'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -50,7 +53,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm ToggleObjectFeatureCommand::FEATURE_OBSESSING, array( 'label' => $this->translate('Obsessing'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -58,7 +62,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm ToggleObjectFeatureCommand::FEATURE_NOTIFICATIONS, array( 'label' => $this->translate('Notifications'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -66,7 +71,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm ToggleObjectFeatureCommand::FEATURE_EVENT_HANDLER, array( 'label' => $this->translate('Event Handler'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ), array( @@ -74,7 +80,8 @@ class ToggleObjectFeaturesCommandForm extends ObjectsCommandForm ToggleObjectFeatureCommand::FEATURE_FLAP_DETECTION, array( 'label' => $this->translate('Flap Detection'), - 'autosubmit' => true + 'autosubmit' => true, + 'disabled' => $toggleDisabled ) ) )); From 127ce7abfe402c5102d070be342c56cf6f647dd4 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 10:47:02 +0100 Subject: [PATCH 12/23] monitoring/security: Fix that toggling instance features is always disabled In HTML5 the presence of a boolean attribute on an element represents the true value, and the absence of the attribute represents the false value. In Zend we have to set null for the absence of the attribute and the empty string for the presence of the attribute. --- .../Command/Instance/ToggleInstanceFeaturesCommandForm.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php index d99db37c4..60486307e 100644 --- a/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php +++ b/modules/monitoring/application/forms/Command/Instance/ToggleInstanceFeaturesCommandForm.php @@ -77,7 +77,7 @@ class ToggleInstanceFeaturesCommandForm extends CommandForm } else { $notificationDescription = null; } - $toggleDisabled = ! $this->hasPermission('monitoring/command/feature/instance'); + $toggleDisabled = $this->hasPermission('monitoring/command/feature/instance') ? null : ''; $this->addElements(array( array( 'checkbox', From e5b0b528747c2ff76b0568f8ca6929e61b072495 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 11:20:05 +0100 Subject: [PATCH 13/23] lib: Reduce else { if { to elseif { in User::can() --- library/Icinga/User.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/Icinga/User.php b/library/Icinga/User.php index db80c929a..bdc49275b 100644 --- a/library/Icinga/User.php +++ b/library/Icinga/User.php @@ -426,13 +426,11 @@ class User foreach ($this->permissions as $permitted) { $wildcard = strpos($permitted, '*'); if ($wildcard !== false) { - if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) { - return true; - } else { - if ($permission === $permitted) { - return true; - } - } + } + if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) { + return true; + } elseif ($permission === $permitted) { + return true; } } return false; From c8640cbae9eeec5f8e9269dfa691947ded14e09e Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 12:44:34 +0100 Subject: [PATCH 14/23] rpm: Remove php5-imagick dependency for SUSE packages --- icingaweb2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icingaweb2.spec b/icingaweb2.spec index cd1ee485f..0d3766fdd 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -82,7 +82,7 @@ Requires: %{php} >= 5.3.0 Requires: %{php}-gd %{php}-intl %{?fedora:Requires: php-pecl-imagick} %{?rhel:Requires: php-pecl-imagick} -%{?suse_version:Requires: %{php}-gettext %{php}-openssl php5-imagick} +%{?suse_version:Requires: %{php}-gettext %{php}-openssl} %description -n php-Icinga Icinga Web 2 PHP library From 932496c58c2e4a437772e99f968275398740cefe Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 12:51:06 +0100 Subject: [PATCH 15/23] rpm: Require json and posix PHP extensions for SUSE packages --- icingaweb2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icingaweb2.spec b/icingaweb2.spec index 0d3766fdd..312d6ee39 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -82,7 +82,7 @@ Requires: %{php} >= 5.3.0 Requires: %{php}-gd %{php}-intl %{?fedora:Requires: php-pecl-imagick} %{?rhel:Requires: php-pecl-imagick} -%{?suse_version:Requires: %{php}-gettext %{php}-openssl} +%{?suse_version:Requires: %{php}-gettext %{php}-json %{php}-openssl %{php}-posix} %description -n php-Icinga Icinga Web 2 PHP library From e8619686aef903c82a3eb2acc327b70b2df2a098 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 30 Jan 2015 13:01:40 +0100 Subject: [PATCH 16/23] Add the sockets module as optional requirement of the monitoring module --- .../library/Monitoring/MonitoringWizard.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/modules/monitoring/library/Monitoring/MonitoringWizard.php b/modules/monitoring/library/Monitoring/MonitoringWizard.php index d7a3671a4..43061e608 100644 --- a/modules/monitoring/library/Monitoring/MonitoringWizard.php +++ b/modules/monitoring/library/Monitoring/MonitoringWizard.php @@ -5,6 +5,7 @@ namespace Icinga\Module\Monitoring; use Icinga\Application\Icinga; +use Icinga\Application\Platform; use Icinga\Web\Form; use Icinga\Web\Wizard; use Icinga\Web\Request; @@ -139,6 +140,22 @@ class MonitoringWizard extends Wizard implements SetupWizard */ public function getRequirements() { - return new Requirements(); + $requirements = new Requirements(); + + $requirements->addOptional( + 'existing_php_mod_sockets', + mt('monitoring', 'PHP Module: Sockets'), + mt( + 'monitoring', + 'In case it\'s desired that a TCP connection is being used by Icinga Web 2 to' + . ' access a Livestatus interface, the Sockets module for PHP is required.' + ), + Platform::extensionLoaded('sockets'), + Platform::extensionLoaded('sockets') ? mt('monitoring', 'The PHP Module sockets is available.') : ( + mt('monitoring', 'The PHP Module sockets is not available.') + ) + ); + + return $requirements; } } From 9dd179d8f387f7214a8c7b4b8b550acdbbd002c9 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 13:18:29 +0100 Subject: [PATCH 17/23] rpm: Fix shadow-utils requirement on SUSE --- icingaweb2.spec | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/icingaweb2.spec b/icingaweb2.spec index 312d6ee39..ca1345dc2 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -29,7 +29,6 @@ Packager: Icinga Team %endif %endif - %if 0%{?suse_version} %define wwwconfigdir %{_sysconfdir}/apache2/conf.d %define wwwuser wwwrun @@ -43,15 +42,17 @@ Requires: apache2-mod_php5 %endif %endif -Requires(pre): shadow-utils -Requires: %{name}-common = %{version}-%{release} -Requires: php-Icinga = %{version}-%{release} -Requires: %{name}-vendor-dompdf -Requires: %{name}-vendor-HTMLPurifier -Requires: %{name}-vendor-JShrink -Requires: %{name}-vendor-lessphp -Requires: %{name}-vendor-Parsedown -Requires: %{zend} +%{?fedora:Requires(pre): shadow-utils} +%{?rhel:Requires(pre): shadow-utils} +%{?suse_version:Requires(pre): pwdutils} +Requires: %{name}-common = %{version}-%{release} +Requires: php-Icinga = %{version}-%{release} +Requires: %{name}-vendor-dompdf +Requires: %{name}-vendor-HTMLPurifier +Requires: %{name}-vendor-JShrink +Requires: %{name}-vendor-lessphp +Requires: %{name}-vendor-Parsedown +Requires: %{zend} %description @@ -68,8 +69,11 @@ Icinga Web 2 %package common -Summary: Common files for Icinga Web 2 and the Icinga CLI -Group: Applications/System +Summary: Common files for Icinga Web 2 and the Icinga CLI +Group: Applications/System +%{?fedora:Requires(pre): shadow-utils} +%{?rhel:Requires(pre): shadow-utils} +%{?suse_version:Requires(pre): pwdutils} %description common Common files for Icinga Web 2 and the Icinga CLI From 65a2c47506588c0e48827bf89f37b681da8d30d3 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 13:29:47 +0100 Subject: [PATCH 18/23] security: Provide permissions for our config actions --- application/forms/Security/RoleForm.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php index f32c0cab4..18926972c 100644 --- a/application/forms/Security/RoleForm.php +++ b/application/forms/Security/RoleForm.php @@ -21,7 +21,14 @@ class RoleForm extends ConfigForm * * @type array */ - protected $providedPermissions = array('*' => '*'); + protected $providedPermissions = array( + '*' => '*', + 'system/config/*' => 'system/config/*', + 'system/config/application' => 'system/config/application', + 'system/config/authentication' => 'system/config/authentication', + 'system/config/resources' => 'system/config/resources', + 'system/config/roles' => 'system/config/roles' + ); /** * Provided restrictions by currently loaded modules From 72a616ede61c2bf3e25a32292593d55d0720ff42 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 13:30:18 +0100 Subject: [PATCH 19/23] spec: Fix license of Icinga Web 2 Vendor packages not yet concerned. --- icingaweb2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icingaweb2.spec b/icingaweb2.spec index ca1345dc2..f747c3327 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -5,7 +5,7 @@ Version: 2.0.0 Release: %{revision}%{?dist} Summary: Icinga Web 2 Group: Applications/System -License: GPL +License: GPLv2+ URL: https://icinga.org Source0: https://github.com/Icinga/%{name}/archive/v%{version}.tar.gz BuildArch: noarch From d72e506202931488fb69740b47575272236549e0 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 13:45:55 +0100 Subject: [PATCH 20/23] spec: Add lincese tag to vendor packages --- icingaweb2.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/icingaweb2.spec b/icingaweb2.spec index f747c3327..94d280fb8 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -110,6 +110,7 @@ Version: 0.6.1 Release: 1%{?dist} Summary: Icinga Web 2 vendor library dompdf Group: Development/Libraries +License: LGPLv2.1 Requires: %{php} >= 5.3.0 %description vendor-dompdf @@ -121,6 +122,7 @@ Version: 4.6.0 Release: 1%{?dist} Summary: Icinga Web 2 vendor library HTMLPurifier Group: Development/Libraries +License: LGPLv2.1 Requires: %{php} >= 5.3.0 %description vendor-HTMLPurifier @@ -132,6 +134,7 @@ Version: 1.0.1 Release: 1%{?dist} Summary: Icinga Web 2 vendor library JShrink Group: Development/Libraries +License: BSD Requires: %{php} >= 5.3.0 %description vendor-JShrink @@ -143,6 +146,7 @@ Version: 0.4.0 Release: 1%{?dist} Summary: Icinga Web 2 vendor library lessphp Group: Development/Libraries +License: MIT Requires: %{php} >= 5.3.0 %description vendor-lessphp @@ -154,6 +158,7 @@ Version: 1.0.0 Release: 1%{?dist} Summary: Icinga Web 2 vendor library Parsedown Group: Development/Libraries +License: MIT Requires: %{php} >= 5.3.0 %description vendor-Parsedown @@ -165,6 +170,7 @@ Version: 1.12.9 Release: 1%{?dist} Summary: Icinga Web 2 vendor library Zend Framework Group: Development/Libraries +License: BSD Requires: %{php} >= 5.3.0 %description vendor-Zend From 17b6d8512b54c27bc9afd3b0614965a6772501cf Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Fri, 30 Jan 2015 13:46:49 +0100 Subject: [PATCH 21/23] spec: Add MIT and BSD to the license tag We ship jquery and some jquery plugins w/ Icinga Web 2. Their licenses must be noted too. --- icingaweb2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/icingaweb2.spec b/icingaweb2.spec index 94d280fb8..a012751ea 100644 --- a/icingaweb2.spec +++ b/icingaweb2.spec @@ -5,7 +5,7 @@ Version: 2.0.0 Release: %{revision}%{?dist} Summary: Icinga Web 2 Group: Applications/System -License: GPLv2+ +License: GPLv2+ and MIT and BSD URL: https://icinga.org Source0: https://github.com/Icinga/%{name}/archive/v%{version}.tar.gz BuildArch: noarch From 6ec2ee753d2212b1a4c77505a06bfd3d6a846853 Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Fri, 30 Jan 2015 14:50:25 +0100 Subject: [PATCH 22/23] Render error messages in the container itself fixes #6280 --- application/controllers/ErrorController.php | 1 + application/views/scripts/error/error.phtml | 5 +++-- public/js/icinga/loader.js | 16 +--------------- 3 files changed, 5 insertions(+), 17 deletions(-) diff --git a/application/controllers/ErrorController.php b/application/controllers/ErrorController.php index 0548b5c9c..e198eca1c 100644 --- a/application/controllers/ErrorController.php +++ b/application/controllers/ErrorController.php @@ -19,6 +19,7 @@ class ErrorController extends ActionController { $error = $this->_getParam('error_handler'); $exception = $error->exception; + $this->getTabs()->showOnlyCloseButton(); Logger::error($exception); Logger::error('Stacktrace: %s', $exception->getTraceAsString()); diff --git a/application/views/scripts/error/error.phtml b/application/views/scripts/error/error.phtml index 2a900651b..8e61e80f8 100644 --- a/application/views/scripts/error/error.phtml +++ b/application/views/scripts/error/error.phtml @@ -1,8 +1,9 @@ -title): ?>
+tabs->render($this) ?> +title): ?>

escape($title) ?>

-
+
message): ?>

escape($message)) ?>

diff --git a/public/js/icinga/loader.js b/public/js/icinga/loader.js index 31a0d10a8..95ac5beeb 100644 --- a/public/js/icinga/loader.js +++ b/public/js/icinga/loader.js @@ -594,18 +594,7 @@ onFailure: function (req, textStatus, errorThrown) { var url = req.url; - if (req.status === 500) { - if (this.exception === null) { - req.$target.addClass('impact'); - - this.exception = this.createNotice( - 'error', - $('h1', $(req.responseText)).first().html(), - true - ); - this.icinga.ui.fixControls(); - } - } else if (req.status > 0) { + if (req.status > 0) { this.icinga.logger.error( req.status, errorThrown + ':', @@ -617,9 +606,6 @@ req.action, req.autorefresh ); - - // Header example: - // Icinga.debug(req.getResponseHeader('X-Icinga-Redirect')); } else { if (errorThrown === 'abort') { this.icinga.logger.debug( From 7b8332ccd89d102ea672a6d3eb4c48045969f97a Mon Sep 17 00:00:00 2001 From: Marius Hein Date: Fri, 30 Jan 2015 15:25:03 +0100 Subject: [PATCH 23/23] Notifications do not disappear after autorefresh This is not affected anymore because the errors goes directly into the container. But this commit fixes the codes if someone use the notifications in the loader. Also remove unused variable this.exception. fixes #6278 --- public/js/icinga/loader.js | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/public/js/icinga/loader.js b/public/js/icinga/loader.js index 95ac5beeb..7d590757b 100644 --- a/public/js/icinga/loader.js +++ b/public/js/icinga/loader.js @@ -24,8 +24,6 @@ this.failureNotice = null; - this.exception = null; - /** * Pending requests */ @@ -313,15 +311,12 @@ onResponse: function (data, textStatus, req) { var self = this; if (this.failureNotice !== null) { - this.failureNotice.remove(); + if (! this.failureNotice.hasClass('fading-out')) { + this.failureNotice.remove(); + } this.failureNotice = null; } - if (this.exception !== null) { - this.exception.remove(); - this.exception = null; - } - // Remove 'impact' class if there was such if (req.$target.hasClass('impact')) { req.$target.removeClass('impact'); @@ -646,7 +641,13 @@ var $notice = $( '
  • ' + message + '
    • ' ).appendTo($('#notifications')); + this.icinga.ui.fixControls(); + + if (!persist) { + this.icinga.ui.fadeNotificationsAway(); + } + return $notice; },