diff --git a/application/clicommands/ModuleCommand.php b/application/clicommands/ModuleCommand.php index 3dd9ab530..a9db65b9b 100644 --- a/application/clicommands/ModuleCommand.php +++ b/application/clicommands/ModuleCommand.php @@ -111,6 +111,54 @@ class ModuleCommand extends Command $this->modules->disableModule($module); } + /** + * Show all restrictions provided by your modules + * + * Asks each enabled module for all available restriction names and + * descriptions and shows a quick overview + * + * Usage: icingaweb module restrictions + */ + public function restrictionsAction() + { + printf("%-14s %-16s %s\n", 'MODULE', 'RESTRICTION', 'DESCRIPTION'); + foreach ($this->modules->listEnabledModules() as $moduleName) { + $module = $this->modules->loadModule($moduleName)->getModule($moduleName); + foreach ($module->getProvidedRestrictions() as $restriction) { + printf( + "%-14s %-16s %s\n", + $moduleName, + $restriction->name, + $restriction->description + ); + } + } + } + + /** + * Show all permissions provided by your modules + * + * Asks each enabled module for it's available permission names and + * descriptions and shows a quick overview + * + * Usage: icingaweb module permissions + */ + public function permissionsAction() + { + printf("%-14s %-24s %s\n", 'MODULE', 'PERMISSION', 'DESCRIPTION'); + foreach ($this->modules->listEnabledModules() as $moduleName) { + $module = $this->modules->loadModule($moduleName)->getModule($moduleName); + foreach ($module->getProvidedPermissions() as $restriction) { + printf( + "%-14s %-24s %s\n", + $moduleName, + $restriction->name, + $restriction->description + ); + } + } + } + /** * Search for a given module * diff --git a/library/Icinga/Application/Modules/Module.php b/library/Icinga/Application/Modules/Module.php index bc2947961..faa12a4e9 100644 --- a/library/Icinga/Application/Modules/Module.php +++ b/library/Icinga/Application/Modules/Module.php @@ -100,6 +100,34 @@ class Module */ private $runScript; + /** + * Module configuration script + * + * @var string + */ + private $configScript; + + /** + * Whether we already tried to include the module configuration script + * + * @var bool + */ + private $triedToLaunchConfigScript = false; + + /** + * Provided permissions + * + * @var array + */ + private $permissionList = array(); + + /** + * Provided restrictions + * + * @var array + */ + private $restrictionList = array(); + /** * Icinga application * @@ -274,6 +302,94 @@ class Module ->module($this->name, $file); } + /** + * Retrieve provided permissions + * + * @param string $name Permission name + * @return array + */ + public function getProvidedPermissions() + { + $this->launchConfigScript(); + return $this->permissionList; + } + + /** + * Retrieve provided restrictions + * + * @param string $name Restriction name + * @return array + */ + public function getProvidedRestrictions() + { + $this->launchConfigScript(); + return $this->restrictionList; + } + + /** + * Whether the given permission name is supported + * + * @param string $name Permission name + * @return bool + */ + public function providesPermission($name) + { + $this->launchConfigScript(); + return array_key_exists($name, $this->permissionList); + } + + /** + * Whether the given restriction name is supported + * + * @param string $name Restriction name + * @return bool + */ + public function providesRestriction($name) + { + $this->launchConfigScript(); + return array_key_exists($name, $this->restrictionList); + } + + /** + * Provide a named permission + * + * @param string $name Unique permission name + * @param string $name Permission description + * @return void + */ + protected function providePermission($name, $description) + { + if ($this->providesPermission($name)) { + throw new Exception( + sprintf('Cannot provide permission "%s" twice', $name) + ); + } + $this->permissionList[$name] = (object) array( + 'name' => $name, + 'description' => $description + ); + } + + /** + * Provide a named restriction + * + * @param string $name Unique restriction name + * @param string $name Restriction description + * @return void + */ + protected function provideRestriction($name, $description) + { + if ($this->providesRestriction($name)) { + throw new Exception( + sprintf('Cannot provide restriction "%s" twice', $name) + ); + } + $this->restrictionList[$name] = (object) array( + 'name' => $name, + 'description' => $description + ); + } + /** * Register new namespaces on the autoloader * @@ -399,6 +515,22 @@ class Module return $this; } + /** + * Run module config script + */ + protected function launchConfigScript() + { + if ($this->triedToLaunchConfigScript) { + return; + } + $this->triedToLaunchConfigScript = true; + if (! file_exists($this->configScript) + || ! is_readable($this->configScript)) { + return; + } + include($this->configScript); + } + /** * Register hook * diff --git a/modules/monitoring/configuration.php b/modules/monitoring/configuration.php new file mode 100644 index 000000000..fe9474e90 --- /dev/null +++ b/modules/monitoring/configuration.php @@ -0,0 +1,8 @@ +providePermission('commands/all', 'Allow to send all commands'); +$this->providePermission('commands/safe', 'Allow to to send a subset of "safe" commands'); +$this->providePermission('log', 'Allow full log access'); +