tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-16 18:34:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Module configuration script can provide restrictions and permissions

Browse Source 
Extended the module, created CLI commands showing available permissions
and restrictions, added a sample configuration.php to the monitoring
module.

refs #4108
This commit is contained in:
Thomas Gelf 2014-01-22 10:26:18 +00:00
parent 30208c3a30
commit c29e742570
3 changed files with 188 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
application/clicommands/ModuleCommand.php
View File

@ -111,6 +111,54 @@ class ModuleCommand extends Command
$this->modules->disableModule($module); $this->modules->disableModule($module);
} }
/**
* Show all restrictions provided by your modules
*
* Asks each enabled module for all available restriction names and
* descriptions and shows a quick overview
*
* Usage: icingaweb module restrictions
*/
public function restrictionsAction()
{
printf("%-14s %-16s %s\n", 'MODULE', 'RESTRICTION', 'DESCRIPTION');
foreach ($this->modules->listEnabledModules() as $moduleName) {
$module = $this->modules->loadModule($moduleName)->getModule($moduleName);
foreach ($module->getProvidedRestrictions() as $restriction) {
printf(
"%-14s %-16s %s\n",
$moduleName,
$restriction->name,
$restriction->description
);
}
}
}
/**
* Show all permissions provided by your modules
*
* Asks each enabled module for it's available permission names and
* descriptions and shows a quick overview
*
* Usage: icingaweb module permissions
*/
public function permissionsAction()
{
printf("%-14s %-24s %s\n", 'MODULE', 'PERMISSION', 'DESCRIPTION');
foreach ($this->modules->listEnabledModules() as $moduleName) {
$module = $this->modules->loadModule($moduleName)->getModule($moduleName);
foreach ($module->getProvidedPermissions() as $restriction) {
printf(
"%-14s %-24s %s\n",
$moduleName,
$restriction->name,
$restriction->description
);
}
}
}
/** /**
* Search for a given module * Search for a given module
* *

132
library/Icinga/Application/Modules/Module.php
View File

@ -100,6 +100,34 @@ class Module
*/ */
private $runScript; private $runScript;
/**
* Module configuration script
*
* @var string
*/
private $configScript;
/**
* Whether we already tried to include the module configuration script
*
* @var bool
*/
private $triedToLaunchConfigScript = false;
/**
* Provided permissions
*
* @var array
*/
private $permissionList = array();
/**
* Provided restrictions
*
* @var array
*/
private $restrictionList = array();
/** /**
* Icinga application * Icinga application
* *
@ -274,6 +302,94 @@ class Module
->module($this->name, $file); ->module($this->name, $file);
} }
/**
* Retrieve provided permissions
*
* @param string $name Permission name
* @return array
*/
public function getProvidedPermissions()
{
$this->launchConfigScript();
return $this->permissionList;
}
/**
* Retrieve provided restrictions
*
* @param string $name Restriction name
* @return array
*/
public function getProvidedRestrictions()
{
$this->launchConfigScript();
return $this->restrictionList;
}
/**
* Whether the given permission name is supported
*
* @param string $name Permission name
* @return bool
*/
public function providesPermission($name)
{
$this->launchConfigScript();
return array_key_exists($name, $this->permissionList);
}
/**
* Whether the given restriction name is supported
*
* @param string $name Restriction name
* @return bool
*/
public function providesRestriction($name)
{
$this->launchConfigScript();
return array_key_exists($name, $this->restrictionList);
}
/**
* Provide a named permission
*
* @param string $name Unique permission name
* @param string $name Permission description
* @return void
*/
protected function providePermission($name, $description)
{
if ($this->providesPermission($name)) {
throw new Exception(
sprintf('Cannot provide permission "%s" twice', $name)
);
}
$this->permissionList[$name] = (object) array(
'name' => $name,
'description' => $description
);
}
/**
* Provide a named restriction
*
* @param string $name Unique restriction name
* @param string $name Restriction description
* @return void
*/
protected function provideRestriction($name, $description)
{
if ($this->providesRestriction($name)) {
throw new Exception(
sprintf('Cannot provide restriction "%s" twice', $name)
);
}
$this->restrictionList[$name] = (object) array(
'name' => $name,
'description' => $description
);
}
/** /**
* Register new namespaces on the autoloader * Register new namespaces on the autoloader
* *
@ -399,6 +515,22 @@ class Module
return $this; return $this;
} }
/**
* Run module config script
*/
protected function launchConfigScript()
{
if ($this->triedToLaunchConfigScript) {
return;
}
$this->triedToLaunchConfigScript = true;
if (! file_exists($this->configScript)
|| ! is_readable($this->configScript)) {
return;
}
include($this->configScript);
}
/** /**
* Register hook * Register hook
* *

8
modules/monitoring/configuration.php Normal file
View File

@ -0,0 +1,8 @@
<?php
// TODO: We need to define a useful permission set for this module, the
// list provided here is just an example
$this->providePermission('commands/all', 'Allow to send all commands');
$this->providePermission('commands/safe', 'Allow to to send a subset of "safe" commands');
$this->providePermission('log', 'Allow full log access');