tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Navigation: Restructure authentication backend configuration 

This moves the configuration tabs for user and group backends into
a dedicated menu entry called "Authentication". All tabs previously
available in this menu entry were moved into their own dedicated
menu entry as well to not to confuse users.

fixes #9398
This commit is contained in:
Johannes Meyer 2015-06-22 13:26:24 +02:00
parent bb0ed20200
commit d36f90d8cb
7 changed files with 125 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
application/controllers/ConfigController.php
View File

@ -22,55 +22,41 @@ use Icinga\Web\Widget;
class ConfigController extends Controller
{
/**
* The first allowed config action according to the user's permissions
*
* @var string
* Create and return the tabs to display when showing application configuration
*/
protected $firstAllowedAction;
/**
* Initialize tabs and validate the user's permissions
*
* @throws SecurityException If the user does not have any configuration permission
*/
public function init()
public function createApplicationTabs()
{
$tabs = $this->getTabs();
$auth = $this->Auth();
$allowedActions = array();
if ($auth->hasPermission('config/application/general')) {
$tabs->add('general', array(
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
'label' => $this->translate('General'),
'url' => 'config/general'
));
$allowedActions[] = 'general';
}
if ($auth->hasPermission('config/application/resources')) {
$tabs->add('resource', array(
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'),
'url' => 'config/resource'
));
$allowedActions[] = 'resource';
}
if ($auth->hasPermission('config/application/userbackend')) {
$tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('Authentication'),
'url' => 'config/userbackend'
));
$allowedActions[] = 'userbackend';
}
if ($auth->hasPermission('config/application/usergroupbackend')) {
$tabs->add('usergroupbackend', array(
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
'label' => $this->translate('User Groups'),
'url' => 'usergroupbackend/list'
));
$allowedActions[] = 'usergroupbackend';
}
$this->firstAllowedAction = array_shift($allowedActions);
$tabs->add('general', array(
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
'label' => $this->translate('General'),
'url' => 'config/general'
));
$tabs->add('resource', array(
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'),
'url' => 'config/resource'
));
return $tabs;
}
/**
* Create and return the tabs to display when showing authentication configuration
*/
public function createAuthenticationTabs()
{
$tabs = $this->getTabs();
$tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('User Backends'),
'url' => 'config/userbackend'
));
$tabs->add('usergroupbackend', array(
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
'label' => $this->translate('Usergroup Backends'),
'url' => 'usergroupbackend/list'
));
return $tabs;
}
public function devtoolsAction()
@ -79,15 +65,11 @@ class ConfigController extends Controller
}
/**
* Forward or redirect to the first allowed configuration action
* Redirect to the general configuration
*/
public function indexAction()
{
if ($this->firstAllowedAction === null) {
throw new SecurityException($this->translate('No permission for application configuration'));
}
$this->redirectNow($this->getTabs()->get($this->firstAllowedAction)->getUrl());
$this->redirectNow('config/general');
}
/**
@ -103,7 +85,7 @@ class ConfigController extends Controller
$form->handleRequest();
$this->view->form = $form;
$this->view->tabs->activate('general');
$this->createApplicationTabs()->activate('general');
}
/**
@ -206,7 +188,7 @@ class ConfigController extends Controller
$form->handleRequest();
$this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->createAuthenticationTabs()->activate('userbackend');
$this->render('userbackend/reorder');
}
@ -228,7 +210,6 @@ class ConfigController extends Controller
$form->handleRequest();
$this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/create');
}
@ -247,7 +228,6 @@ class ConfigController extends Controller
$form->handleRequest();
$this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/modify');
}
@ -286,7 +266,6 @@ class ConfigController extends Controller
$form->handleRequest();
$this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/remove');
}
@ -297,7 +276,7 @@ class ConfigController extends Controller
{
$this->assertPermission('config/application/resources');
$this->view->resources = Config::app('resources', true)->keys();
$this->view->tabs->activate('resource');
$this->createApplicationTabs()->activate('resource');
}
/**

19
application/controllers/GroupController.php
View File

@ -347,4 +347,23 @@ class GroupController extends AuthBackendController
return $tabs;
}
/**
* Create the tabs to display when listing groups
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'group/list',
array(
'title' => $this->translate('List groups of user group backends'),
'label' => $this->translate('Usergroups'),
'icon' => 'users',
'url' => 'group/list'
)
);
return $tabs;
}
}

20
application/controllers/RoleController.php
View File

@ -152,4 +152,24 @@ class RoleController extends AuthBackendController
$this->view->form = $confirmation;
$this->render('form');
}
/**
* Create the tabs to display when listing roles
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'role/list',
array(
'title' => $this->translate(
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
),
'label' => $this->translate('Roles'),
'url' => 'role/list'
)
);
return $tabs;
}
}

19
application/controllers/UserController.php
View File

@ -306,4 +306,23 @@ class UserController extends AuthBackendController
return $tabs;
}
/**
* Create the tabs to display when listing users
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'user/list',
array(
'title' => $this->translate('List users of authentication backends'),
'label' => $this->translate('Users'),
'icon' => 'user',
'url' => 'user/list'
)
);
return $tabs;
}
}

39
application/controllers/UsergroupbackendController.php
View File

@ -153,35 +153,16 @@ class UsergroupbackendController extends Controller
protected function createListTabs()
{
$tabs = $this->getTabs();
if ($this->hasPermission('config/application/general')) {
$tabs->add('general', array(
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
'label' => $this->translate('General'),
'url' => 'config/general'
));
}
if ($this->hasPermission('config/application/resources')) {
$tabs->add('resource', array(
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'),
'url' => 'config/resource'
));
}
if ($this->hasPermission('config/application/userbackend')) {
$tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('Authentication'),
'url' => 'config/userbackend'
));
}
if ($this->hasPermission('config/application/usergroupbackend')) {
$tabs->add('usergroupbackend', array(
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
'label' => $this->translate('User Groups'),
'url' => 'usergroupbackend/list'
));
}
$tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('User Backends'),
'url' => 'config/userbackend'
));
$tabs->add('usergroupbackend', array(
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
'label' => $this->translate('Usergroup Backends'),
'url' => 'usergroupbackend/list'
));
return $tabs;
}
}

64
library/Icinga/Web/Controller/AuthBackendController.php
View File

@ -3,13 +3,12 @@
namespace Icinga\Web\Controller;
use \Zend_Controller_Action_Exception;
use Zend_Controller_Action_Exception;
use Icinga\Application\Config;
use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\UserBackendInterface;
use Icinga\Authentication\UserGroup\UserGroupBackend;
use Icinga\Authentication\UserGroup\UserGroupBackendInterface;
use Icinga\Security\SecurityException;
use Icinga\Web\Controller;
/**
@ -18,19 +17,11 @@ use Icinga\Web\Controller;
class AuthBackendController extends Controller
{
/**
* Redirect to the first permitted list action
* Redirect to this controller's list action
*/
final public function indexAction()
public function indexAction()
{
if ($this->hasPermission('config/authentication/users/show')) {
$this->redirectNow('user/list');
} elseif ($this->hasPermission('config/authentication/groups/show')) {
$this->redirectNow('group/list');
} elseif ($this->hasPermission('config/authentication/roles/show')) {
$this->redirectNow('role/list');
} else {
throw new SecurityException($this->translate('No permission for authentication configuration'));
}
$this->redirectNow($this->getRequest()->getControllerName() . '/list');
}
/**
@ -148,51 +139,4 @@ class AuthBackendController extends Controller
return $backend;
}
/**
* Create the tabs to list users and groups
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
if ($this->hasPermission('config/authentication/users/show')) {
$tabs->add(
'user/list',
array(
'title' => $this->translate('List users of authentication backends'),
'label' => $this->translate('Users'),
'icon' => 'user',
'url' => 'user/list'
)
);
}
if ($this->hasPermission('config/authentication/groups/show')) {
$tabs->add(
'group/list',
array(
'title' => $this->translate('List groups of user group backends'),
'label' => $this->translate('Groups'),
'icon' => 'users',
'url' => 'group/list'
)
);
}
if ($this->hasPermission('config/authentication/roles/show')) {
$tabs->add(
'role/list',
array(
'title' => $this->translate(
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
),
'label' => $this->translate('Roles'),
'url' => 'role/list'
)
);
}
return $tabs;
}
}

17
library/Icinga/Web/Menu.php
View File

@ -259,10 +259,25 @@ class Menu implements RecursiveIterator
'priority' => 810
));
$section->add(t('Authentication'), array(
'url' => 'user',
'url' => 'config/userbackend',
'permission' => 'config/authentication/*',
'priority' => 820
));
$section->add(t('Roles'), array(
'url' => 'role/list',
'permission' => 'config/authentication/roles/show',
'priority' => 830
));
$section->add(t('Users'), array(
'url' => 'user/list',
'permission' => 'config/authentication/users/show',
'priority' => 840
));
$section->add(t('Usergroups'), array(
'url' => 'group/list',
'permission' => 'config/authentication/groups/show',
'priority' => 850
));
$section->add(t('Modules'), array(
'url' => 'config/modules',
'permission' => 'config/modules',