diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php index 0f3d7d1ed..f077dfe02 100644 --- a/application/controllers/ConfigController.php +++ b/application/controllers/ConfigController.php @@ -22,55 +22,41 @@ use Icinga\Web\Widget; class ConfigController extends Controller { /** - * The first allowed config action according to the user's permissions - * - * @var string + * Create and return the tabs to display when showing application configuration */ - protected $firstAllowedAction; - - /** - * Initialize tabs and validate the user's permissions - * - * @throws SecurityException If the user does not have any configuration permission - */ - public function init() + public function createApplicationTabs() { $tabs = $this->getTabs(); - $auth = $this->Auth(); - $allowedActions = array(); - if ($auth->hasPermission('config/application/general')) { - $tabs->add('general', array( - 'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), - 'label' => $this->translate('General'), - 'url' => 'config/general' - )); - $allowedActions[] = 'general'; - } - if ($auth->hasPermission('config/application/resources')) { - $tabs->add('resource', array( - 'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'), - 'label' => $this->translate('Resources'), - 'url' => 'config/resource' - )); - $allowedActions[] = 'resource'; - } - if ($auth->hasPermission('config/application/userbackend')) { - $tabs->add('userbackend', array( - 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), - 'label' => $this->translate('Authentication'), - 'url' => 'config/userbackend' - )); - $allowedActions[] = 'userbackend'; - } - if ($auth->hasPermission('config/application/usergroupbackend')) { - $tabs->add('usergroupbackend', array( - 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'), - 'label' => $this->translate('User Groups'), - 'url' => 'usergroupbackend/list' - )); - $allowedActions[] = 'usergroupbackend'; - } - $this->firstAllowedAction = array_shift($allowedActions); + $tabs->add('general', array( + 'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), + 'label' => $this->translate('General'), + 'url' => 'config/general' + )); + $tabs->add('resource', array( + 'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'), + 'label' => $this->translate('Resources'), + 'url' => 'config/resource' + )); + return $tabs; + } + + /** + * Create and return the tabs to display when showing authentication configuration + */ + public function createAuthenticationTabs() + { + $tabs = $this->getTabs(); + $tabs->add('userbackend', array( + 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), + 'label' => $this->translate('User Backends'), + 'url' => 'config/userbackend' + )); + $tabs->add('usergroupbackend', array( + 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'), + 'label' => $this->translate('Usergroup Backends'), + 'url' => 'usergroupbackend/list' + )); + return $tabs; } public function devtoolsAction() @@ -79,15 +65,11 @@ class ConfigController extends Controller } /** - * Forward or redirect to the first allowed configuration action + * Redirect to the general configuration */ public function indexAction() { - if ($this->firstAllowedAction === null) { - throw new SecurityException($this->translate('No permission for application configuration')); - } - - $this->redirectNow($this->getTabs()->get($this->firstAllowedAction)->getUrl()); + $this->redirectNow('config/general'); } /** @@ -103,7 +85,7 @@ class ConfigController extends Controller $form->handleRequest(); $this->view->form = $form; - $this->view->tabs->activate('general'); + $this->createApplicationTabs()->activate('general'); } /** @@ -206,7 +188,7 @@ class ConfigController extends Controller $form->handleRequest(); $this->view->form = $form; - $this->view->tabs->activate('userbackend'); + $this->createAuthenticationTabs()->activate('userbackend'); $this->render('userbackend/reorder'); } @@ -228,7 +210,6 @@ class ConfigController extends Controller $form->handleRequest(); $this->view->form = $form; - $this->view->tabs->activate('userbackend'); $this->render('userbackend/create'); } @@ -247,7 +228,6 @@ class ConfigController extends Controller $form->handleRequest(); $this->view->form = $form; - $this->view->tabs->activate('userbackend'); $this->render('userbackend/modify'); } @@ -286,7 +266,6 @@ class ConfigController extends Controller $form->handleRequest(); $this->view->form = $form; - $this->view->tabs->activate('userbackend'); $this->render('userbackend/remove'); } @@ -297,7 +276,7 @@ class ConfigController extends Controller { $this->assertPermission('config/application/resources'); $this->view->resources = Config::app('resources', true)->keys(); - $this->view->tabs->activate('resource'); + $this->createApplicationTabs()->activate('resource'); } /** diff --git a/application/controllers/GroupController.php b/application/controllers/GroupController.php index fc881a3cf..ed30aac86 100644 --- a/application/controllers/GroupController.php +++ b/application/controllers/GroupController.php @@ -347,4 +347,23 @@ class GroupController extends AuthBackendController return $tabs; } + + /** + * Create the tabs to display when listing groups + */ + protected function createListTabs() + { + $tabs = $this->getTabs(); + $tabs->add( + 'group/list', + array( + 'title' => $this->translate('List groups of user group backends'), + 'label' => $this->translate('Usergroups'), + 'icon' => 'users', + 'url' => 'group/list' + ) + ); + + return $tabs; + } } diff --git a/application/controllers/RoleController.php b/application/controllers/RoleController.php index 0384009ec..bae4cad88 100644 --- a/application/controllers/RoleController.php +++ b/application/controllers/RoleController.php @@ -152,4 +152,24 @@ class RoleController extends AuthBackendController $this->view->form = $confirmation; $this->render('form'); } + + /** + * Create the tabs to display when listing roles + */ + protected function createListTabs() + { + $tabs = $this->getTabs(); + $tabs->add( + 'role/list', + array( + 'title' => $this->translate( + 'Configure roles to permit or restrict users and groups accessing Icinga Web 2' + ), + 'label' => $this->translate('Roles'), + 'url' => 'role/list' + ) + ); + + return $tabs; + } } diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php index 4c6d5dfe9..eaff798df 100644 --- a/application/controllers/UserController.php +++ b/application/controllers/UserController.php @@ -306,4 +306,23 @@ class UserController extends AuthBackendController return $tabs; } + + /** + * Create the tabs to display when listing users + */ + protected function createListTabs() + { + $tabs = $this->getTabs(); + $tabs->add( + 'user/list', + array( + 'title' => $this->translate('List users of authentication backends'), + 'label' => $this->translate('Users'), + 'icon' => 'user', + 'url' => 'user/list' + ) + ); + + return $tabs; + } } diff --git a/application/controllers/UsergroupbackendController.php b/application/controllers/UsergroupbackendController.php index d1c0efc63..477c1b28d 100644 --- a/application/controllers/UsergroupbackendController.php +++ b/application/controllers/UsergroupbackendController.php @@ -153,35 +153,16 @@ class UsergroupbackendController extends Controller protected function createListTabs() { $tabs = $this->getTabs(); - if ($this->hasPermission('config/application/general')) { - $tabs->add('general', array( - 'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), - 'label' => $this->translate('General'), - 'url' => 'config/general' - )); - } - if ($this->hasPermission('config/application/resources')) { - $tabs->add('resource', array( - 'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'), - 'label' => $this->translate('Resources'), - 'url' => 'config/resource' - )); - } - if ($this->hasPermission('config/application/userbackend')) { - $tabs->add('userbackend', array( - 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), - 'label' => $this->translate('Authentication'), - 'url' => 'config/userbackend' - )); - } - if ($this->hasPermission('config/application/usergroupbackend')) { - $tabs->add('usergroupbackend', array( - 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'), - 'label' => $this->translate('User Groups'), - 'url' => 'usergroupbackend/list' - )); - } - + $tabs->add('userbackend', array( + 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), + 'label' => $this->translate('User Backends'), + 'url' => 'config/userbackend' + )); + $tabs->add('usergroupbackend', array( + 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'), + 'label' => $this->translate('Usergroup Backends'), + 'url' => 'usergroupbackend/list' + )); return $tabs; } } diff --git a/library/Icinga/Web/Controller/AuthBackendController.php b/library/Icinga/Web/Controller/AuthBackendController.php index 43ed78fd7..1fea0eb4f 100644 --- a/library/Icinga/Web/Controller/AuthBackendController.php +++ b/library/Icinga/Web/Controller/AuthBackendController.php @@ -3,13 +3,12 @@ namespace Icinga\Web\Controller; -use \Zend_Controller_Action_Exception; +use Zend_Controller_Action_Exception; use Icinga\Application\Config; use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\UserBackendInterface; use Icinga\Authentication\UserGroup\UserGroupBackend; use Icinga\Authentication\UserGroup\UserGroupBackendInterface; -use Icinga\Security\SecurityException; use Icinga\Web\Controller; /** @@ -18,19 +17,11 @@ use Icinga\Web\Controller; class AuthBackendController extends Controller { /** - * Redirect to the first permitted list action + * Redirect to this controller's list action */ - final public function indexAction() + public function indexAction() { - if ($this->hasPermission('config/authentication/users/show')) { - $this->redirectNow('user/list'); - } elseif ($this->hasPermission('config/authentication/groups/show')) { - $this->redirectNow('group/list'); - } elseif ($this->hasPermission('config/authentication/roles/show')) { - $this->redirectNow('role/list'); - } else { - throw new SecurityException($this->translate('No permission for authentication configuration')); - } + $this->redirectNow($this->getRequest()->getControllerName() . '/list'); } /** @@ -148,51 +139,4 @@ class AuthBackendController extends Controller return $backend; } - - /** - * Create the tabs to list users and groups - */ - protected function createListTabs() - { - $tabs = $this->getTabs(); - - if ($this->hasPermission('config/authentication/users/show')) { - $tabs->add( - 'user/list', - array( - 'title' => $this->translate('List users of authentication backends'), - 'label' => $this->translate('Users'), - 'icon' => 'user', - 'url' => 'user/list' - ) - ); - } - - if ($this->hasPermission('config/authentication/groups/show')) { - $tabs->add( - 'group/list', - array( - 'title' => $this->translate('List groups of user group backends'), - 'label' => $this->translate('Groups'), - 'icon' => 'users', - 'url' => 'group/list' - ) - ); - } - - if ($this->hasPermission('config/authentication/roles/show')) { - $tabs->add( - 'role/list', - array( - 'title' => $this->translate( - 'Configure roles to permit or restrict users and groups accessing Icinga Web 2' - ), - 'label' => $this->translate('Roles'), - 'url' => 'role/list' - ) - ); - } - - return $tabs; - } } diff --git a/library/Icinga/Web/Menu.php b/library/Icinga/Web/Menu.php index a201b34fc..87be9ec40 100644 --- a/library/Icinga/Web/Menu.php +++ b/library/Icinga/Web/Menu.php @@ -259,10 +259,25 @@ class Menu implements RecursiveIterator 'priority' => 810 )); $section->add(t('Authentication'), array( - 'url' => 'user', + 'url' => 'config/userbackend', 'permission' => 'config/authentication/*', 'priority' => 820 )); + $section->add(t('Roles'), array( + 'url' => 'role/list', + 'permission' => 'config/authentication/roles/show', + 'priority' => 830 + )); + $section->add(t('Users'), array( + 'url' => 'user/list', + 'permission' => 'config/authentication/users/show', + 'priority' => 840 + )); + $section->add(t('Usergroups'), array( + 'url' => 'group/list', + 'permission' => 'config/authentication/groups/show', + 'priority' => 850 + )); $section->add(t('Modules'), array( 'url' => 'config/modules', 'permission' => 'config/modules',