tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-21 04:44:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Navigation: Restructure authentication backend configuration

Browse Source 
This moves the configuration tabs for user and group backends into
a dedicated menu entry called "Authentication". All tabs previously
available in this menu entry were moved into their own dedicated
menu entry as well to not to confuse users.

fixes #9398
This commit is contained in:
Johannes Meyer 2015-06-22 13:26:24 +02:00
parent bb0ed20200
commit d36f90d8cb
7 changed files with 125 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
application/controllers/ConfigController.php
View File

@ -22,55 +22,41 @@ use Icinga\Web\Widget;
class ConfigController extends Controller class ConfigController extends Controller
{ {
/** /**
* The first allowed config action according to the user's permissions * Create and return the tabs to display when showing application configuration
*
* @var string
*/ */
protected $firstAllowedAction; public function createApplicationTabs()
/**
* Initialize tabs and validate the user's permissions
*
* @throws SecurityException If the user does not have any configuration permission
*/
public function init()
{ {
$tabs = $this->getTabs(); $tabs = $this->getTabs();
$auth = $this->Auth(); $tabs->add('general', array(
$allowedActions = array(); 'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
if ($auth->hasPermission('config/application/general')) { 'label' => $this->translate('General'),
$tabs->add('general', array( 'url' => 'config/general'
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), ));
'label' => $this->translate('General'), $tabs->add('resource', array(
'url' => 'config/general' 'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
)); 'label' => $this->translate('Resources'),
$allowedActions[] = 'general'; 'url' => 'config/resource'
} ));
if ($auth->hasPermission('config/application/resources')) { return $tabs;
$tabs->add('resource', array( }
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
'label' => $this->translate('Resources'), /**
'url' => 'config/resource' * Create and return the tabs to display when showing authentication configuration
)); */
$allowedActions[] = 'resource'; public function createAuthenticationTabs()
} {
if ($auth->hasPermission('config/application/userbackend')) { $tabs = $this->getTabs();
$tabs->add('userbackend', array( $tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'), 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('Authentication'), 'label' => $this->translate('User Backends'),
'url' => 'config/userbackend' 'url' => 'config/userbackend'
)); ));
$allowedActions[] = 'userbackend'; $tabs->add('usergroupbackend', array(
} 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
if ($auth->hasPermission('config/application/usergroupbackend')) { 'label' => $this->translate('Usergroup Backends'),
$tabs->add('usergroupbackend', array( 'url' => 'usergroupbackend/list'
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'), ));
'label' => $this->translate('User Groups'), return $tabs;
'url' => 'usergroupbackend/list'
));
$allowedActions[] = 'usergroupbackend';
}
$this->firstAllowedAction = array_shift($allowedActions);
} }
public function devtoolsAction() public function devtoolsAction()
@ -79,15 +65,11 @@ class ConfigController extends Controller
} }
/** /**
* Forward or redirect to the first allowed configuration action * Redirect to the general configuration
*/ */
public function indexAction() public function indexAction()
{ {
if ($this->firstAllowedAction === null) { $this->redirectNow('config/general');
throw new SecurityException($this->translate('No permission for application configuration'));
}
$this->redirectNow($this->getTabs()->get($this->firstAllowedAction)->getUrl());
} }
/** /**
@ -103,7 +85,7 @@ class ConfigController extends Controller
$form->handleRequest(); $form->handleRequest();
$this->view->form = $form; $this->view->form = $form;
$this->view->tabs->activate('general'); $this->createApplicationTabs()->activate('general');
} }
/** /**
@ -206,7 +188,7 @@ class ConfigController extends Controller
$form->handleRequest(); $form->handleRequest();
$this->view->form = $form; $this->view->form = $form;
$this->view->tabs->activate('userbackend'); $this->createAuthenticationTabs()->activate('userbackend');
$this->render('userbackend/reorder'); $this->render('userbackend/reorder');
} }
@ -228,7 +210,6 @@ class ConfigController extends Controller
$form->handleRequest(); $form->handleRequest();
$this->view->form = $form; $this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/create'); $this->render('userbackend/create');
} }
@ -247,7 +228,6 @@ class ConfigController extends Controller
$form->handleRequest(); $form->handleRequest();
$this->view->form = $form; $this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/modify'); $this->render('userbackend/modify');
} }
@ -286,7 +266,6 @@ class ConfigController extends Controller
$form->handleRequest(); $form->handleRequest();
$this->view->form = $form; $this->view->form = $form;
$this->view->tabs->activate('userbackend');
$this->render('userbackend/remove'); $this->render('userbackend/remove');
} }
@ -297,7 +276,7 @@ class ConfigController extends Controller
{ {
$this->assertPermission('config/application/resources'); $this->assertPermission('config/application/resources');
$this->view->resources = Config::app('resources', true)->keys(); $this->view->resources = Config::app('resources', true)->keys();
$this->view->tabs->activate('resource'); $this->createApplicationTabs()->activate('resource');
} }
/** /**

19
application/controllers/GroupController.php
View File

@ -347,4 +347,23 @@ class GroupController extends AuthBackendController
return $tabs; return $tabs;
} }
/**
* Create the tabs to display when listing groups
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'group/list',
array(
'title' => $this->translate('List groups of user group backends'),
'label' => $this->translate('Usergroups'),
'icon' => 'users',
'url' => 'group/list'
)
);
return $tabs;
}
} }

20
application/controllers/RoleController.php
View File

@ -152,4 +152,24 @@ class RoleController extends AuthBackendController
$this->view->form = $confirmation; $this->view->form = $confirmation;
$this->render('form'); $this->render('form');
} }
/**
* Create the tabs to display when listing roles
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'role/list',
array(
'title' => $this->translate(
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
),
'label' => $this->translate('Roles'),
'url' => 'role/list'
)
);
return $tabs;
}
} }

19
application/controllers/UserController.php
View File

@ -306,4 +306,23 @@ class UserController extends AuthBackendController
return $tabs; return $tabs;
} }
/**
* Create the tabs to display when listing users
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
$tabs->add(
'user/list',
array(
'title' => $this->translate('List users of authentication backends'),
'label' => $this->translate('Users'),
'icon' => 'user',
'url' => 'user/list'
)
);
return $tabs;
}
} }

39
application/controllers/UsergroupbackendController.php
View File

@ -153,35 +153,16 @@ class UsergroupbackendController extends Controller
protected function createListTabs() protected function createListTabs()
{ {
$tabs = $this->getTabs(); $tabs = $this->getTabs();
if ($this->hasPermission('config/application/general')) { $tabs->add('userbackend', array(
$tabs->add('general', array( 'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'), 'label' => $this->translate('User Backends'),
'label' => $this->translate('General'), 'url' => 'config/userbackend'
'url' => 'config/general' ));
)); $tabs->add('usergroupbackend', array(
} 'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
if ($this->hasPermission('config/application/resources')) { 'label' => $this->translate('Usergroup Backends'),
$tabs->add('resource', array( 'url' => 'usergroupbackend/list'
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'), ));
'label' => $this->translate('Resources'),
'url' => 'config/resource'
));
}
if ($this->hasPermission('config/application/userbackend')) {
$tabs->add('userbackend', array(
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
'label' => $this->translate('Authentication'),
'url' => 'config/userbackend'
));
}
if ($this->hasPermission('config/application/usergroupbackend')) {
$tabs->add('usergroupbackend', array(
'title' => $this->translate('Configure how users are associated with groups by Icinga Web 2'),
'label' => $this->translate('User Groups'),
'url' => 'usergroupbackend/list'
));
}
return $tabs; return $tabs;
} }
} }

64
library/Icinga/Web/Controller/AuthBackendController.php
View File

@ -3,13 +3,12 @@
namespace Icinga\Web\Controller; namespace Icinga\Web\Controller;
use \Zend_Controller_Action_Exception; use Zend_Controller_Action_Exception;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Authentication\User\UserBackend; use Icinga\Authentication\User\UserBackend;
use Icinga\Authentication\User\UserBackendInterface; use Icinga\Authentication\User\UserBackendInterface;
use Icinga\Authentication\UserGroup\UserGroupBackend; use Icinga\Authentication\UserGroup\UserGroupBackend;
use Icinga\Authentication\UserGroup\UserGroupBackendInterface; use Icinga\Authentication\UserGroup\UserGroupBackendInterface;
use Icinga\Security\SecurityException;
use Icinga\Web\Controller; use Icinga\Web\Controller;
/** /**
@ -18,19 +17,11 @@ use Icinga\Web\Controller;
class AuthBackendController extends Controller class AuthBackendController extends Controller
{ {
/** /**
* Redirect to the first permitted list action * Redirect to this controller's list action
*/ */
final public function indexAction() public function indexAction()
{ {
if ($this->hasPermission('config/authentication/users/show')) { $this->redirectNow($this->getRequest()->getControllerName() . '/list');
$this->redirectNow('user/list');
} elseif ($this->hasPermission('config/authentication/groups/show')) {
$this->redirectNow('group/list');
} elseif ($this->hasPermission('config/authentication/roles/show')) {
$this->redirectNow('role/list');
} else {
throw new SecurityException($this->translate('No permission for authentication configuration'));
}
} }
/** /**
@ -148,51 +139,4 @@ class AuthBackendController extends Controller
return $backend; return $backend;
} }
/**
* Create the tabs to list users and groups
*/
protected function createListTabs()
{
$tabs = $this->getTabs();
if ($this->hasPermission('config/authentication/users/show')) {
$tabs->add(
'user/list',
array(
'title' => $this->translate('List users of authentication backends'),
'label' => $this->translate('Users'),
'icon' => 'user',
'url' => 'user/list'
)
);
}
if ($this->hasPermission('config/authentication/groups/show')) {
$tabs->add(
'group/list',
array(
'title' => $this->translate('List groups of user group backends'),
'label' => $this->translate('Groups'),
'icon' => 'users',
'url' => 'group/list'
)
);
}
if ($this->hasPermission('config/authentication/roles/show')) {
$tabs->add(
'role/list',
array(
'title' => $this->translate(
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
),
'label' => $this->translate('Roles'),
'url' => 'role/list'
)
);
}
return $tabs;
}
} }

17
library/Icinga/Web/Menu.php
View File

@ -259,10 +259,25 @@ class Menu implements RecursiveIterator
'priority' => 810 'priority' => 810
)); ));
$section->add(t('Authentication'), array( $section->add(t('Authentication'), array(
'url' => 'user', 'url' => 'config/userbackend',
'permission' => 'config/authentication/*', 'permission' => 'config/authentication/*',
'priority' => 820 'priority' => 820
)); ));
$section->add(t('Roles'), array(
'url' => 'role/list',
'permission' => 'config/authentication/roles/show',
'priority' => 830
));
$section->add(t('Users'), array(
'url' => 'user/list',
'permission' => 'config/authentication/users/show',
'priority' => 840
));
$section->add(t('Usergroups'), array(
'url' => 'group/list',
'permission' => 'config/authentication/groups/show',
'priority' => 850
));
$section->add(t('Modules'), array( $section->add(t('Modules'), array(
'url' => 'config/modules', 'url' => 'config/modules',
'permission' => 'config/modules', 'permission' => 'config/modules',