389 lines
14 KiB
PHP
389 lines
14 KiB
PHP
<?php
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
|
|
|
use Icinga\Application\Config;
|
|
use Icinga\Application\Icinga;
|
|
use Icinga\Application\Modules\Module;
|
|
use Icinga\Data\ResourceFactory;
|
|
use Icinga\Forms\Config\AuthenticationBackendConfigForm;
|
|
use Icinga\Forms\Config\AuthenticationBackendReorderForm;
|
|
use Icinga\Forms\Config\GeneralConfigForm;
|
|
use Icinga\Forms\Config\ResourceConfigForm;
|
|
use Icinga\Forms\ConfirmRemovalForm;
|
|
use Icinga\Security\SecurityException;
|
|
use Icinga\Web\Controller;
|
|
use Icinga\Web\Notification;
|
|
use Icinga\Web\Widget;
|
|
|
|
/**
|
|
* Application and module configuration
|
|
*/
|
|
class ConfigController extends Controller
|
|
{
|
|
/**
|
|
* The first allowed config action according to the user's permissions
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $firstAllowedAction;
|
|
|
|
/**
|
|
* Initialize tabs and validate the user's permissions
|
|
*
|
|
* @throws SecurityException If the user does not have any configuration permission
|
|
*/
|
|
public function init()
|
|
{
|
|
$tabs = $this->getTabs();
|
|
$auth = $this->Auth();
|
|
$allowedActions = array();
|
|
if ($auth->hasPermission('config/application/general')) {
|
|
$tabs->add('application', array(
|
|
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
|
|
'label' => $this->translate('Application'),
|
|
'url' => 'config/application'
|
|
));
|
|
$allowedActions[] = 'application';
|
|
}
|
|
if ($auth->hasPermission('config/application/authentication')) {
|
|
$tabs->add('authentication', array(
|
|
'title' => $this->translate('Configure how users authenticate with and log into Icinga Web 2'),
|
|
'label' => $this->translate('Authentication'),
|
|
'url' => 'config/authentication'
|
|
));
|
|
$allowedActions[] = 'authentication';
|
|
}
|
|
if ($auth->hasPermission('config/application/resources')) {
|
|
$tabs->add('resource', array(
|
|
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
|
|
'label' => $this->translate('Resources'),
|
|
'url' => 'config/resource'
|
|
));
|
|
$allowedActions[] = 'resource';
|
|
}
|
|
if ($auth->hasPermission('config/application/roles')) {
|
|
$tabs->add('roles', array(
|
|
'title' => $this->translate(
|
|
'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
|
|
),
|
|
'label' => $this->translate('Roles'),
|
|
'url' => 'roles'
|
|
));
|
|
$allowedActions[] = 'roles';
|
|
}
|
|
$this->firstAllowedAction = array_shift($allowedActions);
|
|
}
|
|
|
|
public function devtoolsAction()
|
|
{
|
|
$this->view->tabs = null;
|
|
}
|
|
|
|
/**
|
|
* Forward or redirect to the first allowed configuration action
|
|
*/
|
|
public function indexAction()
|
|
{
|
|
if ($this->firstAllowedAction === null) {
|
|
throw new SecurityException('No permission for configuration');
|
|
}
|
|
$action = $this->getTabs()->get($this->firstAllowedAction);
|
|
if (substr($action->getUrl()->getPath(), 0, 7) === 'config/') {
|
|
$this->forward($this->firstAllowedAction);
|
|
} else {
|
|
$this->redirectNow($action->getUrl());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Application configuration
|
|
*
|
|
* @throws SecurityException If the user lacks the permission for configuring the application
|
|
*/
|
|
public function applicationAction()
|
|
{
|
|
$this->assertPermission('config/application/general');
|
|
$form = new GeneralConfigForm();
|
|
$form->setIniConfig(Config::app());
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->tabs->activate('application');
|
|
}
|
|
|
|
/**
|
|
* Display the list of all modules
|
|
*/
|
|
public function modulesAction()
|
|
{
|
|
// Overwrite tabs created in init
|
|
// @TODO(el): This seems not natural to me. Module configuration should have its own controller.
|
|
$this->view->tabs = Widget::create('tabs')
|
|
->add('modules', array(
|
|
'label' => $this->translate('Modules'),
|
|
'title' => $this->translate('List intalled modules'),
|
|
'url' => 'config/modules'
|
|
))
|
|
->activate('modules');
|
|
$this->view->modules = Icinga::app()->getModuleManager()->select()
|
|
->from('modules')
|
|
->order('enabled', 'desc')
|
|
->order('name');
|
|
$this->setupLimitControl();
|
|
$this->setupPaginationControl($this->view->modules);
|
|
// TODO: Not working
|
|
/*$this->setupSortControl(array(
|
|
'name' => $this->translate('Modulename'),
|
|
'path' => $this->translate('Installation Path'),
|
|
'enabled' => $this->translate('State')
|
|
));*/
|
|
}
|
|
|
|
public function moduleAction()
|
|
{
|
|
$app = Icinga::app();
|
|
$manager = $app->getModuleManager();
|
|
$name = $this->getParam('name');
|
|
if ($manager->hasInstalled($name)) {
|
|
$this->view->moduleData = $manager->select()->from('modules')->where('name', $name)->fetchRow();
|
|
if ($manager->hasLoaded($name)) {
|
|
$module = $manager->getModule($name);
|
|
} else {
|
|
$module = new Module($app, $name, $manager->getModuleDir($name));
|
|
}
|
|
|
|
$this->view->module = $module;
|
|
$this->view->tabs = $module->getConfigTabs()->activate('info');
|
|
} else {
|
|
$this->view->module = false;
|
|
$this->view->tabs = null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Enable a specific module provided by the 'name' param
|
|
*/
|
|
public function moduleenableAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
$module = $this->getParam('name');
|
|
$manager = Icinga::app()->getModuleManager();
|
|
try {
|
|
$manager->enableModule($module);
|
|
Notification::success(sprintf($this->translate('Module "%s" enabled'), $module));
|
|
$this->rerenderLayout()->reloadCss()->redirectNow('config/modules');
|
|
} catch (Exception $e) {
|
|
$this->view->exceptionMessage = $e->getMessage();
|
|
$this->view->moduleName = $module;
|
|
$this->view->action = 'enable';
|
|
$this->render('module-configuration-error');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Disable a module specific module provided by the 'name' param
|
|
*/
|
|
public function moduledisableAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
$module = $this->getParam('name');
|
|
$manager = Icinga::app()->getModuleManager();
|
|
try {
|
|
$manager->disableModule($module);
|
|
Notification::success(sprintf($this->translate('Module "%s" disabled'), $module));
|
|
$this->rerenderLayout()->reloadCss()->redirectNow('config/modules');
|
|
} catch (Exception $e) {
|
|
$this->view->exceptionMessage = $e->getMessage();
|
|
$this->view->moduleName = $module;
|
|
$this->view->action = 'disable';
|
|
$this->render('module-configuration-error');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Action for listing and reordering authentication backends
|
|
*/
|
|
public function authenticationAction()
|
|
{
|
|
$this->assertPermission('config/application/authentication');
|
|
$form = new AuthenticationBackendReorderForm();
|
|
$form->setIniConfig(Config::app('authentication'));
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->tabs->activate('authentication');
|
|
$this->render('authentication/reorder');
|
|
}
|
|
|
|
/**
|
|
* Action for creating a new authentication backend
|
|
*/
|
|
public function createauthenticationbackendAction()
|
|
{
|
|
$this->assertPermission('config/application/authentication');
|
|
$form = new AuthenticationBackendConfigForm();
|
|
$form->setTitle($this->translate('Create New Authentication Backend'));
|
|
$form->addDescription($this->translate(
|
|
'Create a new backend for authenticating your users. This backend'
|
|
. ' will be added at the end of your authentication order.'
|
|
));
|
|
$form->setIniConfig(Config::app('authentication'));
|
|
$form->setResourceConfig(ResourceFactory::getResourceConfigs());
|
|
$form->setRedirectUrl('config/authentication');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->tabs->activate('authentication');
|
|
$this->render('authentication/create');
|
|
}
|
|
|
|
/**
|
|
* Action for editing authentication backends
|
|
*/
|
|
public function editauthenticationbackendAction()
|
|
{
|
|
$this->assertPermission('config/application/authentication');
|
|
$form = new AuthenticationBackendConfigForm();
|
|
$form->setTitle($this->translate('Edit Backend'));
|
|
$form->setIniConfig(Config::app('authentication'));
|
|
$form->setResourceConfig(ResourceFactory::getResourceConfigs());
|
|
$form->setRedirectUrl('config/authentication');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->tabs->activate('authentication');
|
|
$this->render('authentication/modify');
|
|
}
|
|
|
|
/**
|
|
* Action for removing a backend from the authentication list
|
|
*/
|
|
public function removeauthenticationbackendAction()
|
|
{
|
|
$this->assertPermission('config/application/authentication');
|
|
$form = new ConfirmRemovalForm(array(
|
|
'onSuccess' => function ($form) {
|
|
$configForm = new AuthenticationBackendConfigForm();
|
|
$configForm->setIniConfig(Config::app('authentication'));
|
|
$authBackend = $form->getRequest()->getQuery('auth_backend');
|
|
|
|
try {
|
|
$configForm->remove($authBackend);
|
|
} catch (InvalidArgumentException $e) {
|
|
Notification::error($e->getMessage());
|
|
return;
|
|
}
|
|
|
|
if ($configForm->save()) {
|
|
Notification::success(sprintf(
|
|
t('Authentication backend "%s" has been successfully removed'),
|
|
$authBackend
|
|
));
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
));
|
|
$form->setTitle($this->translate('Remove Backend'));
|
|
$form->setRedirectUrl('config/authentication');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->tabs->activate('authentication');
|
|
$this->render('authentication/remove');
|
|
}
|
|
|
|
/**
|
|
* Display all available resources and a link to create a new one and to remove existing ones
|
|
*/
|
|
public function resourceAction()
|
|
{
|
|
$this->assertPermission('config/application/resources');
|
|
$this->view->resources = Config::app('resources', true)->keys();
|
|
$this->view->tabs->activate('resource');
|
|
}
|
|
|
|
/**
|
|
* Display a form to create a new resource
|
|
*/
|
|
public function createresourceAction()
|
|
{
|
|
$this->assertPermission('config/application/resources');
|
|
$form = new ResourceConfigForm();
|
|
$form->setTitle($this->translate('Create A New Resource'));
|
|
$form->addDescription($this->translate('Resources are entities that provide data to Icinga Web 2.'));
|
|
$form->setIniConfig(Config::app('resources'));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->render('resource/create');
|
|
}
|
|
|
|
/**
|
|
* Display a form to edit a existing resource
|
|
*/
|
|
public function editresourceAction()
|
|
{
|
|
$this->assertPermission('config/application/resources');
|
|
$form = new ResourceConfigForm();
|
|
$form->setTitle($this->translate('Edit Existing Resource'));
|
|
$form->setIniConfig(Config::app('resources'));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->render('resource/modify');
|
|
}
|
|
|
|
/**
|
|
* Display a confirmation form to remove a resource
|
|
*/
|
|
public function removeresourceAction()
|
|
{
|
|
$this->assertPermission('config/application/resources');
|
|
$form = new ConfirmRemovalForm(array(
|
|
'onSuccess' => function ($form) {
|
|
$configForm = new ResourceConfigForm();
|
|
$configForm->setIniConfig(Config::app('resources'));
|
|
$resource = $form->getRequest()->getQuery('resource');
|
|
|
|
try {
|
|
$configForm->remove($resource);
|
|
} catch (InvalidArgumentException $e) {
|
|
Notification::error($e->getMessage());
|
|
return;
|
|
}
|
|
|
|
if ($configForm->save()) {
|
|
Notification::success(sprintf(t('Resource "%s" has been successfully removed'), $resource));
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
));
|
|
$form->setTitle($this->translate('Remove Existing Resource'));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
// Check if selected resource is currently used for authentication
|
|
$resource = $this->getRequest()->getQuery('resource');
|
|
$authConfig = Config::app('authentication');
|
|
foreach ($authConfig as $backendName => $config) {
|
|
if ($config->get('resource') === $resource) {
|
|
$form->addDescription(sprintf(
|
|
$this->translate(
|
|
'The resource "%s" is currently in use by the authentication backend "%s". ' .
|
|
'Removing the resource can result in noone being able to log in any longer.'
|
|
),
|
|
$resource,
|
|
$backendName
|
|
));
|
|
}
|
|
}
|
|
|
|
$this->view->form = $form;
|
|
$this->render('resource/remove');
|
|
}
|
|
}
|