icingaweb2/application/controllers/ConfigController.php

548 lines
20 KiB
PHP

<?php
// {{{ICINGA_LICENSE_HEADER}}}
// {{{ICINGA_LICENSE_HEADER}}}
use Icinga\Web\Controller\BaseConfigController;
use Icinga\Web\Widget\AlertMessageBox;
use Icinga\Web\Notification;
use Icinga\Application\Modules\Module;
use Icinga\Web\Form;
use Icinga\Web\Widget;
use Icinga\Application\Icinga;
use Icinga\Application\Config as IcingaConfig;
use Icinga\Form\Config\GeneralForm;
use Icinga\Form\Config\Authentication\LdapBackendForm;
use Icinga\Form\Config\Authentication\DbBackendForm;
use Icinga\Form\Config\Authentication\AutologinBackendForm;
use Icinga\Form\Config\ResourceForm;
use Icinga\Form\Config\LoggingForm;
use Icinga\Form\Config\ConfirmRemovalForm;
use Icinga\Config\PreservingIniWriter;
use Icinga\Exception\ConfigurationError;
/**
* Application wide controller for application preferences
*/
class ConfigController extends BaseConfigController
{
public function init()
{
$this->view->tabs = Widget::create('tabs')->add('index', array(
'title' => 'Application',
'url' => 'config'
))->add('authentication', array(
'title' => 'Authentication',
'url' => 'config/authentication'
))->add('resources', array(
'title' => 'Resources',
'url' => 'config/resource'
));
}
public function devtoolsAction()
{
$this->view->tabs = null;
}
/**
* Index action, entry point for configuration
*/
public function indexAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$this->view->tabs->activate('index');
$form = new GeneralForm();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
if ($this->writeConfigFile($form->getConfiguration(), 'config')) {
Notification::success($this->translate('New configuration has successfully been stored'));
$this->redirectNow('config');
}
}
} else {
$form->setConfiguration(IcingaConfig::app());
}
$this->view->form = $form;
}
/**
* Display the list of all modules
*/
public function modulesAction()
{
$this->view->tabs = Widget::create('tabs')->add('modules', array(
'title' => 'Modules',
'url' => 'config/modules'
));
$this->view->tabs->activate('modules');
$this->view->modules = Icinga::app()->getModuleManager()->select()
->from('modules')
->order('enabled', 'desc')
->order('name')->paginate();
}
public function moduleAction()
{
$name = $this->getParam('name');
$app = Icinga::app();
$manager = $app->getModuleManager();
if ($manager->hasInstalled($name)) {
$this->view->moduleData = Icinga::app()->getModuleManager()->select()
->from('modules')->where('name', $name)->fetchRow();
$module = new Module($app, $name, $manager->getModuleDir($name));
$this->view->module = $module;
} else {
$this->view->module = false;
}
$this->view->tabs = $module->getConfigTabs()->activate('info');
}
/**
* Enable a specific module provided by the 'name' param
*/
public function moduleenableAction()
{
$module = $this->getParam('name');
$manager = Icinga::app()->getModuleManager();
try {
$manager->enableModule($module);
$manager->loadModule($module);
Notification::success('Module "' . $module . '" enabled');
$this->rerenderLayout()->reloadCss()->redirectNow('config/modules');
} catch (Exception $e) {
$this->view->exceptionMesssage = $e->getMessage();
$this->view->moduleName = $module;
$this->view->action = 'enable';
$this->render('module-configuration-error');
}
}
/**
* Disable a module specific module provided by the 'name' param
*/
public function moduledisableAction()
{
$module = $this->getParam('name');
$manager = Icinga::app()->getModuleManager();
try {
$manager->disableModule($module);
Notification::success('Module "' . $module . '" disabled');
$this->rerenderLayout()->reloadCss()->redirectNow('config/modules');
} catch (Exception $e) {
$this->view->exceptionMessage = $e->getMessage();
$this->view->moduleName = $module;
$this->view->action = 'disable';
$this->render('module-configuration-error');
}
}
/**
* Action for reordering authentication backends
*/
public function authenticationAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$this->view->tabs->activate('authentication');
$config = IcingaConfig::app('authentication');
$backendOrder = array_keys($config->toArray());
$form = new Form();
$form->setName('form_reorder_authbackend');
$request = $this->getRequest();
if ($request->isPost()) {
$requestData = $request->getPost();
if ($form->isValid($requestData)) { // Validate the CSRF token
$reordered = false;
foreach ($backendOrder as $backendName) {
if (isset($requestData[$backendName])) {
array_splice($backendOrder, array_search($backendName, $backendOrder), 1);
array_splice($backendOrder, $requestData[$backendName], 0, $backendName);
$reordered = true;
break;
}
}
if ($reordered) {
$reorderedConfig = array();
foreach ($backendOrder as $backendName) {
$reorderedConfig[$backendName] = $config->{$backendName};
}
if ($this->writeAuthenticationFile($reorderedConfig)) {
Notification::success($this->translate('Authentication order updated!'));
$this->redirectNow('config/authentication');
}
}
}
}
$this->view->form = $form->create(); // Necessary in case its a GET request
$this->view->backendNames = $backendOrder;
}
/**
* Action for creating a new authentication backend
*/
public function createauthenticationbackendAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$this->view->tabs->activate('authentication');
$backendType = $this->getRequest()->getParam('type');
$authenticationConfig = IcingaConfig::app('authentication')->toArray();
try {
switch ($backendType) {
case 'ldap':
$form = new LdapBackendForm();
break;
case 'db':
$form = new DbBackendForm();
break;
case 'autologin':
foreach ($authenticationConfig as $ac) {
if (array_key_exists('backend', $ac) && $ac['backend'] === 'autologin') {
throw new ConfigurationError(
$this->translate('An autologin backend already exists')
);
}
}
$form = new AutologinBackendForm();
break;
default:
$this->addErrorMessage(sprintf(
$this->translate('There is no backend type `%s\''),
$backendType
));
$this->redirectNow('config/configurationerror');
}
} catch (ConfigurationError $e) {
$this->addErrorMessage($e->getMessage());
$this->redirectNow('config/configurationerror');
}
$request = $this->getRequest();
if ($request->isPost() && $form->isValid($request->getPost())) {
list($backendName, $backendConfig) = $form->getBackendConfig();
if (isset($authenticationConfig[$backendName])) {
$this->addErrorMessage(
$this->translate('Backend name already exists')
);
} else {
$authenticationConfig[$backendName] = $backendConfig;
if ($this->writeConfigFile($authenticationConfig, 'authentication')) {
$this->addSuccessMessage(
$this->translate('Backend Modification Written.')
);
$this->redirectNow('config/authentication');
}
}
}
$this->view->messageBox->addForm($form);
$this->view->form = $form;
$this->render('authentication/create');
}
/**
* Form for editing backends
*
* Mostly the same like the createAuthenticationBackendAction, but with additional checks for backend existence
* and form population
*/
public function editauthenticationbackendAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$configArray = IcingaConfig::app('authentication', true)->toArray();
$authBackend = $this->getParam('auth_backend');
if (false === isset($configArray[$authBackend])) {
$this->addErrorMessage(
$this->translate('Can\'t edit: Unknown Authentication Backend Provided')
);
$this->redirectNow('config/configurationerror');
}
if (false === array_key_exists('backend', $configArray[$authBackend])) {
$this->addErrorMessage(sprintf(
$this->translate('Backend "%s" has no `backend\' setting'),
$authBackend
));
$this->redirectNow('config/configurationerror');
}
$type = $configArray[$authBackend]['backend'];
switch ($type) {
case 'ldap':
$form = new LdapBackendForm();
break;
case 'db':
$form = new DbBackendForm();
break;
case 'autologin':
$form = new AutologinBackendForm();
break;
default:
$this->addErrorMessage(sprintf(
$this->translate('Can\'t edit: backend type "%s" of given resource not supported.'),
$type
));
$this->redirectNow('config/configurationerror');
}
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
list($backendName, $backendConfig) = $form->getBackendConfig();
$configArray[$backendName] = $backendConfig;
if ($backendName != $authBackend) {
unset($configArray[$authBackend]);
}
if ($this->writeAuthenticationFile($configArray)) {
// redirect to overview with success message
Notification::success(sprintf(
$this->translate('Backend "%s" saved'),
$backendName
));
$this->redirectNow('config/authentication');
}
return;
}
} else {
$form->setBackendConfig($authBackend, $configArray[$authBackend]);
}
$this->view->messageBox->addForm($form);
$this->view->name = $authBackend;
$this->view->form = $form;
$this->render('authentication/modify');
}
/**
* Action for removing a backend from the authentication list.
*
* Redirects to the overview after removal is finished
*/
public function removeauthenticationbackendAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$configArray = IcingaConfig::app('authentication', true)->toArray();
$authBackend = $this->getParam('auth_backend');
if (false === array_key_exists($authBackend, $configArray)) {
$this->addErrorMessage(
$this->translate('Can\'t perform removal: Unknown authentication backend provided')
);
$this->redirectNow('config/configurationerror');
}
$form = new ConfirmRemovalForm();
$request = $this->getRequest();
if ($request->isPost() && $form->isValid($request->getPost())) {
unset($configArray[$authBackend]);
if ($this->writeAuthenticationFile($configArray)) {
Notification::success(sprintf(
$this->translate('Authentication Backend "%s" Removed'),
$authBackend
));
$this->redirectNow('config/authentication');
}
}
$this->view->form = $form;
$this->view->name = $authBackend;
$this->render('authentication/remove');
}
/**
* Display all available resources and a link to create a new one
*/
public function resourceAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$this->view->tabs->activate('resources');
$this->view->resources = IcingaConfig::app('resources', true)->toArray();
}
/**
* Display a form to create a new resource
*/
public function createresourceAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$form = new ResourceForm();
$request = $this->getRequest();
if ($request->isPost() && $form->isValid($request->getPost())) {
list($name, $config) = $form->getResourceConfig();
$resources = IcingaConfig::app('resources')->toArray();
if (array_key_exists($name, $resources)) {
$this->addErrorMessage(sprintf($this->translate('Resource name "%s" already in use.'), $name));
} else {
$resources[$name] = $config;
if ($this->writeConfigFile($resources, 'resources')) {
$this->addSuccessMessage(sprintf($this->translate('Resource "%s" successfully created.'), $name));
$this->redirectNow('config/resource');
}
}
}
$this->view->form = $form;
$this->view->messageBox->addForm($form);
$this->render('resource/create');
}
/**
* Display a form to edit a existing resource
*/
public function editresourceAction()
{
$this->view->messageBox = new AlertMessageBox(true);
// Fetch the resource to be edited
$resources = IcingaConfig::app('resources')->toArray();
$name = $this->getParam('resource');
if (false === array_key_exists($name, $resources)) {
$this->addErrorMessage(sprintf($this->translate('Cannot edit "%s". Resource not found.'), $name));
$this->redirectNow('config/configurationerror');
}
$form = new ResourceForm();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
list($newName, $config) = $form->getResourceConfig();
if ($newName !== $name) {
// Resource name has changed
unset($resources[$name]); // We can safely use unset as all values are part of the form
}
$resources[$newName] = $config;
if ($this->writeConfigFile($resources, 'resources')) {
$this->addSuccessMessage(sprintf($this->translate('Resource "%s" successfully edited.'), $name));
$this->redirectNow('config/resource');
}
}
} else {
$form->setResourceConfig($name, $resources[$name]);
}
$this->view->form = $form;
$this->view->messageBox->addForm($form);
$this->render('resource/modify');
}
/**
* Display a confirmation form to remove a resource
*/
public function removeresourceAction()
{
$this->view->messageBox = new AlertMessageBox(true);
// Fetch the resource to be removed
$resources = IcingaConfig::app('resources')->toArray();
$name = $this->getParam('resource');
if (false === array_key_exists($name, $resources)) {
$this->addErrorMessage(sprintf($this->translate('Cannot remove "%s". Resource not found.'), $name));
$this->redirectNow('config/configurationerror');
}
// Check if selected resource is currently used for authentication
$authConfig = IcingaConfig::app('authentication')->toArray();
foreach ($authConfig as $backendName => $config) {
if (array_key_exists('resource', $config) && $config['resource'] === $name) {
$this->addWarningMessage(
sprintf(
$this->translate(
'The resource "%s" is currently in use by the authentication backend "%s". ' .
'Removing the resource can result in noone being able to log in any longer.'
),
$name,
$backendName
)
);
}
}
$form = new ConfirmRemovalForm();
$request = $this->getRequest();
if ($request->isPost() && $form->isValid($request->getPost())) {
unset($resources[$name]);
if ($this->writeConfigFile($resources, 'resources')) {
$this->addSuccessMessage(sprintf($this->translate('Resource "%s" successfully removed.'), $name));
$this->redirectNow('config/resource');
}
}
$this->view->form = $form;
$this->view->messageBox->addForm($form);
$this->render('resource/remove');
}
/**
* Redirect target only for error-states
*
* When an error is opened in the side-pane, redirecting this request to the index or the overview will look
* weird. This action returns a clear page containing only an AlertMessageBox.
*/
public function configurationerrorAction()
{
$this->view->messageBox = new AlertMessageBox(true);
$this->render('error/error', null, true);
}
/**
* Write changes to an authentication file
*
* @param array $config The configuration changes
*
* @return bool True when persisting succeeded, otherwise false
*
* @see writeConfigFile()
*/
private function writeAuthenticationFile($config) {
return $this->writeConfigFile($config, 'authentication');
}
/**
* Write changes to a configuration file $file, using the supplied writer or PreservingIniWriter if none is set
*
* @param array|Zend_Config $config The configuration to write
* @param string $file The filename to write to (without .ini)
* @param Zend_Config_Writer $writer An optional writer to use for persisting changes
*
* @return bool True when persisting succeeded, otherwise false
*/
private function writeConfigFile($config, $file, $writer = null)
{
if (is_array($config)) {
$config = new Zend_Config($config);
}
if ($writer === null) {
$writer = new PreservingIniWriter(
array(
'config' => $config,
'filename' => IcingaConfig::app($file)->getConfigFile()
)
);
}
try {
$writer->write();
return true;
} catch (Exception $exc) {
$this->view->exceptionMessage = $exc->getMessage();
$this->view->iniConfigurationString = $writer->render();
$this->view->file = $file;
$this->render('show-configuration');
return false;
}
}
}