mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-11-04 05:05:01 +01:00
508 lines
18 KiB
PHP
508 lines
18 KiB
PHP
<?php
|
|
/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */
|
|
|
|
namespace Icinga\Controllers;
|
|
|
|
use Exception;
|
|
use Icinga\Application\Version;
|
|
use InvalidArgumentException;
|
|
use Icinga\Application\Config;
|
|
use Icinga\Application\Icinga;
|
|
use Icinga\Application\Modules\Module;
|
|
use Icinga\Data\ResourceFactory;
|
|
use Icinga\Exception\ConfigurationError;
|
|
use Icinga\Exception\NotFoundError;
|
|
use Icinga\Forms\ActionForm;
|
|
use Icinga\Forms\Config\GeneralConfigForm;
|
|
use Icinga\Forms\Config\ResourceConfigForm;
|
|
use Icinga\Forms\Config\UserBackendConfigForm;
|
|
use Icinga\Forms\Config\UserBackendReorderForm;
|
|
use Icinga\Forms\ConfirmRemovalForm;
|
|
use Icinga\Security\SecurityException;
|
|
use Icinga\Web\Controller;
|
|
use Icinga\Web\Notification;
|
|
use Icinga\Web\Url;
|
|
use Icinga\Web\Widget;
|
|
|
|
/**
|
|
* Application and module configuration
|
|
*/
|
|
class ConfigController extends Controller
|
|
{
|
|
/**
|
|
* Create and return the tabs to display when showing application configuration
|
|
*/
|
|
public function createApplicationTabs()
|
|
{
|
|
$tabs = $this->getTabs();
|
|
if ($this->hasPermission('config/general')) {
|
|
$tabs->add('general', array(
|
|
'title' => $this->translate('Adjust the general configuration of Icinga Web 2'),
|
|
'label' => $this->translate('General'),
|
|
'url' => 'config/general',
|
|
'baseTarget' => '_main'
|
|
));
|
|
}
|
|
if ($this->hasPermission('config/resources')) {
|
|
$tabs->add('resource', array(
|
|
'title' => $this->translate('Configure which resources are being utilized by Icinga Web 2'),
|
|
'label' => $this->translate('Resources'),
|
|
'url' => 'config/resource',
|
|
'baseTarget' => '_main'
|
|
));
|
|
}
|
|
if ($this->hasPermission('config/access-control/users')
|
|
|| $this->hasPermission('config/access-control/groups')
|
|
) {
|
|
$tabs->add('authentication', array(
|
|
'title' => $this->translate('Configure the user and group backends'),
|
|
'label' => $this->translate('Access Control Backends'),
|
|
'url' => 'config/userbackend',
|
|
'baseTarget' => '_main'
|
|
));
|
|
}
|
|
|
|
return $tabs;
|
|
}
|
|
|
|
public function devtoolsAction()
|
|
{
|
|
$this->view->tabs = null;
|
|
}
|
|
|
|
/**
|
|
* Redirect to the general configuration
|
|
*/
|
|
public function indexAction()
|
|
{
|
|
if ($this->hasPermission('config/general')) {
|
|
$this->redirectNow('config/general');
|
|
} elseif ($this->hasPermission('config/resources')) {
|
|
$this->redirectNow('config/resource');
|
|
} elseif ($this->hasPermission('config/access-control/*')) {
|
|
$this->redirectNow('config/userbackend');
|
|
} else {
|
|
throw new SecurityException('No permission to configure Icinga Web 2');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* General configuration
|
|
*
|
|
* @throws SecurityException If the user lacks the permission for configuring the general configuration
|
|
*/
|
|
public function generalAction()
|
|
{
|
|
$this->assertPermission('config/general');
|
|
$form = new GeneralConfigForm();
|
|
$form->setIniConfig(Config::app());
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->title = $this->translate('General');
|
|
$this->createApplicationTabs()->activate('general');
|
|
}
|
|
|
|
/**
|
|
* Display the list of all modules
|
|
*/
|
|
public function modulesAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
// Overwrite tabs created in init
|
|
// @TODO(el): This seems not natural to me. Module configuration should have its own controller.
|
|
$this->view->tabs = Widget::create('tabs')
|
|
->add('modules', array(
|
|
'label' => $this->translate('Modules'),
|
|
'title' => $this->translate('List intalled modules'),
|
|
'url' => 'config/modules'
|
|
))
|
|
->activate('modules');
|
|
$this->view->modules = Icinga::app()->getModuleManager()->select()
|
|
->from('modules')
|
|
->order('enabled', 'desc')
|
|
->order('installed', 'asc')
|
|
->order('name');
|
|
$this->setupLimitControl();
|
|
$this->setupPaginationControl($this->view->modules);
|
|
$this->view->title = $this->translate('Modules');
|
|
}
|
|
|
|
public function moduleAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
$app = Icinga::app();
|
|
$manager = $app->getModuleManager();
|
|
$name = $this->getParam('name');
|
|
if ($manager->hasInstalled($name) || $manager->hasEnabled($name)) {
|
|
$this->view->moduleData = $manager->select()->from('modules')->where('name', $name)->fetchRow();
|
|
if ($manager->hasLoaded($name)) {
|
|
$module = $manager->getModule($name);
|
|
} else {
|
|
$module = new Module($app, $name, $manager->getModuleDir($name));
|
|
}
|
|
|
|
$toggleForm = new ActionForm();
|
|
$toggleForm->setDefaults(['identifier' => $name]);
|
|
if (! $this->view->moduleData->enabled) {
|
|
$toggleForm->setAction(Url::fromPath('config/moduleenable'));
|
|
$toggleForm->setDescription(sprintf($this->translate('Enable the %s module'), $name));
|
|
} elseif ($this->view->moduleData->loaded) {
|
|
$toggleForm->setAction(Url::fromPath('config/moduledisable'));
|
|
$toggleForm->setDescription(sprintf($this->translate('Disable the %s module'), $name));
|
|
} else {
|
|
$toggleForm = null;
|
|
}
|
|
|
|
$this->view->module = $module;
|
|
$this->view->libraries = $app->getLibraries();
|
|
$this->view->moduleManager = $manager;
|
|
$this->view->toggleForm = $toggleForm;
|
|
$this->view->title = $module->getName();
|
|
$this->view->tabs = $module->getConfigTabs()->activate('info');
|
|
$this->view->moduleGitCommitId = Version::getGitHead($module->getBaseDir());
|
|
} else {
|
|
$this->view->module = false;
|
|
$this->view->tabs = null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Enable a specific module provided by the 'name' param
|
|
*/
|
|
public function moduleenableAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
|
|
$form = new ActionForm();
|
|
$form->setOnSuccess(function (ActionForm $form) {
|
|
$moduleName = $form->getValue('identifier');
|
|
$module = Icinga::app()->getModuleManager()
|
|
->enableModule($moduleName)
|
|
->getModule($moduleName);
|
|
Notification::success(sprintf($this->translate('Module "%s" enabled'), $moduleName));
|
|
$form->onSuccess();
|
|
|
|
if ($module->hasJs()) {
|
|
$this->getResponse()
|
|
->setReloadWindow(true)
|
|
->sendResponse();
|
|
} else {
|
|
if ($module->hasCss()) {
|
|
$this->reloadCss();
|
|
}
|
|
|
|
$this->rerenderLayout()->redirectNow('config/modules');
|
|
}
|
|
});
|
|
|
|
try {
|
|
$form->handleRequest();
|
|
} catch (Exception $e) {
|
|
$this->view->exceptionMessage = $e->getMessage();
|
|
$this->view->moduleName = $form->getValue('identifier');
|
|
$this->view->action = 'enable';
|
|
$this->render('module-configuration-error');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Disable a module specific module provided by the 'name' param
|
|
*/
|
|
public function moduledisableAction()
|
|
{
|
|
$this->assertPermission('config/modules');
|
|
|
|
$form = new ActionForm();
|
|
$form->setOnSuccess(function (ActionForm $form) {
|
|
$mm = Icinga::app()->getModuleManager();
|
|
$moduleName = $form->getValue('identifier');
|
|
$module = $mm->getModule($moduleName);
|
|
$mm->disableModule($moduleName);
|
|
Notification::success(sprintf($this->translate('Module "%s" disabled'), $moduleName));
|
|
$form->onSuccess();
|
|
|
|
if ($module->hasJs()) {
|
|
$this->getResponse()
|
|
->setReloadWindow(true)
|
|
->sendResponse();
|
|
} else {
|
|
if ($module->hasCss()) {
|
|
$this->reloadCss();
|
|
}
|
|
|
|
$this->rerenderLayout()->redirectNow('config/modules');
|
|
}
|
|
});
|
|
|
|
try {
|
|
$form->handleRequest();
|
|
} catch (Exception $e) {
|
|
$this->view->exceptionMessage = $e->getMessage();
|
|
$this->view->moduleName = $form->getValue('identifier');
|
|
$this->view->action = 'disable';
|
|
$this->render('module-configuration-error');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Action for listing user and group backends
|
|
*/
|
|
public function userbackendAction()
|
|
{
|
|
if ($this->hasPermission('config/access-control/users')) {
|
|
$form = new UserBackendReorderForm();
|
|
$form->setIniConfig(Config::app('authentication'));
|
|
$form->handleRequest();
|
|
$this->view->form = $form;
|
|
}
|
|
|
|
if ($this->hasPermission('config/access-control/groups')) {
|
|
$this->view->backendNames = Config::app('groups');
|
|
}
|
|
|
|
$this->createApplicationTabs()->activate('authentication');
|
|
$this->view->title = $this->translate('Authentication');
|
|
$this->render('userbackend/reorder');
|
|
}
|
|
|
|
/**
|
|
* Create a new user backend
|
|
*/
|
|
public function createuserbackendAction()
|
|
{
|
|
$this->assertPermission('config/access-control/users');
|
|
$form = new UserBackendConfigForm();
|
|
$form
|
|
->setRedirectUrl('config/userbackend')
|
|
->addDescription($this->translate(
|
|
'Create a new backend for authenticating your users. This backend'
|
|
. ' will be added at the end of your authentication order.'
|
|
))
|
|
->setIniConfig(Config::app('authentication'));
|
|
|
|
try {
|
|
$form->setResourceConfig(ResourceFactory::getResourceConfigs());
|
|
} catch (ConfigurationError $e) {
|
|
if ($this->hasPermission('config/resources')) {
|
|
Notification::error($e->getMessage());
|
|
$this->redirectNow('config/createresource');
|
|
}
|
|
|
|
throw $e; // No permission for resource configuration, show the error
|
|
}
|
|
|
|
$form->setOnSuccess(function (UserBackendConfigForm $form) {
|
|
try {
|
|
$form->add($form::transformEmptyValuesToNull($form->getValues()));
|
|
} catch (Exception $e) {
|
|
$form->error($e->getMessage());
|
|
return false;
|
|
}
|
|
|
|
if ($form->save()) {
|
|
Notification::success(t('User backend successfully created'));
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
});
|
|
$form->handleRequest();
|
|
|
|
$this->view->title = $this->translate('Authentication');
|
|
$this->renderForm($form, $this->translate('New User Backend'));
|
|
}
|
|
|
|
/**
|
|
* Edit a user backend
|
|
*/
|
|
public function edituserbackendAction()
|
|
{
|
|
$this->assertPermission('config/access-control/users');
|
|
$backendName = $this->params->getRequired('backend');
|
|
|
|
$form = new UserBackendConfigForm();
|
|
$form->setRedirectUrl('config/userbackend');
|
|
$form->setIniConfig(Config::app('authentication'));
|
|
$form->setOnSuccess(function (UserBackendConfigForm $form) use ($backendName) {
|
|
try {
|
|
$form->edit($backendName, $form::transformEmptyValuesToNull($form->getValues()));
|
|
} catch (Exception $e) {
|
|
$form->error($e->getMessage());
|
|
return false;
|
|
}
|
|
|
|
if ($form->save()) {
|
|
Notification::success(sprintf(t('User backend "%s" successfully updated'), $backendName));
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
});
|
|
|
|
try {
|
|
$form->load($backendName);
|
|
$form->setResourceConfig(ResourceFactory::getResourceConfigs());
|
|
$form->handleRequest();
|
|
} catch (NotFoundError $_) {
|
|
$this->httpNotFound(sprintf($this->translate('User backend "%s" not found'), $backendName));
|
|
}
|
|
|
|
$this->view->title = $this->translate('Authentication');
|
|
$this->renderForm($form, $this->translate('Update User Backend'));
|
|
}
|
|
|
|
/**
|
|
* Display a confirmation form to remove the backend identified by the 'backend' parameter
|
|
*/
|
|
public function removeuserbackendAction()
|
|
{
|
|
$this->assertPermission('config/access-control/users');
|
|
$backendName = $this->params->getRequired('backend');
|
|
|
|
$backendForm = new UserBackendConfigForm();
|
|
$backendForm->setIniConfig(Config::app('authentication'));
|
|
$form = new ConfirmRemovalForm();
|
|
$form->setRedirectUrl('config/userbackend');
|
|
$form->setOnSuccess(function (ConfirmRemovalForm $form) use ($backendName, $backendForm) {
|
|
try {
|
|
$backendForm->delete($backendName);
|
|
} catch (Exception $e) {
|
|
$form->error($e->getMessage());
|
|
return false;
|
|
}
|
|
|
|
if ($backendForm->save()) {
|
|
Notification::success(sprintf(t('User backend "%s" successfully removed'), $backendName));
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
});
|
|
$form->handleRequest();
|
|
|
|
$this->view->title = $this->translate('Authentication');
|
|
$this->renderForm($form, $this->translate('Remove User Backend'));
|
|
}
|
|
|
|
/**
|
|
* Display all available resources and a link to create a new one and to remove existing ones
|
|
*/
|
|
public function resourceAction()
|
|
{
|
|
$this->assertPermission('config/resources');
|
|
$this->view->resources = Config::app('resources', true)->getConfigObject()
|
|
->setKeyColumn('name')
|
|
->select()
|
|
->order('name');
|
|
$this->view->title = $this->translate('Resources');
|
|
$this->createApplicationTabs()->activate('resource');
|
|
}
|
|
|
|
/**
|
|
* Display a form to create a new resource
|
|
*/
|
|
public function createresourceAction()
|
|
{
|
|
$this->assertPermission('config/resources');
|
|
$this->getTabs()->add('resources/new', array(
|
|
'label' => $this->translate('New Resource'),
|
|
'url' => Url::fromRequest()
|
|
))->activate('resources/new');
|
|
$form = new ResourceConfigForm();
|
|
$form->addDescription($this->translate('Resources are entities that provide data to Icinga Web 2.'));
|
|
$form->setIniConfig(Config::app('resources'));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->title = $this->translate('Resources');
|
|
$this->render('resource/create');
|
|
}
|
|
|
|
/**
|
|
* Display a form to edit a existing resource
|
|
*/
|
|
public function editresourceAction()
|
|
{
|
|
$this->assertPermission('config/resources');
|
|
$this->getTabs()->add('resources/update', array(
|
|
'label' => $this->translate('Update Resource'),
|
|
'url' => Url::fromRequest()
|
|
))->activate('resources/update');
|
|
$form = new ResourceConfigForm();
|
|
$form->setIniConfig(Config::app('resources'));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
$this->view->form = $form;
|
|
$this->view->title = $this->translate('Resources');
|
|
$this->render('resource/modify');
|
|
}
|
|
|
|
/**
|
|
* Display a confirmation form to remove a resource
|
|
*/
|
|
public function removeresourceAction()
|
|
{
|
|
$this->assertPermission('config/resources');
|
|
$this->getTabs()->add('resources/remove', array(
|
|
'label' => $this->translate('Remove Resource'),
|
|
'url' => Url::fromRequest()
|
|
))->activate('resources/remove');
|
|
$form = new ConfirmRemovalForm(array(
|
|
'onSuccess' => function ($form) {
|
|
$configForm = new ResourceConfigForm();
|
|
$configForm->setIniConfig(Config::app('resources'));
|
|
$resource = $form->getRequest()->getQuery('resource');
|
|
|
|
try {
|
|
$configForm->remove($resource);
|
|
} catch (InvalidArgumentException $e) {
|
|
Notification::error($e->getMessage());
|
|
return false;
|
|
}
|
|
|
|
if ($configForm->save()) {
|
|
Notification::success(sprintf(t('Resource "%s" has been successfully removed'), $resource));
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
));
|
|
$form->setRedirectUrl('config/resource');
|
|
$form->handleRequest();
|
|
|
|
// Check if selected resource is currently used for authentication
|
|
$resource = $this->getRequest()->getQuery('resource');
|
|
$authConfig = Config::app('authentication');
|
|
foreach ($authConfig as $backendName => $config) {
|
|
if ($config->get('resource') === $resource) {
|
|
$form->warning(sprintf(
|
|
$this->translate(
|
|
'The resource "%s" is currently utilized for authentication by user backend "%s".'
|
|
. ' Removing the resource can result in noone being able to log in any longer.'
|
|
),
|
|
$resource,
|
|
$backendName
|
|
));
|
|
}
|
|
}
|
|
|
|
// Check if selected resource is currently used as user preferences backend
|
|
if (Config::app()->get('global', 'config_resource') === $resource) {
|
|
$form->warning(sprintf(
|
|
$this->translate(
|
|
'The resource "%s" is currently utilized to store user preferences. Removing the'
|
|
. ' resource causes all current user preferences not being available any longer.'
|
|
),
|
|
$resource
|
|
));
|
|
}
|
|
|
|
$this->view->form = $form;
|
|
$this->view->title = $this->translate('Resources');
|
|
$this->render('resource/remove');
|
|
}
|
|
}
|