diff options
Diffstat (limited to 'configuration.php')
| -rw-r--r-- | configuration.php | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/configuration.php b/configuration.php new file mode 100644 index 0000000..4536d5d --- /dev/null +++ b/configuration.php @@ -0,0 +1,181 @@ +<?php + +use Icinga\Application\Icinga; +use Icinga\Web\Window; + +/** @var \Icinga\Application\Modules\Module $this */ +if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') { + return; +} +$this->providePermission('director/api', $this->translate('Allow to access the director API')); +$this->providePermission('director/audit', $this->translate('Allow to access the full audit log')); +$this->providePermission( + 'director/showconfig', + $this->translate('Allow to show configuration (could contain sensitive information)') +); +$this->providePermission( + 'director/showsql', + $this->translate('Allow to show the full executed SQL queries in some places') +); +$this->providePermission('director/deploy', $this->translate('Allow to deploy configuration')); +$this->providePermission('director/hosts', $this->translate('Allow to configure hosts')); +$this->providePermission('director/services', $this->translate('Allow to configure services')); +$this->providePermission('director/servicesets', $this->translate('Allow to configure service sets')); +$this->providePermission('director/service_set/apply', $this->translate('Allow to define Service Set Apply Rules')); +$this->providePermission('director/users', $this->translate('Allow to configure users')); +$this->providePermission('director/notifications', $this->translate('Allow to configure notifications (unrestricted)')); +$this->providePermission( + 'director/scheduled-downtimes', + $this->translate('Allow to configure notifications (unrestricted)') +); +$this->providePermission( + 'director/inspect', + $this->translate( + 'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)' + ) +); +$this->providePermission( + 'director/monitoring/services-ro', + $this->translate('Allow readonly users to see where a Service came from') +); +$this->providePermission( + 'director/monitoring/hosts', + $this->translate('Allow users to modify Hosts they are allowed to see in the monitoring module') +); +$this->providePermission( + 'director/monitoring/services', + $this->translate('Allow users to modify Service they are allowed to see in the monitoring module') +); +$this->providePermission('director/*', $this->translate('Allow unrestricted access to Icinga Director')); + +$this->provideRestriction( + 'director/filter/hostgroups', + $this->translate( + 'Limit access to the given comma-separated list of hostgroups' + ) +); + +$this->provideRestriction( + 'director/monitoring/rw-object-filter', + $this->translate( + 'Additional (monitoring module) object filter to further restrict write access' + ) +); + +$this->providePermission( + 'director/groups-for-restricted-hosts', + $this->translate('Allow users with Hostgroup restrictions to access the Groups field') +); + +$this->provideRestriction( + 'director/service/apply/filter-by-name', + $this->translate( + 'Filter available service apply rules' + ) +); + +$this->provideRestriction( + 'director/notification/apply/filter-by-name', + $this->translate( + 'Filter available notification apply rules' + ) +); + +$this->provideRestriction( + 'director/scheduled-downtime/apply/filter-by-name', + $this->translate( + 'Filter available scheduled downtime rules' + ) +); + +$this->provideRestriction( + 'director/service_set/filter-by-name', + $this->translate( + 'Filter available service set templates. Use asterisks (*) as wildcards,' + . ' like in DB* or *net*' + ) +); + +$this->provideSearchUrl($this->translate('Host configs'), 'director/hosts?limit=10', 60); + +/* +// Disabled unless available +$this->provideRestriction( + 'director/hosttemplates/filter', + $this->translate('Allow to use only host templates matching this filter') +); + +$this->provideRestriction( + 'director/db_resource', + $this->translate('Allow to use only these db resources (comma separated list)') +); +*/ + +$this->provideConfigTab('config', array( + 'title' => 'Configuration', + 'url' => 'settings' +)); +$mainTitle = N_('Icinga Director'); + +try { + $app = Icinga::app(); + if ($app->isWeb()) { + $request = $app->getRequest(); + $id = $request->getHeader('X-Icinga-WindowId'); + if ($id !== false) { + $window = new Window($id); + /** @var \Icinga\Web\Session\SessionNamespace $session */ + $session = $window->getSessionNamespace('director'); + $dbName = $session->get('db_resource'); + if ($dbName && $dbName !== $this->getConfig()->get('db', 'resource')) { + $dbName = ucfirst(str_replace('_', ' ', $dbName)); + if (stripos($dbName, 'Director') === false) { + $dbName = 'Director: ' . $dbName; + } + $mainTitle = $dbName; + } + } + } +} catch (\Exception $e) { + // There isn't much we can do, we don't want to break the menu + $mainTitle .= ' (?!)'; +} + +$section = $this->menuSection( + $mainTitle +)->setUrl('director')->setPriority(60)->setIcon( + 'cubes' +)->setRenderer(array( + 'SummaryNavigationItemRenderer', + 'state' => 'critical' +)); + +$section->add(N_('Hosts')) + ->setUrl('director/dashboard?name=hosts') + ->setPermission('director/hosts') + ->setPriority(30); +$section->add(N_('Services')) + ->setUrl('director/dashboard?name=services') + ->setPermission('director/services') + ->setPriority(40); +$section->add(N_('Commands')) + ->setUrl('director/dashboard?name=commands') + ->setPermission('director/admin') + ->setPriority(50); +$section->add(N_('Notifications')) + ->setUrl('director/dashboard?name=notifications') + ->setPermission('director/notifications') + ->setPriority(70); +$section->add(N_('Automation')) + ->setUrl('director/importsources') + ->setPermission('director/admin') + ->setPriority(901); +$section->add(N_('Activity log')) + ->setUrl('director/config/activities') + ->setPriority(902) + ->setPermission('director/audit') + ->setRenderer('ConfigHealthItemRenderer'); +$section->add(N_('Deployments')) + ->setUrl('director/config/deployments') + ->setPriority(902) + ->setPermission('director/deployments'); |