summaryrefslogtreecommitdiffstats
path: root/configuration.php
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:17:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-14 13:17:48 +0000
commite6d4dfc040bbe3cb80a2ce65b82493b557f751fc (patch)
tree40bd6366b01b06f4d96fc8638f23a772263cb5e9 /configuration.php
parentReleasing progress-linux version 1.10.2-2~progress7.99u1. (diff)
downloadicingaweb2-module-director-e6d4dfc040bbe3cb80a2ce65b82493b557f751fc.tar.xz
icingaweb2-module-director-e6d4dfc040bbe3cb80a2ce65b82493b557f751fc.zip
Merging upstream version 1.11.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'configuration.php')
-rw-r--r--configuration.php196
1 files changed, 96 insertions, 100 deletions
diff --git a/configuration.php b/configuration.php
index 4536d5d..f812f3c 100644
--- a/configuration.php
+++ b/configuration.php
@@ -1,100 +1,99 @@
<?php
use Icinga\Application\Icinga;
+use Icinga\Application\Modules\Module;
+use Icinga\Module\Director\Auth\Permission;
+use Icinga\Module\Director\Auth\Restriction;
use Icinga\Web\Window;
-/** @var \Icinga\Application\Modules\Module $this */
+/** @var Module $this */
if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') {
return;
}
-$this->providePermission('director/api', $this->translate('Allow to access the director API'));
-$this->providePermission('director/audit', $this->translate('Allow to access the full audit log'));
-$this->providePermission(
- 'director/showconfig',
- $this->translate('Allow to show configuration (could contain sensitive information)')
-);
-$this->providePermission(
- 'director/showsql',
- $this->translate('Allow to show the full executed SQL queries in some places')
-);
-$this->providePermission('director/deploy', $this->translate('Allow to deploy configuration'));
-$this->providePermission('director/hosts', $this->translate('Allow to configure hosts'));
-$this->providePermission('director/services', $this->translate('Allow to configure services'));
-$this->providePermission('director/servicesets', $this->translate('Allow to configure service sets'));
-$this->providePermission('director/service_set/apply', $this->translate('Allow to define Service Set Apply Rules'));
-$this->providePermission('director/users', $this->translate('Allow to configure users'));
-$this->providePermission('director/notifications', $this->translate('Allow to configure notifications (unrestricted)'));
-$this->providePermission(
- 'director/scheduled-downtimes',
- $this->translate('Allow to configure notifications (unrestricted)')
-);
-$this->providePermission(
- 'director/inspect',
- $this->translate(
- 'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)'
- )
-);
-$this->providePermission(
- 'director/monitoring/services-ro',
- $this->translate('Allow readonly users to see where a Service came from')
-);
-$this->providePermission(
- 'director/monitoring/hosts',
- $this->translate('Allow users to modify Hosts they are allowed to see in the monitoring module')
-);
-$this->providePermission(
- 'director/monitoring/services',
- $this->translate('Allow users to modify Service they are allowed to see in the monitoring module')
-);
-$this->providePermission('director/*', $this->translate('Allow unrestricted access to Icinga Director'));
-$this->provideRestriction(
- 'director/filter/hostgroups',
- $this->translate(
- 'Limit access to the given comma-separated list of hostgroups'
- )
-);
+$monitoringExists = Module::exists('monitoring');
+$icingadbExists = Module::exists('icingadb');
-$this->provideRestriction(
- 'director/monitoring/rw-object-filter',
- $this->translate(
- 'Additional (monitoring module) object filter to further restrict write access'
- )
-);
+$this->providePermission(Permission::ALL_PERMISSIONS, $this->translate('Allow unrestricted access to Icinga Director'));
+$this->providePermission(Permission::API, $this->translate('Allow to access the director API'));
+$this->providePermission(Permission::AUDIT, $this->translate('Allow to access the full audit log'));
+$this->providePermission(Permission::DEPLOY, $this->translate('Allow to deploy configuration'));
+$this->providePermission(Permission::INSPECT, $this->translate(
+ 'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)'
+));
+$this->providePermission(Permission::SHOW_CONFIG, $this->translate(
+ 'Allow to show configuration (could contain sensitive information)'
+));
+$this->providePermission(Permission::SHOW_SQL, $this->translate(
+ 'Allow to show the full executed SQL queries in some places'
+));
+$this->providePermission(Permission::GROUPS_FOR_RESTRICTED_HOSTS, $this->translate(
+ 'Allow users with Hostgroup restrictions to access the Groups field'
+));
+$this->providePermission(Permission::HOSTS, $this->translate('Allow to configure hosts'));
+$this->providePermission(Permission::NOTIFICATIONS, $this->translate(
+ 'Allow to configure notifications (unrestricted)'
+));
+$this->providePermission(Permission::SERVICES, $this->translate('Allow to configure services'));
+$this->providePermission(Permission::SERVICE_SETS, $this->translate('Allow to configure service sets'));
+$this->providePermission(Permission::SERVICE_SET_APPLY, $this->translate('Allow to define Service Set Apply Rules'));
+$this->providePermission(Permission::USERS, $this->translate('Allow to configure users'));
+$this->providePermission(Permission::SCHEDULED_DOWNTIMES, $this->translate(
+ 'Allow to configure notifications (unrestricted)'
+));
-$this->providePermission(
- 'director/groups-for-restricted-hosts',
- $this->translate('Allow users with Hostgroup restrictions to access the Groups field')
-);
+if ($monitoringExists) {
+ $this->providePermission(Permission::MONITORING_HOSTS, $this->translate(
+ 'Allow users to modify Hosts they are allowed to see in the monitoring module'
+ ));
+ $this->providePermission(Permission::MONITORING_SERVICES, $this->translate(
+ 'Allow users to modify Service they are allowed to see in the monitoring module'
+ ));
+ $this->providePermission(Permission::MONITORING_SERVICES_RO, $this->translate(
+ 'Allow readonly users to see where a Service came from'
+ ));
+}
-$this->provideRestriction(
- 'director/service/apply/filter-by-name',
- $this->translate(
- 'Filter available service apply rules'
- )
-);
+if ($icingadbExists) {
+ $this->providePermission(Permission::ICINGADB_HOSTS, $this->translate(
+ 'Allow users to modify Hosts they are allowed to see in Icinga DB Web'
+ ));
+ $this->providePermission(Permission::ICINGADB_SERVICES, $this->translate(
+ 'Allow users to modify Service they are allowed to see in Icinga DB Web'
+ ));
+ $this->providePermission(Permission::ICINGADB_SERVICES_RO, $this->translate(
+ 'Allow readonly users to see where a Service came from'
+ ));
+}
-$this->provideRestriction(
- 'director/notification/apply/filter-by-name',
- $this->translate(
- 'Filter available notification apply rules'
- )
-);
+if ($monitoringExists) {
+ $this->provideRestriction(Restriction::MONITORING_RW_OBJECT_FILTER, $this->translate(
+ 'Additional (monitoring module) object filter to further restrict write access'
+ ));
+}
-$this->provideRestriction(
- 'director/scheduled-downtime/apply/filter-by-name',
- $this->translate(
- 'Filter available scheduled downtime rules'
- )
-);
+if ($icingadbExists) {
+ $this->provideRestriction(Restriction::ICINGADB_RW_OBJECT_FILTER, $this->translate(
+ 'Additional (Icinga DB Web) object filter to further restrict write access'
+ ));
+}
-$this->provideRestriction(
- 'director/service_set/filter-by-name',
- $this->translate(
- 'Filter available service set templates. Use asterisks (*) as wildcards,'
- . ' like in DB* or *net*'
- )
-);
+$this->provideRestriction(Restriction::FILTER_HOSTGROUPS, $this->translate(
+ 'Limit access to the given comma-separated list of hostgroups'
+));
+$this->provideRestriction(Restriction::NOTIFICATION_APPLY_FILTER_BY_NAME, $this->translate(
+ 'Filter available notification apply rules'
+));
+$this->provideRestriction(Restriction::SCHEDULED_DOWNTIME_APPLY_FILTER_BY_NAME, $this->translate(
+ 'Filter available scheduled downtime rules'
+));
+$this->provideRestriction(Restriction::SERVICE_APPLY_FILTER_BY_NAME, $this->translate(
+ 'Filter available service apply rules'
+));
+$this->provideRestriction(Restriction::SERVICE_SET_FILTER_BY_NAME, $this->translate(
+ 'Filter available service set templates. Use asterisks (*) as wildcards,'
+ . ' like in DB* or *net*'
+));
$this->provideSearchUrl($this->translate('Host configs'), 'director/hosts?limit=10', 60);
@@ -111,10 +110,10 @@ $this->provideRestriction(
);
*/
-$this->provideConfigTab('config', array(
+$this->provideConfigTab('config', [
'title' => 'Configuration',
'url' => 'settings'
-));
+]);
$mainTitle = N_('Icinga Director');
try {
@@ -141,41 +140,38 @@ try {
$mainTitle .= ' (?!)';
}
-$section = $this->menuSection(
- $mainTitle
-)->setUrl('director')->setPriority(60)->setIcon(
- 'cubes'
-)->setRenderer(array(
- 'SummaryNavigationItemRenderer',
- 'state' => 'critical'
-));
-
+// Hint: director/admin and director/deployments are intentionally
+$section = $this->menuSection($mainTitle)
+ ->setUrl('director')
+ ->setPriority(60)
+ ->setIcon('cubes')
+ ->setRenderer(['SummaryNavigationItemRenderer', 'state' => 'critical']);
$section->add(N_('Hosts'))
->setUrl('director/dashboard?name=hosts')
- ->setPermission('director/hosts')
+ ->setPermission(Permission::HOSTS)
->setPriority(30);
$section->add(N_('Services'))
->setUrl('director/dashboard?name=services')
- ->setPermission('director/services')
+ ->setPermission(Permission::SERVICES)
->setPriority(40);
$section->add(N_('Commands'))
->setUrl('director/dashboard?name=commands')
- ->setPermission('director/admin')
+ ->setPermission(Permission::ADMIN)
->setPriority(50);
$section->add(N_('Notifications'))
->setUrl('director/dashboard?name=notifications')
- ->setPermission('director/notifications')
+ ->setPermission(Permission::NOTIFICATIONS)
->setPriority(70);
$section->add(N_('Automation'))
->setUrl('director/importsources')
- ->setPermission('director/admin')
+ ->setPermission(Permission::ADMIN)
->setPriority(901);
$section->add(N_('Activity log'))
->setUrl('director/config/activities')
->setPriority(902)
- ->setPermission('director/audit')
+ ->setPermission(Permission::AUDIT)
->setRenderer('ConfigHealthItemRenderer');
$section->add(N_('Deployments'))
->setUrl('director/config/deployments')
->setPriority(902)
- ->setPermission('director/deployments');
+ ->setPermission(Permission::DEPLOYMENTS);