diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:17:48 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:17:48 +0000 |
commit | e6d4dfc040bbe3cb80a2ce65b82493b557f751fc (patch) | |
tree | 40bd6366b01b06f4d96fc8638f23a772263cb5e9 /configuration.php | |
parent | Releasing progress-linux version 1.10.2-2~progress7.99u1. (diff) | |
download | icingaweb2-module-director-e6d4dfc040bbe3cb80a2ce65b82493b557f751fc.tar.xz icingaweb2-module-director-e6d4dfc040bbe3cb80a2ce65b82493b557f751fc.zip |
Merging upstream version 1.11.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'configuration.php')
-rw-r--r-- | configuration.php | 196 |
1 files changed, 96 insertions, 100 deletions
diff --git a/configuration.php b/configuration.php index 4536d5d..f812f3c 100644 --- a/configuration.php +++ b/configuration.php @@ -1,100 +1,99 @@ <?php use Icinga\Application\Icinga; +use Icinga\Application\Modules\Module; +use Icinga\Module\Director\Auth\Permission; +use Icinga\Module\Director\Auth\Restriction; use Icinga\Web\Window; -/** @var \Icinga\Application\Modules\Module $this */ +/** @var Module $this */ if ($this->getConfig()->get('frontend', 'disabled', 'no') === 'yes') { return; } -$this->providePermission('director/api', $this->translate('Allow to access the director API')); -$this->providePermission('director/audit', $this->translate('Allow to access the full audit log')); -$this->providePermission( - 'director/showconfig', - $this->translate('Allow to show configuration (could contain sensitive information)') -); -$this->providePermission( - 'director/showsql', - $this->translate('Allow to show the full executed SQL queries in some places') -); -$this->providePermission('director/deploy', $this->translate('Allow to deploy configuration')); -$this->providePermission('director/hosts', $this->translate('Allow to configure hosts')); -$this->providePermission('director/services', $this->translate('Allow to configure services')); -$this->providePermission('director/servicesets', $this->translate('Allow to configure service sets')); -$this->providePermission('director/service_set/apply', $this->translate('Allow to define Service Set Apply Rules')); -$this->providePermission('director/users', $this->translate('Allow to configure users')); -$this->providePermission('director/notifications', $this->translate('Allow to configure notifications (unrestricted)')); -$this->providePermission( - 'director/scheduled-downtimes', - $this->translate('Allow to configure notifications (unrestricted)') -); -$this->providePermission( - 'director/inspect', - $this->translate( - 'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)' - ) -); -$this->providePermission( - 'director/monitoring/services-ro', - $this->translate('Allow readonly users to see where a Service came from') -); -$this->providePermission( - 'director/monitoring/hosts', - $this->translate('Allow users to modify Hosts they are allowed to see in the monitoring module') -); -$this->providePermission( - 'director/monitoring/services', - $this->translate('Allow users to modify Service they are allowed to see in the monitoring module') -); -$this->providePermission('director/*', $this->translate('Allow unrestricted access to Icinga Director')); -$this->provideRestriction( - 'director/filter/hostgroups', - $this->translate( - 'Limit access to the given comma-separated list of hostgroups' - ) -); +$monitoringExists = Module::exists('monitoring'); +$icingadbExists = Module::exists('icingadb'); -$this->provideRestriction( - 'director/monitoring/rw-object-filter', - $this->translate( - 'Additional (monitoring module) object filter to further restrict write access' - ) -); +$this->providePermission(Permission::ALL_PERMISSIONS, $this->translate('Allow unrestricted access to Icinga Director')); +$this->providePermission(Permission::API, $this->translate('Allow to access the director API')); +$this->providePermission(Permission::AUDIT, $this->translate('Allow to access the full audit log')); +$this->providePermission(Permission::DEPLOY, $this->translate('Allow to deploy configuration')); +$this->providePermission(Permission::INSPECT, $this->translate( + 'Allow to inspect objects through the Icinga 2 API (could contain sensitive information)' +)); +$this->providePermission(Permission::SHOW_CONFIG, $this->translate( + 'Allow to show configuration (could contain sensitive information)' +)); +$this->providePermission(Permission::SHOW_SQL, $this->translate( + 'Allow to show the full executed SQL queries in some places' +)); +$this->providePermission(Permission::GROUPS_FOR_RESTRICTED_HOSTS, $this->translate( + 'Allow users with Hostgroup restrictions to access the Groups field' +)); +$this->providePermission(Permission::HOSTS, $this->translate('Allow to configure hosts')); +$this->providePermission(Permission::NOTIFICATIONS, $this->translate( + 'Allow to configure notifications (unrestricted)' +)); +$this->providePermission(Permission::SERVICES, $this->translate('Allow to configure services')); +$this->providePermission(Permission::SERVICE_SETS, $this->translate('Allow to configure service sets')); +$this->providePermission(Permission::SERVICE_SET_APPLY, $this->translate('Allow to define Service Set Apply Rules')); +$this->providePermission(Permission::USERS, $this->translate('Allow to configure users')); +$this->providePermission(Permission::SCHEDULED_DOWNTIMES, $this->translate( + 'Allow to configure notifications (unrestricted)' +)); -$this->providePermission( - 'director/groups-for-restricted-hosts', - $this->translate('Allow users with Hostgroup restrictions to access the Groups field') -); +if ($monitoringExists) { + $this->providePermission(Permission::MONITORING_HOSTS, $this->translate( + 'Allow users to modify Hosts they are allowed to see in the monitoring module' + )); + $this->providePermission(Permission::MONITORING_SERVICES, $this->translate( + 'Allow users to modify Service they are allowed to see in the monitoring module' + )); + $this->providePermission(Permission::MONITORING_SERVICES_RO, $this->translate( + 'Allow readonly users to see where a Service came from' + )); +} -$this->provideRestriction( - 'director/service/apply/filter-by-name', - $this->translate( - 'Filter available service apply rules' - ) -); +if ($icingadbExists) { + $this->providePermission(Permission::ICINGADB_HOSTS, $this->translate( + 'Allow users to modify Hosts they are allowed to see in Icinga DB Web' + )); + $this->providePermission(Permission::ICINGADB_SERVICES, $this->translate( + 'Allow users to modify Service they are allowed to see in Icinga DB Web' + )); + $this->providePermission(Permission::ICINGADB_SERVICES_RO, $this->translate( + 'Allow readonly users to see where a Service came from' + )); +} -$this->provideRestriction( - 'director/notification/apply/filter-by-name', - $this->translate( - 'Filter available notification apply rules' - ) -); +if ($monitoringExists) { + $this->provideRestriction(Restriction::MONITORING_RW_OBJECT_FILTER, $this->translate( + 'Additional (monitoring module) object filter to further restrict write access' + )); +} -$this->provideRestriction( - 'director/scheduled-downtime/apply/filter-by-name', - $this->translate( - 'Filter available scheduled downtime rules' - ) -); +if ($icingadbExists) { + $this->provideRestriction(Restriction::ICINGADB_RW_OBJECT_FILTER, $this->translate( + 'Additional (Icinga DB Web) object filter to further restrict write access' + )); +} -$this->provideRestriction( - 'director/service_set/filter-by-name', - $this->translate( - 'Filter available service set templates. Use asterisks (*) as wildcards,' - . ' like in DB* or *net*' - ) -); +$this->provideRestriction(Restriction::FILTER_HOSTGROUPS, $this->translate( + 'Limit access to the given comma-separated list of hostgroups' +)); +$this->provideRestriction(Restriction::NOTIFICATION_APPLY_FILTER_BY_NAME, $this->translate( + 'Filter available notification apply rules' +)); +$this->provideRestriction(Restriction::SCHEDULED_DOWNTIME_APPLY_FILTER_BY_NAME, $this->translate( + 'Filter available scheduled downtime rules' +)); +$this->provideRestriction(Restriction::SERVICE_APPLY_FILTER_BY_NAME, $this->translate( + 'Filter available service apply rules' +)); +$this->provideRestriction(Restriction::SERVICE_SET_FILTER_BY_NAME, $this->translate( + 'Filter available service set templates. Use asterisks (*) as wildcards,' + . ' like in DB* or *net*' +)); $this->provideSearchUrl($this->translate('Host configs'), 'director/hosts?limit=10', 60); @@ -111,10 +110,10 @@ $this->provideRestriction( ); */ -$this->provideConfigTab('config', array( +$this->provideConfigTab('config', [ 'title' => 'Configuration', 'url' => 'settings' -)); +]); $mainTitle = N_('Icinga Director'); try { @@ -141,41 +140,38 @@ try { $mainTitle .= ' (?!)'; } -$section = $this->menuSection( - $mainTitle -)->setUrl('director')->setPriority(60)->setIcon( - 'cubes' -)->setRenderer(array( - 'SummaryNavigationItemRenderer', - 'state' => 'critical' -)); - +// Hint: director/admin and director/deployments are intentionally +$section = $this->menuSection($mainTitle) + ->setUrl('director') + ->setPriority(60) + ->setIcon('cubes') + ->setRenderer(['SummaryNavigationItemRenderer', 'state' => 'critical']); $section->add(N_('Hosts')) ->setUrl('director/dashboard?name=hosts') - ->setPermission('director/hosts') + ->setPermission(Permission::HOSTS) ->setPriority(30); $section->add(N_('Services')) ->setUrl('director/dashboard?name=services') - ->setPermission('director/services') + ->setPermission(Permission::SERVICES) ->setPriority(40); $section->add(N_('Commands')) ->setUrl('director/dashboard?name=commands') - ->setPermission('director/admin') + ->setPermission(Permission::ADMIN) ->setPriority(50); $section->add(N_('Notifications')) ->setUrl('director/dashboard?name=notifications') - ->setPermission('director/notifications') + ->setPermission(Permission::NOTIFICATIONS) ->setPriority(70); $section->add(N_('Automation')) ->setUrl('director/importsources') - ->setPermission('director/admin') + ->setPermission(Permission::ADMIN) ->setPriority(901); $section->add(N_('Activity log')) ->setUrl('director/config/activities') ->setPriority(902) - ->setPermission('director/audit') + ->setPermission(Permission::AUDIT) ->setRenderer('ConfigHealthItemRenderer'); $section->add(N_('Deployments')) ->setUrl('director/config/deployments') ->setPriority(902) - ->setPermission('director/deployments'); + ->setPermission(Permission::DEPLOYMENTS); |