From e6d4dfc040bbe3cb80a2ce65b82493b557f751fc Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 14 Apr 2024 15:17:48 +0200 Subject: Merging upstream version 1.11.1. Signed-off-by: Daniel Baumann --- application/controllers/HostController.php | 129 +++++++++++++++++------------ 1 file changed, 76 insertions(+), 53 deletions(-) (limited to 'application/controllers/HostController.php') diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php index e107d22..33b5ba5 100644 --- a/application/controllers/HostController.php +++ b/application/controllers/HostController.php @@ -3,7 +3,9 @@ namespace Icinga\Module\Director\Controllers; use gipfl\Web\Widget\Hint; -use Icinga\Module\Director\Monitoring; +use Icinga\Module\Director\Auth\Permission; +use Icinga\Module\Director\Integration\Icingadb\IcingadbBackend; +use Icinga\Module\Director\Integration\MonitoringModule\Monitoring; use Icinga\Module\Director\Web\Table\ObjectsTableService; use ipl\Html\Html; use gipfl\IcingaWeb2\Link; @@ -31,28 +33,24 @@ class HostController extends ObjectController { protected function checkDirectorPermissions() { - if ($this->isServiceAction() && (new Monitoring())->authCanEditService( - $this->Auth(), - $this->getParam('name'), - $this->getParam('service') - )) { + $host = $this->getHostObject(); + $auth = $this->Auth(); + $backend = $this->backend(); + if ($this->isServiceAction() + && $backend->canModifyService($host->getObjectName(), $this->getParam('service')) + ) { return; } - - if ($this->isServicesReadOnlyAction()) { - $this->assertPermission('director/monitoring/services-ro'); + if ($this->isServicesReadOnlyAction() && $auth->hasPermission($this->getServicesReadOnlyPermission())) { return; } - - if ($this->hasPermission('director/hosts')) { // faster + if ($auth->hasPermission(Permission::HOSTS)) { // faster return; } - - if ($this->canModifyHostViaMonitoringPermissions($this->getParam('name'))) { + if ($backend->canModifyHost($host->getObjectName())) { return; } - - $this->assertPermission('director/hosts'); // complain about default hosts permission + $this->assertPermission(Permission::HOSTS); // complain about default hosts permission } protected function isServicesReadOnlyAction() @@ -76,16 +74,6 @@ class HostController extends ObjectController ]); } - protected function canModifyHostViaMonitoringPermissions($hostname) - { - if ($this->hasPermission('director/monitoring/hosts')) { - $monitoring = new Monitoring(); - return $monitoring->authCanEditHost($this->Auth(), $hostname); - } - - return false; - } - /** * @return HostgroupRestriction */ @@ -150,11 +138,35 @@ class HostController extends ObjectController public function findserviceAction() { + $auth = $this->Auth(); $host = $this->getHostObject(); - $this->redirectNow( - (new ServiceFinder($host, $this->getAuth())) - ->getRedirectionUrl($this->params->get('service')) - ); + $hostName = $host->getObjectName(); + $serviceName = $this->params->get('service'); + $info = ServiceFinder::find($host, $serviceName); + $backend = $this->backend(); + + if ($info && $auth->hasPermission(Permission::HOSTS)) { + $redirectUrl = $info->getUrl(); + } elseif ($info + && (($backend instanceof Monitoring && $auth->hasPermission(Permission::MONITORING_HOSTS)) + || ($backend instanceof IcingadbBackend && $auth->hasPermission(Permission::ICINGADB_HOSTS)) + ) + && $backend->canModifyService($hostName, $serviceName) + ) { + $redirectUrl = $info->getUrl(); + } elseif ($auth->hasPermission($this->getServicesReadOnlyPermission())) { + $redirectUrl = Url::fromPath('director/host/servicesro', [ + 'name' => $hostName, + 'service' => $serviceName + ]); + } else { + $redirectUrl = Url::fromPath('director/host/invalidservice', [ + 'name' => $hostName, + 'service' => $serviceName, + ]); + } + + $this->redirectNow($redirectUrl); } /** @@ -207,8 +219,7 @@ class HostController extends ObjectController $branch = $this->getBranch(); $hostHasBeenCreatedInBranch = $branch->isBranch() && $host->get('id'); $content = $this->content(); - $table = (new ObjectsTableService($this->db())) - ->setAuth($this->Auth()) + $table = (new ObjectsTableService($this->db(), $this->Auth())) ->setHost($host) ->setBranch($branch) ->setTitle($this->translate('Individual Service objects')) @@ -222,8 +233,7 @@ class HostController extends ObjectController $parents = IcingaTemplateRepository::instanceByObject($this->object) ->getTemplatesFor($this->object, true); foreach ($parents as $parent) { - $table = (new ObjectsTableService($this->db())) - ->setAuth($this->Auth()) + $table = (new ObjectsTableService($this->db(), $this->Auth())) ->setBranch($branch) ->setHost($parent) ->setInheritedBy($host) @@ -279,7 +289,7 @@ class HostController extends ObjectController */ public function servicesroAction() { - $this->assertPermission('director/monitoring/services-ro'); + $this->assertPermission($this->getServicesReadOnlyPermission()); $host = $this->getHostObject(); $service = $this->params->getRequired('service'); $db = $this->db(); @@ -289,8 +299,7 @@ class HostController extends ObjectController $this->addTitle($this->translate('Services on %s'), $host->getObjectName()); $content = $this->content(); - $table = (new ObjectsTableService($db)) - ->setAuth($this->Auth()) + $table = (new ObjectsTableService($db, $this->Auth())) ->setHost($host) ->setBranch($branch) ->setReadonly() @@ -305,7 +314,7 @@ class HostController extends ObjectController $parents = IcingaTemplateRepository::instanceByObject($this->object) ->getTemplatesFor($this->object, true); foreach ($parents as $parent) { - $table = (new ObjectsTableService($db)) + $table = (new ObjectsTableService($db, $this->Auth())) ->setReadonly() ->setBranch($branch) ->setHost($parent) @@ -387,6 +396,7 @@ class HostController extends ObjectController ->setHost($host) ->setBranch($this->getBranch()) ->setAffectedHost($affectedHost) + ->removeQueryLimit() ->setTitle($title); if ($roService) { $table->setReadonly()->highlightService($roService); @@ -582,20 +592,19 @@ class HostController extends ObjectController { $host = $this->object; try { - $mon = $this->monitoring(); - if ($host->isObject() - && $mon->isAvailable() - && $mon->hasHost($host->getObjectName()) + $backend = $this->backend(); + if ($host instanceof IcingaHost + && $host->isObject() + && $backend->hasHost($host->getObjectName()) ) { - $this->actions()->add(Link::create( - $this->translate('Show'), - 'monitoring/host/show', - ['host' => $host->getObjectName()], - [ - 'class' => 'icon-globe critical', - 'data-base-target' => '_next' - ] - )); + $this->actions()->add( + Link::create( + $this->translate('Show'), + $backend->getHostUrl($host->getObjectName()), + null, + ['class' => 'icon-globe critical', 'data-base-target' => '_next'] + ) + ); // Intentionally placed here, show it only for deployed Hosts $this->addOptionalInspectLink(); @@ -607,7 +616,7 @@ class HostController extends ObjectController protected function addOptionalInspectLink() { - if (! $this->hasPermission('director/inspect')) { + if (! $this->hasPermission(Permission::INSPECT)) { return; } @@ -627,11 +636,25 @@ class HostController extends ObjectController } /** - * @return IcingaHost + * @return ?IcingaHost */ protected function getHostObject() { - assert($this->object instanceof IcingaHost); + if ($this->object !== null) { + assert($this->object instanceof IcingaHost); + } return $this->object; } + + /** + * Get readOnly permission of the service for the current backend + * + * @return string permission + */ + protected function getServicesReadOnlyPermission(): string + { + return $this->backend() instanceof IcingadbBackend + ? Permission::ICINGADB_SERVICES_RO + : Permission::MONITORING_SERVICES_RO; + } } -- cgit v1.2.3