Author: Lars Michelsen <[email protected]>
Date: Fri Dec 23 11:01:18 2011 +0100
Committer: Lars Michelsen <[email protected]>
Commit-Date: Fri Dec 23 11:01:18 2011 +0100
Changed multisite authorization module to new WATO auth export API (Needs at
least Check_MK 1.1.13i2)
---
ChangeLog | 2 +
.../core/classes/CoreAuthorisationModMultisite.php | 63 +++++++++++++++++---
share/server/core/classes/GlobalMainCfg.php | 11 ++++
3 files changed, 68 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 10759ac..ac30946 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
Core
* Switched CRITICAL and UNREACHABLE state weights. CRITICAL now overlaps the
UNREACHABLE states
+ * Changed multisite authorization module to new WATO auth export API (Needs
+ at least Check_MK 1.1.13i2)
* Bugfix: Fixed problem with form based login when opened via link from
another webpage
1.6.1
diff --git a/share/server/core/classes/CoreAuthorisationModMultisite.php
b/share/server/core/classes/CoreAuthorisationModMultisite.php
index daddc35..b16afff 100644
--- a/share/server/core/classes/CoreAuthorisationModMultisite.php
+++ b/share/server/core/classes/CoreAuthorisationModMultisite.php
@@ -28,7 +28,10 @@ class CoreAuthorisationModMultisite extends
CoreAuthorisationModule {
private $permissions;
public function __construct() {
- $this->file = cfg('paths', 'cfg').'auth.multisite';
+ $this->file = cfg('global', 'authorisation_multisite_file');
+
+ if($this->file == '')
+ throw new NagVisException(l('No auth file configured. Please
specify the option authorisation_multisite_file in main configuration'));
if(!file_exists($this->file))
throw new NagVisException(l('Unable to open auth file ([FILE]).',
@@ -37,14 +40,58 @@ class CoreAuthorisationModMultisite extends
CoreAuthorisationModule {
$this->readFile();
}
- private function readFile() {
- $s = file_get_contents($this->file);
- $obj = json_decode(utf8_encode($s), true);
- if($obj === null)
- throw new NagVisException(l('Unable to parse data from auth file
([FILE]).',
- Array('FILE' =>
$this->file)));
+ private function getFolderMapName($folderPath) {
+ return str_replace('/', '_', $folderPath);
+ }
+
+ private function getPermissions($username) {
+ # Add implicit permissions. These are basic permissions
+ # which are needed for most users.
+ $perms = array(
+ array('Overview', 'view', '*'),
+ array('General', 'getContextTemplate', '*'),
+ array('General', 'getHoverTemplate', '*'),
+ array('General', 'getCfgFileAges', '*'),
+ array('User', 'setOption', '*'),
+ array('Multisite', 'getMaps', '*'),
+ );
+
+ $nagvis_permissions = array(
+ array('*', '*', '*'),
+ array('Map', 'view', '*'),
+ array('Map', 'edit', '*'),
+ array('Map', 'delete', '*'),
+ );
+
+ # Loop the multisite NagVis related permissions and add them
+ foreach($nagvis_permissions AS $p) {
+ if(may($username, 'nagvis.'.implode('_', $p))) {
+ $perms[] = $p;
+ }
+ }
+
+ # WATO folder related permissions
+ foreach(get_folder_permissions($username) AS $folder_path => $p) {
+ if($p['read']) {
+ $perms[] = array('Map', 'view',
$this->getFolderMapName($folder_path));
+ }
+ if($p['write']) {
+ $perms[] = array('Map', 'edit',
$this->getFolderMapName($folder_path));
+ }
+ }
- $this->permissions = $obj;
+ return $perms;
+ }
+
+ private function readFile() {
+ require_once($this->file);
+ $this->permissions = array();
+ foreach(all_users() AS $username => $user) {
+ $this->permissions[$username] = array(
+ 'permissions' => $this->getPermissions($username),
+ 'language' => $user['language'],
+ );
+ }
}
public function getUserRoles($userId) {
diff --git a/share/server/core/classes/GlobalMainCfg.php
b/share/server/core/classes/GlobalMainCfg.php
index b2042cb..b495c01 100644
--- a/share/server/core/classes/GlobalMainCfg.php
+++ b/share/server/core/classes/GlobalMainCfg.php
@@ -55,10 +55,21 @@ class GlobalMainCfg {
'editable' => 1,
'default' => 'CoreAuthModSQLite',
'match' => MATCH_STRING),
+
'authorisationmodule' => Array('must' => 1,
'editable' => 1,
'default' => 'CoreAuthorisationModSQLite',
'match' => MATCH_STRING),
+
+ 'authorisation_multisite_file' => Array(
+ 'must' => 0,
+ 'editable' => 1,
+ 'default' => '',
+ 'depends_on' => 'authorisationmodule',
+ 'depends_value' => 'CoreAuthorisationModMultisite',
+ 'match' => MATCH_STRING_PATH,
+ ),
+
'controls_size' => Array(
'must' => 1,
'editable' => 1,
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Nagvis-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
