Skip to content

Commit 120d5ad

Browse files
jhoxhaajhoxhaa
committed
Add support to restrict users using defined prefix
* Introduce new restriction 'reporting/prefix' * Introduce new permission 'reporting/reports/modify'
1 parent dd2b133 commit 120d5ad

File tree

5 files changed

+74
-11
lines changed

5 files changed

+74
-11
lines changed

application/controllers/ReportController.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,8 @@ public function indexAction()
6767

6868
public function editAction()
6969
{
70-
$this->assertPermission('reporting/reports');
71-
$this->addTitleTab($this->translate('Edit Report'));
70+
$this->assertPermission('reporting/reports/modify');
71+
$this->addTitleTab('Edit Report');
7272

7373
$values = [
7474
'name' => $this->report->getName(),
@@ -201,7 +201,7 @@ protected function assembleActions()
201201

202202
$actions = new ActionBar();
203203

204-
if ($this->hasPermission('reporting/reports')) {
204+
if ($this->hasPermission('reporting/reports/modify')) {
205205
$actions->addLink(
206206
'Modify',
207207
Url::fromPath('reporting/report/edit', ['id' => $reportId]),

application/controllers/ReportsController.php

+14-7
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ public function indexAction()
2525
{
2626
$this->createTabs()->activate('reports');
2727

28-
if ($this->hasPermission('reporting/reports')) {
28+
if ($this->hasPermission('reporting/reports/modify')) {
2929
$this->addControl(new ButtonLink(
3030
$this->translate('New Report'),
3131
Url::fromPath('reporting/reports/new'),
@@ -46,22 +46,29 @@ public function indexAction()
4646
]
4747
);
4848

49+
$this->applyRestriction($reports, 'report.name');
50+
4951
foreach ($reports as $report) {
5052
$url = Url::fromPath('reporting/report', ['id' => $report->id])->getAbsoluteUrl('&');
5153

52-
$tableRows[] = Html::tag('tr', ['href' => $url], [
54+
$content = [
5355
Html::tag('td', null, $report->name),
5456
Html::tag('td', null, $report->author),
5557
Html::tag('td', null, $report->timeframe->name),
5658
Html::tag('td', null, date('Y-m-d H:i', $report->ctime / 1000)),
57-
Html::tag('td', null, date('Y-m-d H:i', $report->mtime / 1000)),
58-
Html::tag('td', ['class' => 'icon-col'], [
59+
Html::tag('td', null, date('Y-m-d H:i', $report->mtime / 1000))
60+
];
61+
62+
if ($this->hasPermission('reporting/reports/modify')) {
63+
$content[] = Html::tag('td', ['class' => 'icon-col'], [
5964
new Link(
6065
new Icon('edit'),
6166
Url::fromPath('reporting/report/edit', ['id' => $report->id])
6267
)
63-
])
64-
]);
68+
]);
69+
}
70+
71+
$tableRows[] = Html::tag('tr', ['href' => $url], $content);
6572
}
6673

6774
if (! empty($tableRows)) {
@@ -98,7 +105,7 @@ public function indexAction()
98105

99106
public function newAction()
100107
{
101-
$this->assertPermission('reporting/reports');
108+
$this->assertPermission('reporting/reports/modify');
102109
$this->addTitleTab($this->translate('New Report'));
103110

104111
$form = (new ReportForm())

configuration.php

+10
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,11 @@
3636
$this->translate('Allow managing reports')
3737
);
3838

39+
$this->providePermission(
40+
'reporting/reports/modify',
41+
$this->translate('Allow creating, editing and removing reports')
42+
);
43+
3944
$this->providePermission(
4045
'reporting/schedules',
4146
$this->translate('Allow managing schedules')
@@ -50,4 +55,9 @@
5055
'reporting/timeframes',
5156
$this->translate('Allow managing timeframes')
5257
);
58+
59+
$this->provideRestriction(
60+
'reporting/prefix',
61+
$this->translate('Restrict access to reports with the given prefix')
62+
);
5363
}

library/Reporting/Web/Controller.php

+15
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,23 @@
44

55
namespace Icinga\Module\Reporting\Web;
66

7+
use Icinga\Authentication\Auth;
8+
use ipl\Orm\Query;
9+
use ipl\Stdlib\Filter;
710
use ipl\Web\Compat\CompatController;
811

912
class Controller extends CompatController
1013
{
14+
/**
15+
* @param Query $query
16+
* @param string $column
17+
* @return void
18+
*/
19+
protected function applyRestriction(Query $query, string $column)
20+
{
21+
$prefixes = Auth::getInstance()->getRestrictions('reporting/prefix');
22+
if (! empty($prefixes)) {
23+
$query->filter(Filter::like($column, $prefixes[0] . '*'));
24+
}
25+
}
1126
}

library/Reporting/Web/Forms/ReportForm.php

+32-1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use Icinga\Module\Reporting\Web\Forms\Decorator\CompatDecorator;
1111
use ipl\Html\Contract\FormSubmitElement;
1212
use ipl\Html\Form;
13+
use ipl\Validator\CallbackValidator;
1314
use ipl\Web\Compat\CompatForm;
1415

1516
class ReportForm extends CompatForm
@@ -49,7 +50,37 @@ protected function assemble()
4950
'description' => $this->translate(
5051
'A unique name of this report. It is used when exporting to pdf, json or csv format'
5152
. ' and also when listing the reports in the cli'
52-
)
53+
),
54+
'validators' => [
55+
'Callback' => function ($value, $validator) {
56+
/** @var CallbackValidator $validator */
57+
$restrictions = Auth::getInstance()->getRestrictions('reporting/prefix');
58+
$prefixes = [];
59+
foreach ($restrictions as $restriction) {
60+
$prefixes = array_merge(
61+
$prefixes,
62+
explode(',', trim($restriction))
63+
);
64+
}
65+
66+
if (! empty($prefixes)) {
67+
foreach ($prefixes as $prefix) {
68+
if (substr($value, 0, strlen($prefix)) === $prefix) {
69+
return true;
70+
}
71+
}
72+
73+
$validator->addMessage(sprintf(
74+
$this->translate('Please prefix the name with "%s"'),
75+
implode(' | ', $prefixes)
76+
));
77+
78+
return false;
79+
}
80+
81+
return true;
82+
}
83+
]
5384
]);
5485

5586
$this->addElement('select', 'timeframe', [

0 commit comments

Comments
 (0)