Skip to content

Commit d5ca62b

Browse files
jhoxhaajhoxhaa
committed
Add support to restrict users using defined prefix
* Introduce new restriction 'reporting/prefix' * Introduce new permission 'reporting/reports/modify'
1 parent 764c001 commit d5ca62b

File tree

5 files changed

+74
-11
lines changed

5 files changed

+74
-11
lines changed

application/controllers/ReportController.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,8 @@ public function indexAction()
6767

6868
public function editAction()
6969
{
70-
$this->assertPermission('reporting/reports');
71-
$this->addTitleTab($this->translate('Edit Report'));
70+
$this->assertPermission('reporting/reports/modify');
71+
$this->addTitleTab('Edit Report');
7272

7373
$values = [
7474
'name' => $this->report->getName(),
@@ -201,7 +201,7 @@ protected function assembleActions()
201201

202202
$actions = new ActionBar();
203203

204-
if ($this->hasPermission('reporting/reports')) {
204+
if ($this->hasPermission('reporting/reports/modify')) {
205205
$actions->addLink(
206206
'Modify',
207207
Url::fromPath('reporting/report/edit', ['id' => $reportId]),

application/controllers/ReportsController.php

+14-7
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ public function indexAction()
2525
{
2626
$this->createTabs()->activate('reports');
2727

28-
if ($this->hasPermission('reporting/reports')) {
28+
if ($this->hasPermission('reporting/reports/modify')) {
2929
$this->addControl(new ButtonLink(
3030
$this->translate('New Report'),
3131
Url::fromPath('reporting/reports/new'),
@@ -38,22 +38,29 @@ public function indexAction()
3838
$reports = Report::on($this->getDb())
3939
->withColumns(['report.timeframe.name']);
4040

41+
$this->applyRestriction($reports, 'report.name');
42+
4143
foreach ($reports as $report) {
4244
$url = Url::fromPath('reporting/report', ['id' => $report->id])->getAbsoluteUrl('&');
4345

44-
$tableRows[] = Html::tag('tr', ['href' => $url], [
46+
$content = [
4547
Html::tag('td', null, $report->name),
4648
Html::tag('td', null, $report->author),
4749
Html::tag('td', null, $report->timeframe->name),
4850
Html::tag('td', null, date('Y-m-d H:i', $report->ctime / 1000)),
49-
Html::tag('td', null, date('Y-m-d H:i', $report->mtime / 1000)),
50-
Html::tag('td', ['class' => 'icon-col'], [
51+
Html::tag('td', null, date('Y-m-d H:i', $report->mtime / 1000))
52+
];
53+
54+
if ($this->hasPermission('reporting/reports/modify')) {
55+
$content[] = Html::tag('td', ['class' => 'icon-col'], [
5156
new Link(
5257
new Icon('edit'),
5358
Url::fromPath('reporting/report/edit', ['id' => $report->id])
5459
)
55-
])
56-
]);
60+
]);
61+
}
62+
63+
$tableRows[] = Html::tag('tr', ['href' => $url], $content);
5764
}
5865

5966
if (! empty($tableRows)) {
@@ -89,7 +96,7 @@ public function indexAction()
8996

9097
public function newAction()
9198
{
92-
$this->assertPermission('reporting/reports');
99+
$this->assertPermission('reporting/reports/modify');
93100
$this->addTitleTab($this->translate('New Report'));
94101

95102
$form = (new ReportForm())

configuration.php

+10
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,11 @@
3636
$this->translate('Allow managing reports')
3737
);
3838

39+
$this->providePermission(
40+
'reporting/reports/modify',
41+
$this->translate('Allow creating, editing and removing reports')
42+
);
43+
3944
$this->providePermission(
4045
'reporting/schedules',
4146
$this->translate('Allow managing schedules')
@@ -50,4 +55,9 @@
5055
'reporting/timeframes',
5156
$this->translate('Allow managing timeframes')
5257
);
58+
59+
$this->provideRestriction(
60+
'reporting/prefix',
61+
$this->translate('Restrict access to reports with the given prefix')
62+
);
5363
}

library/Reporting/Web/Controller.php

+15
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,23 @@
44

55
namespace Icinga\Module\Reporting\Web;
66

7+
use Icinga\Authentication\Auth;
8+
use ipl\Orm\Query;
9+
use ipl\Stdlib\Filter;
710
use ipl\Web\Compat\CompatController;
811

912
class Controller extends CompatController
1013
{
14+
/**
15+
* @param Query $query
16+
* @param string $column
17+
* @return void
18+
*/
19+
protected function applyRestriction(Query $query, string $column)
20+
{
21+
$prefixes = Auth::getInstance()->getRestrictions('reporting/prefix');
22+
if (! empty($prefixes)) {
23+
$query->filter(Filter::like($column, $prefixes[0] . '*'));
24+
}
25+
}
1126
}

library/Reporting/Web/Forms/ReportForm.php

+32-1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use Icinga\Module\Reporting\Web\Forms\Decorator\CompatDecorator;
1111
use ipl\Html\Contract\FormSubmitElement;
1212
use ipl\Html\Form;
13+
use ipl\Validator\CallbackValidator;
1314
use ipl\Web\Compat\CompatForm;
1415

1516
class ReportForm extends CompatForm
@@ -49,7 +50,37 @@ protected function assemble()
4950
'description' => $this->translate(
5051
'A unique name of this report. It is used when exporting to pdf, json or csv format'
5152
. ' and also when listing the reports in the cli'
52-
)
53+
),
54+
'validators' => [
55+
'Callback' => function ($value, $validator) {
56+
/** @var CallbackValidator $validator */
57+
$restrictions = Auth::getInstance()->getRestrictions('reporting/prefix');
58+
$prefixes = [];
59+
foreach ($restrictions as $restriction) {
60+
$prefixes = array_merge(
61+
$prefixes,
62+
explode(',', trim($restriction))
63+
);
64+
}
65+
66+
if (! empty($prefixes)) {
67+
foreach ($prefixes as $prefix) {
68+
if (substr($value, 0, strlen($prefix)) === $prefix) {
69+
return true;
70+
}
71+
}
72+
73+
$validator->addMessage(sprintf(
74+
$this->translate('Please prefix the name with "%s"'),
75+
implode(' | ', $prefixes)
76+
));
77+
78+
return false;
79+
}
80+
81+
return true;
82+
}
83+
]
5384
]);
5485

5586
$this->addElement('select', 'timeframe', [

0 commit comments

Comments
 (0)