[icinga-checkins] icinga.org: icinga-web/mhein/default: * Added security target to API command interface

git at icinga.org git at icinga.org
Thu Nov 10 11:43:19 CET 2011


Module: icinga-web
Branch: mhein/default
Commit: 4f5477fe21458bbe182c9b67e407dddfa96ca917
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=4f5477fe21458bbe182c9b67e407dddfa96ca917

Author: Marius Hein <marius.hein at netways.de>
Date:   Thu Nov 10 11:41:59 2011 +0100

* Added security target to API command interface
* Added command loading through model in sender (ref #1941)

---

 .../Commands/CommandDispatcherModel.class.php      |   22 ++++++----
 .../Api/models/Commands/CommandInfoModel.class.php |   43 +++++++++++++++----
 .../AppKit/models/PrincipalAdminModel.class.php    |    3 +-
 3 files changed, 48 insertions(+), 20 deletions(-)

diff --git a/app/modules/Api/models/Commands/CommandDispatcherModel.class.php b/app/modules/Api/models/Commands/CommandDispatcherModel.class.php
index 71ffed7..f709ca6 100644
--- a/app/modules/Api/models/Commands/CommandDispatcherModel.class.php
+++ b/app/modules/Api/models/Commands/CommandDispatcherModel.class.php
@@ -10,19 +10,27 @@ class UnknownIcingaCommandException extends CommandDispatcherException {}
 class MissingCommandParameterException extends CommandDispatcherException {}
 class Api_Commands_CommandDispatcherModel extends IcingaApiBaseModel implements AgaviISingletonModel {
     protected $consoleContext = null;
+    
     protected $config = null;
-    protected static $xmlLoaded = false;
+    
+    /**
+     * @var Api_Commands_CommandInfoModel
+     */
+    protected $commandInfoModel = null;
+    
     public function setConsoleContext(IcingaConsoleInterface $model) {
         $this->consoleContext = $model;
     }
 
     public function initialize(AgaviContext $ctx, array $parameters = array()) {
+        
         if (isset($parameters["console"]) && $parameters["console"] instanceof IcingaConsoleInterface) {
             $this->setConsoleContext($parameters["console"]);
         }
 
         parent::initialize($ctx,$parameters);
-        $this->loadConfig();
+        
+        $this->commandInfoModel = $ctx->getModel('Commands.CommandInfo', 'Api');
     }
 
     public function submitCommand($cmd_name,array $params,
@@ -81,20 +89,16 @@ class Api_Commands_CommandDispatcherModel extends IcingaApiBaseModel implements
     }
 
     public function getCommands() {
-        return $this->config;
+        return $this->commandInfoModel->getInfo();
     }
 
     public function getCommand($name) {
 
-        if (isset($this->config[$name])) {
-            return $this->config[$name];
+        if ($this->commandInfoModel->hasCommand($name)) {
+            return $this->commandInfoModel->getInfo($name);
         } else {
             throw new UnknownIcingaCommandException("Command $name is undefined");
         }
     }
 
-    protected function loadConfig() {
-        $this->config = include AgaviConfigCache::checkConfig(AgaviToolkit::expandDirectives('%core.module_dir%/Api/config/icingaCommands.xml'));
-    }
-
 }
diff --git a/app/modules/Api/models/Commands/CommandInfoModel.class.php b/app/modules/Api/models/Commands/CommandInfoModel.class.php
index a8b5bef..925b108 100644
--- a/app/modules/Api/models/Commands/CommandInfoModel.class.php
+++ b/app/modules/Api/models/Commands/CommandInfoModel.class.php
@@ -1,22 +1,47 @@
 <?php
 
 class Api_Commands_CommandInfoModel extends IcingaApiBaseModel implements AgaviISingletonModel {
-    
+
     private $config = array();
-    
+
+    /**
+     * @var AppKitSecurityUser
+     */
+    private $user = null;
+
     public function initialize(AgaviContext $context, array $parameters = array()) {
         parent::initialize($context, $parameters);
+
         $this->config = include AgaviConfigCache::checkConfig(AgaviToolkit::expandDirectives('%core.module_dir%/Api/config/icingaCommands.xml'));
+
+        $this->user = $context->getUser();
+
+        if ($this->user->getNsmUser()->hasTarget('IcingaCommandRestrictions')) {
+            $this->filterCommands($this->config);
+        }
+        
     }
-    
+
+    private function filterCommands(&$array) {
+        foreach ($array as $key=>$val) {
+            if (isset($val['isSimple']) && $val['isSimple'] !== 'true') {
+                unset($array[$key]);
+            }
+        }
+        
+        return $array;
+    }
+
     public function getInfo($commandName=null) {
-      
-        if ($commandName !== null && array_key_exists($commandName, $this->config)) {
+
+        if ($commandName !== null && $this->hasCommand($commandName)) {
             return $this->config[$commandName];
         }
-        
+
         return $this->config;
     }
-}
-
-?>
\ No newline at end of file
+    
+    public function hasCommand($commandName) {
+        return array_key_exists($commandName, $this->config);
+    }
+}
\ No newline at end of file
diff --git a/app/modules/AppKit/models/PrincipalAdminModel.class.php b/app/modules/AppKit/models/PrincipalAdminModel.class.php
index 4c3b48f..940b714 100644
--- a/app/modules/AppKit/models/PrincipalAdminModel.class.php
+++ b/app/modules/AppKit/models/PrincipalAdminModel.class.php
@@ -75,7 +75,6 @@ class AppKit_PrincipalAdminModel extends AppKitBaseModel {
          */
         $this->deleteAllPrincipalTargetEntries($p);
 
-
         foreach($pt as $id=>$principalToSet) {
             if (isset($principalToSet['set'])) {
                 foreach($principalToSet['set'] as $aid=>$pt_set) {
@@ -124,4 +123,4 @@ class AppKit_PrincipalAdminModel extends AppKitBaseModel {
         return true;
     }
 
-}
\ No newline at end of file
+}





More information about the icinga-checkins mailing list