[icinga-checkins] icinga.org: icinga-web/feature/datapermissions-wip: Fixes for non-view credential handling

git at icinga.org git at icinga.org
Tue Feb 19 17:23:59 CET 2013


Module: icinga-web
Branch: feature/datapermissions-wip
Commit: 61dc4a13fe453d830c75a269e648d3f886efd932
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=61dc4a13fe453d830c75a269e648d3f886efd932

Author: Markus Frosch <markus at lazyfrosch.de>
Date:   Tue Feb 19 12:55:11 2013 +0100

Fixes for non-view credential handling

* Getting a target list with role credentials from the user
* better aggregation and AND/OR between credentials
* Allow NULL value for services (to get host data when applying
  Service credentials on a host view)

---

 app/modules/AppKit/lib/database/models/NsmUser.php |    2 +-
 .../principal/IcingaDataPrincipalTarget.class.php  |   22 +++++++++++++++++--
 .../IcingaDataServicePrincipalTarget.class.php     |    4 ++-
 .../principal/IcingaPrincipalTargetTool.class.php  |    9 +++----
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/app/modules/AppKit/lib/database/models/NsmUser.php b/app/modules/AppKit/lib/database/models/NsmUser.php
index 7e2b52d..ac07757 100755
--- a/app/modules/AppKit/lib/database/models/NsmUser.php
+++ b/app/modules/AppKit/lib/database/models/NsmUser.php
@@ -583,7 +583,7 @@ class NsmUser extends BaseNsmUser {
         if (empty(self::$targetValuesCache)) {
             self::$targetValuesCache = $this->getStorage()->read("appkit.nsm_user.targetvalues");
         }
-        $userPrincipals =  $this->getUserPrincipalsList();
+        $userPrincipals =  $this->getUserPrincipalsList(true);
         if (empty(self::$targetValuesCache)) {
             $tc = AppKitDoctrineUtil::createQuery()
                   ->select('t.target_name, t.target_id')
diff --git a/app/modules/Web/lib/principal/IcingaDataPrincipalTarget.class.php b/app/modules/Web/lib/principal/IcingaDataPrincipalTarget.class.php
index 944fb73..62f3acb 100644
--- a/app/modules/Web/lib/principal/IcingaDataPrincipalTarget.class.php
+++ b/app/modules/Web/lib/principal/IcingaDataPrincipalTarget.class.php
@@ -25,6 +25,7 @@
 class IcingaDataPrincipalTarget extends AppKitPrincipalTarget {
     protected $defaultTarget = '';
     protected $api_mapping_fields = array();
+    protected $can_be_null = false;
 
     public function getApiMappingFields() {
         return $this->api_mapping_fields;
@@ -42,6 +43,17 @@ class IcingaDataPrincipalTarget extends AppKitPrincipalTarget {
         $this->api_mapping_fields = $a;
     }
 
+    /* allows the filter to add an "AND xx IS NULL" to the query
+       @author mfrosch
+    */
+    public function setCanBeNull($bool = true) {
+        $this->can_be_null = (bool) $bool;
+    }
+
+    public function getCanBeNull() {
+        return $this->can_be_null;
+    }
+
     public function getApiMappingField($field) {
         if (array_key_exists($field, $this->api_mapping_fields)) {
             return $this->api_mapping_fields[$field];
@@ -52,11 +64,15 @@ class IcingaDataPrincipalTarget extends AppKitPrincipalTarget {
 
     public function getMapArray(array $arr) {
         $p = array();
-        foreach($arr as $k=>$v) {
-            $p[] = sprintf('${%s} LIKE \'%s\'', $this->getApiMappingField($k), $v);
+        foreach($arr as $set) {
+            foreach($set as $k=>$v) {
+                $p[] = sprintf('${%s} LIKE \'%s\'', $this->getApiMappingField($k), $v);
+            }
         }
+        if($this->can_be_null == true)
+            $p[] = sprintf('${%s} IS NULL', $this->getApiMappingField($k));
 
-        return '('. join(' AND ', $p). ')';
+        return '('. join(' OR ', $p). ')';
     }
 
     public function getCustomMap() {
diff --git a/app/modules/Web/lib/principal/IcingaDataServicePrincipalTarget.class.php b/app/modules/Web/lib/principal/IcingaDataServicePrincipalTarget.class.php
index ee2e374..ba4c4b6 100644
--- a/app/modules/Web/lib/principal/IcingaDataServicePrincipalTarget.class.php
+++ b/app/modules/Web/lib/principal/IcingaDataServicePrincipalTarget.class.php
@@ -52,6 +52,8 @@ class IcingaDataServicePrincipalTarget extends IcingaDataPrincipalTarget {
         $this->setApiMappingFields(array(
                 'value'  => 'SERVICE_NAME'
         ));
+
+        $this->setCanBeNull(true);
     }
     
-}
\ No newline at end of file
+}
diff --git a/app/modules/Web/lib/principal/IcingaPrincipalTargetTool.class.php b/app/modules/Web/lib/principal/IcingaPrincipalTargetTool.class.php
index eaf88b9..6251c86 100644
--- a/app/modules/Web/lib/principal/IcingaPrincipalTargetTool.class.php
+++ b/app/modules/Web/lib/principal/IcingaPrincipalTargetTool.class.php
@@ -28,7 +28,8 @@ class IcingaPrincipalTargetTool {
         $user = AgaviContext::getInstance()->getUser()->getNsmUser();
 
         $sarr = $user->getTargetValuesArray();
-        $models = $user->getTargets();
+        AppKitLogger::verbose("TargetValuesArray = %s", var_export($sarr, true));
+        $models = $user->getTargets(null, true, true);
         $parts = array();
         foreach($models as $model) {
             if ($model->target_type != 'icinga') {
@@ -48,9 +49,7 @@ class IcingaPrincipalTargetTool {
             }
 
             if (count($sarr[$targetname]) > 0) {
-                foreach($sarr[$targetname] as $vdata) {
-                    $parts[] = $to->getMapArray($vdata);
-                }
+                $parts[] = $to->getMapArray($sarr[$targetname]);
             } else {
                 $map = $to->getCustomMap();
 
@@ -61,7 +60,7 @@ class IcingaPrincipalTargetTool {
         }
 
         if (count($parts) > 0) {
-            $query = join(' OR ', $parts);
+            $query = join(' AND ', $parts);
             $search->setSearchFilterAppendix($query, IcingaApiConstants::SEARCH_AND);
 
             return true;





More information about the icinga-checkins mailing list