Merge pull request #159 from Icinga/feature/restrictions

Restrictions
Icinga · Mar 12, 2021 · e14cf93 · e14cf93
2 parents fa2b9d5 + aae4c01
commit e14cf93
Show file tree

Hide file tree

Showing 26 changed files with 482 additions and 320 deletions.
diff --git a/application/controllers/CommentController.php b/application/controllers/CommentController.php
@@ -41,7 +41,7 @@ public function init()
         $query->getSelectBase()
             ->where(['comment.name = ?' => $name]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $comment = $query->first();
         if ($comment === null) {

diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php
@@ -8,7 +8,6 @@
 use Icinga\Module\Icingadb\Forms\DatabaseConfigForm;
 use Icinga\Module\Icingadb\Forms\RedisConfigForm;
 use Icinga\Module\Icingadb\Web\Controller;
-use Icinga\Module\Monitoring\Forms\Config\SecurityConfigForm;
 use Icinga\Web\Form;
 use Icinga\Web\Widget\Tab;
 use Icinga\Web\Widget\Tabs;
@@ -47,18 +46,6 @@ public function redisAction()
         $this->addFormToContent($form);
     }
 
-    public function securityAction()
-    {
-        $form = (new SecurityConfigForm())
-            ->setIniConfig(Config::module('monitoring'));
-
-        $form->handleRequest();
-
-        $this->mergeTabs($this->Module()->getConfigTabs()->activate('security'));
-
-        $this->addFormToContent($form);
-    }
-
     protected function addFormToContent(Form $form)
     {
         $this->addContent(new HtmlString($form->render()));

diff --git a/application/controllers/DowntimeController.php b/application/controllers/DowntimeController.php
@@ -36,7 +36,7 @@ public function init()
         $query->getSelectBase()
             ->where(['downtime.name = ?' => $name]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $downtime = $query->first();
         if ($downtime === null) {

diff --git a/application/controllers/HealthController.php b/application/controllers/HealthController.php
@@ -29,8 +29,8 @@ public function indexAction()
         $hoststateSummary = HoststateSummary::on($db)->with('state');
         $servicestateSummary = ServicestateSummary::on($db)->with('state');
 
-        $this->applyMonitoringRestriction($hoststateSummary);
-        $this->applyMonitoringRestriction($servicestateSummary);
+        $this->applyRestrictions($hoststateSummary);
+        $this->applyRestrictions($servicestateSummary);
 
         yield $this->export($instance, $hoststateSummary, $servicestateSummary);
 

diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php
@@ -37,7 +37,7 @@ public function init()
         $query->getSelectBase()
             ->where(['host.name = ?' => $name]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         /** @var Host $host */
         $host = $query->first();
@@ -56,6 +56,8 @@ public function indexAction()
         $serviceSummary->getSelectBase()
             ->where(['host_id = ?' => $this->host->id]);
 
+        $this->applyRestrictions($serviceSummary);
+
         if ($this->host->state->is_overdue) {
             $this->controls->addAttributes(['class' => 'overdue']);
         }
@@ -203,7 +205,7 @@ public function servicesAction()
             ->getSelectBase()
             ->where(['service_host.id = ?' => $this->host->id]);
 
-        $this->applyMonitoringRestriction($services);
+        $this->applyRestrictions($services);
 
         $limitControl = $this->createLimitControl();
         $paginationControl = $this->createPaginationControl($services);

diff --git a/application/controllers/HostgroupController.php b/application/controllers/HostgroupController.php
@@ -31,7 +31,7 @@ public function init()
             $query
         );
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $hostgroup = $query->first();
         if ($hostgroup === null) {
@@ -48,7 +48,7 @@ public function indexAction()
         $hosts = Host::on($db)->with('state')->utilize('hostgroup');
 
         $hosts->getSelectBase()->where(['host_hostgroup.id = ?' => $this->hostgroup->id]);
-        $this->applyMonitoringRestriction($hosts);
+        $this->applyRestrictions($hosts);
 
         $limitControl = $this->createLimitControl();
         $paginationControl = $this->createPaginationControl($hosts);

diff --git a/application/controllers/HostsController.php b/application/controllers/HostsController.php
@@ -144,6 +144,8 @@ public function detailsAction()
 
         $comments = Host::on($db)->with(['comment']);
         $comments->getWith()['host.comment']->setJoinType('INNER');
+        // TODO: This should be automatically done by the model/resolver and added as ON condition
+        FilterProcessor::apply(Filter::equal('comment.object_type', 'host'), $comments);
         $this->filter($comments);
         $summary->comments_total = $comments->count();
 
@@ -206,6 +208,9 @@ public function getCommandTargetsUrl()
 
     protected function getFeatureStatus()
     {
-        return new FeatureStatus('host', HoststateSummary::on($this->getDb())->with(['state'])->first());
+        $summary = HoststateSummary::on($this->getDb())->with(['state']);
+        $this->filter($summary);
+
+        return new FeatureStatus('host', $summary->first());
     }
 }
diff --git a/application/controllers/ServiceController.php b/application/controllers/ServiceController.php
@@ -41,7 +41,7 @@ public function init()
             ->where(['service.name = ?' => $name])
             ->where(['service_host.name = ?' => $hostName]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         /** @var Service $service */
         $service = $query->first();

diff --git a/application/controllers/ServicegroupController.php b/application/controllers/ServicegroupController.php
@@ -31,7 +31,7 @@ public function init()
             $query
         );
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $servicegroup = $query->first();
         if ($servicegroup === null) {
@@ -52,7 +52,7 @@ public function indexAction()
         ])->utilize('servicegroup');
 
         $services->getSelectBase()->where(['service_servicegroup.id = ?' => $this->servicegroup->id]);
-        $this->applyMonitoringRestriction($services);
+        $this->applyRestrictions($services);
 
         $limitControl = $this->createLimitControl();
         $paginationControl = $this->createPaginationControl($services);

diff --git a/application/controllers/ServicesController.php b/application/controllers/ServicesController.php
@@ -219,6 +219,9 @@ public function getCommandTargetsUrl()
 
     protected function getFeatureStatus()
     {
-        return new FeatureStatus('service', ServicestateSummary::on($this->getDb())->with(['state'])->first());
+        $summary = ServicestateSummary::on($this->getDb())->with(['state']);
+        $this->filter($summary);
+
+        return new FeatureStatus('service', $summary->first());
     }
 }
diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
@@ -30,7 +30,7 @@ public function init()
         $query->getSelectBase()
             ->where(['user.name = ?' => $name]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $user = $query->first();
         if ($user === null) {

diff --git a/application/controllers/UsergroupController.php b/application/controllers/UsergroupController.php
@@ -30,7 +30,7 @@ public function init()
         $query->getSelectBase()
             ->where(['usergroup.name = ?' => $name]);
 
-        $this->applyMonitoringRestriction($query);
+        $this->applyRestrictions($query);
 
         $usergroup = $query->first();
         if ($usergroup === null) {

diff --git a/configuration.php b/configuration.php
@@ -13,6 +13,31 @@
 
     $this->provideSetupWizard('Icinga\Module\Icingadb\Setup\IcingaDbWizard');
 
+    $this->provideRestriction(
+        'icingadb/filter/objects',
+        $this->translate('Restrict access to the Icinga objects that match the filter')
+    );
+
+    $this->provideRestriction(
+        'icingadb/filter/hosts',
+        $this->translate('Restrict access to the Icinga hosts and services that match the filter')
+    );
+
+    $this->provideRestriction(
+        'icingadb/filter/services',
+        $this->translate('Restrict access to the Icinga services that match the filter')
+    );
+
+    $this->provideRestriction(
+        'icingadb/blacklist/variables',
+        $this->translate('Hide custom variables of Icinga objects that are part of the list')
+    );
+
+    $this->provideRestriction(
+        'icingadb/protect/variables',
+        $this->translate('Obfuscate custom variable values of Icinga objects that are part of the list')
+    );
+
     if (! $this::exists('monitoring')) {
         /**
          * Search urls
@@ -214,11 +239,6 @@
         'title' => t('Configure command transports'),
         'url'   => 'command-transport'
     ]);
-    $this->provideConfigTab('security', [
-        'label' => t('Security'),
-        'title' => t('Configure security related settings'),
-        'url'   => 'config/security'
-    ]);
 
     try {
         // TODO: Remove this before the stable release!!!1!11