Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

feat(clapi): add possibility to grant access to children menu (or not) #5694

Merged
merged 2 commits into from
Sep 27, 2017
Merged

feat(clapi): add possibility to grant access to children menu (or not) #5694

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
450fa46
feat(clapi): add possibility to grant access to children menu (or not)
kduret Sep 21, 2017
e5fb235
doc(clapi): update parameters oreder for acl menu
kduret Sep 22, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions doc/en/api/clapi/objects/acl_menu.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,29 +125,31 @@ If you want to grant in Read/Write, Read Only or revoke menus in an ACL Menu rul

Let's assume that you would like to grant full access to the [Monitoring] menu in your ACL Menu rule:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;Monitoring"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;1;Monitoring"

Then, you would like to grant access to the [Home] > [Poller statistics] menu:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;Home;Poller statistics"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;1;Home;Poller statistics"

Then, you would like to grant access in read only to the [Configuration] > [Hosts] menu:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantro -v "ACL Menu test;Configuration;Hosts"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantro -v "ACL Menu test;1;Configuration;Hosts"

Then, you decide to revoke access from [Monitoring] > [Event Logs]:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a revoke -v "ACL Menu test;Monitoring;Event Logs"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a revoke -v "ACL Menu test;1;Monitoring;Event Logs"


Arguments are composed of the following columns:

======= ============================
Order Column description
======= ============================
1 Name of ACL menu rule
1 Name of ACL menu rule

2 Grant/revoke children menus

2 Menu name to grant/revoke
3 Menu name to grant/revoke

n Possible sub menu name
n Possible sub menu name
======= ============================
16 changes: 9 additions & 7 deletions doc/fr/api/clapi/objects/acl_menu.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,29 +124,31 @@ If you want to grant in Read/Write, Read Only or revoke menus in an ACL Menu rul

Let's assume that you would like to grant full access to the [Monitoring] menu in your ACL Menu rule:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;Monitoring"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;1;Monitoring"

Then, you would like to grant access to the [Home] > [Poller statistics] menu:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;Home;Poller statistics"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantrw -v "ACL Menu test;1;Home;Poller statistics"

Then, you would like to grant access in read only to the [Configuration] > [Hosts] menu:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantro -v "ACL Menu test;Configuration;Hosts"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a grantro -v "ACL Menu test;1;Configuration;Hosts"

Then, you decide to revoke access from [Monitoring] > [Event Logs]:::

[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a revoke -v "ACL Menu test;Monitoring;Event Logs"
[root@centreon ~]# ./centreon -u admin -p centreon -o ACLMENU -a revoke -v "ACL Menu test;1;Monitoring;Event Logs"


Arguments are composed of the following columns:

======= ============================
Order Column description
======= ============================
1 Name of ACL menu rule
1 Name of ACL menu rule

2 Grant/revoke children menus

2 Menu name to grant/revoke
3 Menu name to grant/revoke

n Possible sub menu name
n Possible sub menu name
======= ============================
42 changes: 24 additions & 18 deletions www/class/centreon-clapi/centreonACLMenu.class.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ class CentreonACLMenu extends CentreonObject
const LEVEL_2 = 1;
const LEVEL_3 = 2;
const LEVEL_4 = 3;
const PARENT_MENU_NOT_DEFINED = "Parent menu must be defined";
protected $relObject;
protected $aclGroupObj;
protected $topologyObj;
Expand Down Expand Up @@ -163,25 +162,26 @@ public function show($parameters = null)
protected function splitParams($parameters)
{
$params = explode($this->delim, $parameters);
if (count($params) < 2) {
if (count($params) < 3) {
throw new CentreonClapiException(self::MISSINGPARAMETER);
}
$aclMenuId = $this->object->getIdByParameter($this->object->getUniqueLabelField(), array($params[0]));
if (!count($aclMenuId)) {
throw new CentreonClapiException(self::OBJECT_NOT_FOUND.":".$params[0]);
}
$processChildren = ($params[1] == '0') ? false : true;
$levels = array();
$menus = array();
$toopologies = array();
$levels[self::LEVEL_1] = $params[1];
$topologies = array();
$levels[self::LEVEL_1] = $params[2];
if (isset($params[2])) {
$levels[self::LEVEL_2] = $params[2];
$levels[self::LEVEL_2] = $params[3];
}
if (isset($params[3])) {
$levels[self::LEVEL_3] = $params[3];
$levels[self::LEVEL_3] = $params[4];
}
if (isset($params[4])) {
$levels[self::LEVEL_4] = $params[4];
$levels[self::LEVEL_4] = $params[5];
}
foreach ($levels as $level => $menu) {
if ($menu) {
Expand Down Expand Up @@ -235,7 +235,7 @@ protected function splitParams($parameters)
break;
}
}
return array($aclMenuId[0], $menus, $topologies);
return array($aclMenuId[0], $menus, $topologies, $processChildren);
}

/**
Expand Down Expand Up @@ -273,8 +273,11 @@ public function getaclgroup($aclMenuName)
* @param int $parentTopologyId
* @return void
*/
protected function processChildrenOf($action = "grant", $aclMenuId = null, $parentTopologyId = null)
{
protected function processChildrenOf(
$action = "grant",
$aclMenuId = null,
$parentTopologyId = null
) {
$sql = "SELECT topology_id, topology_page FROM topology WHERE topology_parent = ?";
$res = $this->db->query($sql, array($parentTopologyId));
$rows = $res->fetchAll();
Expand Down Expand Up @@ -318,7 +321,7 @@ public function grant($parameters)
*/
public function grantRw($parameters)
{
list($aclMenuId, $menus, $topologies) = $this->splitParams($parameters);
list($aclMenuId, $menus, $topologies, $processChildren) = $this->splitParams($parameters);
foreach ($menus as $level => $menuId) {
$this->db->query(
"DELETE FROM acl_topology_relations WHERE acl_topo_id = ? AND topology_topology_id = ?",
Expand All @@ -328,7 +331,7 @@ public function grantRw($parameters)
"INSERT INTO acl_topology_relations (acl_topo_id, topology_topology_id) VALUES (?, ?)",
array($aclMenuId, $menuId)
);
if (!isset($menus[$level + 1]) && $level != self::LEVEL_4) {
if ($processChildren && !isset($menus[$level + 1]) && $level != self::LEVEL_4) {
$this->processChildrenOf("grant", $aclMenuId, $topologies[$level]);
}
}
Expand All @@ -343,7 +346,7 @@ public function grantRw($parameters)
*/
public function grantRo($parameters)
{
list($aclMenuId, $menus, $topologies) = $this->splitParams($parameters);
list($aclMenuId, $menus, $topologies, $processChildren) = $this->splitParams($parameters);
foreach ($menus as $level => $menuId) {
$this->db->query(
"DELETE FROM acl_topology_relations WHERE acl_topo_id = ? AND topology_topology_id = ?",
Expand All @@ -353,7 +356,7 @@ public function grantRo($parameters)
"INSERT INTO acl_topology_relations (acl_topo_id, topology_topology_id, access_right) VALUES (?, ?, 2)",
array($aclMenuId, $menuId)
);
if (!isset($menus[$level + 1]) && $level != self::LEVEL_4) {
if ($processChildren && !isset($menus[$level + 1]) && $level != self::LEVEL_4) {
$this->processChildrenOf("grantro", $aclMenuId, $topologies[$level]);
}
}
Expand All @@ -368,9 +371,9 @@ public function grantRo($parameters)
*/
public function revoke($parameters)
{
list($aclMenuId, $menus, $topologies) = $this->splitParams($parameters);
list($aclMenuId, $menus, $topologies, $processChildren) = $this->splitParams($parameters);
foreach ($menus as $level => $menuId) {
if (!isset($menus[$level + 1])) {
if ($processChildren && !isset($menus[$level + 1])) {
$this->db->query(
"DELETE FROM acl_topology_relations WHERE acl_topo_id = ? AND topology_topology_id = ?",
array($aclMenuId, $menuId)
Expand Down Expand Up @@ -420,8 +423,10 @@ private function grantMenu($aclTopoId, $aclTopoName)

$grantedMenu = '';

$grantedMenuTpl = $this->action . $this->delim . '%s' . $this->delim .
$grantedMenuTpl = $this->action . $this->delim .
'%s' . $this->delim .
$aclTopoName . $this->delim .
'%s' . $this->delim .
'%s' . $this->delim . "\n";

$grantedPossibilities = array(
Expand All @@ -432,7 +437,7 @@ private function grantMenu($aclTopoId, $aclTopoName)
$queryAclMenuRelations = 'SELECT t.topology_page, t.topology_id, t.topology_name, atr.access_right ' .
'FROM acl_topology_relations atr, topology t ' .
'WHERE atr.topology_topology_id = t.topology_id ' .
"AND atr.access_right <> '0'" .
"AND atr.access_right <> '0' " .
'AND atr.acl_topo_id = ?';

$grantedTopologyList = $this->db->fetchAll($queryAclMenuRelations, array($aclTopoId));
Expand All @@ -446,6 +451,7 @@ private function grantMenu($aclTopoId, $aclTopoName)
$grantedMenu .= sprintf(
$grantedMenuTpl,
$grantedPossibilities[$grantedTopology['access_right']],
'0',
$grantedTopologyBreadCrumb
);
}
Expand Down