/**
* Apply permissions, restrictions and roles to the given user
*
* @param User $user
*/
public function applyRoles(User $user)
{
$username = $user->getUsername();
try {
$roles = Config::app('roles');
} catch (NotReadableError $e) {
Logger::error('Can\'t get permissions and restrictions for user \'%s\'. An exception was thrown:', $username, $e);
return;
}
$userGroups = $user->getGroups();
$permissions = array();
$restrictions = array();
$roleObjs = array();
foreach ($roles as $roleName => $role) {
if ($this->match($username, $userGroups, $role)) {
$permissionsFromRole = StringHelper::trimSplit($role->permissions);
$permissions = array_merge($permissions, array_diff($permissionsFromRole, $permissions));
$restrictionsFromRole = $role->toArray();
unset($restrictionsFromRole['users']);
unset($restrictionsFromRole['groups']);
unset($restrictionsFromRole['permissions']);
foreach ($restrictionsFromRole as $name => $restriction) {
if (!isset($restrictions[$name])) {
$restrictions[$name] = array();
}
$restrictions[$name][] = $restriction;
}
$roleObj = new Role();
$roleObjs[] = $roleObj->setName($roleName)->setPermissions($permissionsFromRole)->setRestrictions($restrictionsFromRole);
}
}
$user->setPermissions($permissions);
$user->setRestrictions($restrictions);
$user->setRoles($roleObjs);
}
/**
* My account
*/
public function indexAction()
{
$config = Config::app()->getSection('global');
$user = $this->Auth()->getUser();
if ($user->getAdditional('backend_type') === 'db') {
try {
$userBackend = UserBackend::create($user->getAdditional('backend_name'));
} catch (ConfigurationError $e) {
$userBackend = null;
}
if ($userBackend !== null) {
$changePasswordForm = new ChangePasswordForm();
$changePasswordForm->setBackend($userBackend)->handleRequest();
$this->view->changePasswordForm = $changePasswordForm;
}
}
$form = new PreferenceForm();
$form->setPreferences($user->getPreferences());
if ($config->get('config_backend', 'ini') !== 'none') {
$form->setStore(PreferencesStore::create(new ConfigObject(array('store' => $config->get('config_backend', 'ini'), 'resource' => $config->config_resource)), $user));
}
$form->handleRequest();
$this->view->form = $form;
$this->getTabs()->activate('account');
}
/**
* Create and return a user backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig = null)
{
if ($backendConfig === null) {
$authConfig = Config::app('authentication');
if ($authConfig->hasSection($name)) {
$backendConfig = $authConfig->getSection($name);
} else {
throw new ConfigurationError('User backend "%s" does not exist', $name);
}
}
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
}
if ($backendType === 'external') {
$backend = new ExternalBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
}
$resource = ResourceFactory::create($backendConfig->resource);
switch ($backendType) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'user'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
$backend->setFilter($backendConfig->filter);
break;
case 'ldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
$backend->setFilter($backendConfig->filter);
break;
}
$backend->setName($name);
return $backend;
}
/**
* Create menu from the application's menu config file plus the config files from all enabled modules
*
* @return self
*/
public static function fromConfig()
{
$menu = new static('menu');
$manager = Icinga::app()->getModuleManager();
try {
$menuConfigs = array(Config::app('menu'));
} catch (NotReadableError $e) {
Logger::error($e);
$menuConfigs = array();
}
try {
$modules = $manager->listEnabledModules();
} catch (NotReadableError $e) {
Logger::error($e);
$modules = array();
}
foreach ($modules as $moduleName) {
try {
$moduleMenuConfig = Config::module($moduleName, 'menu');
} catch (NotReadableError $e) {
Logger::error($e);
$moduleMenuConfig = array();
}
if (!empty($moduleMenuConfig)) {
$menuConfigs[] = $moduleMenuConfig;
}
}
return $menu->loadMenuItems($menu->flattenConfigs($menuConfigs));
}
public function setAuthenticated(User $user, $persist = true)
{
$username = $user->getUsername();
try {
$config = IcingaConfig::app();
} catch (NotReadableError $e) {
Logger::error(new Exception('Cannot load preferences for user "' . $username . '". An exception was thrown', 0, $e));
$config = new Zend_Config(array());
}
if (($preferencesConfig = $config->preferences) !== null) {
try {
$preferencesStore = PreferencesStore::create($preferencesConfig, $user);
$preferences = new Preferences($preferencesStore->load());
} catch (NotReadableError $e) {
Logger::error(new Exception('Cannot load preferences for user "' . $username . '". An exception was thrown', 0, $e));
$preferences = new Preferences();
}
} else {
$preferences = new Preferences();
}
$user->setPreferences($preferences);
$membership = new Membership();
$groups = $membership->getGroupsByUsername($username);
$user->setGroups($groups);
$admissionLoader = new AdmissionLoader();
$user->setPermissions($admissionLoader->getPermissions($username, $groups));
$user->setRestrictions($admissionLoader->getRestrictions($username, $groups));
$this->user = $user;
if ($persist == true) {
$session = Session::getSession();
$session->refreshId();
$this->persistCurrentUser();
}
}
/**
* Display the application log
*/
public function applicationlogAction()
{
if (!Logger::writesToFile()) {
$this->httpNotFound('Page not found');
}
$this->addTitleTab('application log');
$resource = new FileReader(new ConfigObject(array('filename' => Config::app()->get('logging', 'file'), 'fields' => '/(?<!.)(?<datetime>[0-9]{4}(?:-[0-9]{2}){2}' . 'T[0-9]{2}(?::[0-9]{2}){2}(?:[\\+\\-][0-9]{2}:[0-9]{2})?)' . ' - (?<loglevel>[A-Za-z]+) - (?<message>.*)(?!.)/msS')));
$this->view->logData = $resource->select()->order('DESC');
$this->setupLimitControl();
$this->setupPaginationControl($this->view->logData);
}
/**
* Create a new authentication chain from config
*
* @param Config $config User backends configuration
*/
public function __construct(Config $config = null)
{
if ($config === null) {
try {
$this->config = Config::app(static::AUTHENTICATION_CONFIG);
} catch (NotReadableError $e) {
$this->config = new Config();
$this->error = static::EPERM;
}
} else {
$this->config = $config;
}
}
/**
* Show form to adjust user preferences
*/
public function indexAction()
{
$storeConfig = Config::app()->getSection('preferences');
$user = $this->getRequest()->getUser();
$form = new PreferenceForm();
$form->setPreferences($user->getPreferences());
if ($storeConfig->get('store', 'ini') !== 'none') {
$form->setStore(PreferencesStore::create($storeConfig, $user));
}
$form->handleRequest();
$this->view->form = $form;
$this->getTabs()->activate('preferences');
}
/**
* Show form to adjust user preferences
*/
public function indexAction()
{
$config = Config::app()->getSection('global');
$user = $this->getRequest()->getUser();
$form = new PreferenceForm();
$form->setPreferences($user->getPreferences());
if ($config->get('config_backend', 'ini') !== 'none') {
$form->setStore(PreferencesStore::create(new ConfigObject(array('store' => $config->get('config_backend', 'ini'), 'resource' => $config->config_resource)), $user));
}
$form->handleRequest();
$this->view->form = $form;
$this->getTabs()->activate('preferences');
}
private function getMainConfig($file = null)
{
if ($file === null) {
if ($this->config === null) {
$this->config = Config::app();
}
return $this->config;
} else {
if (!array_key_exists($file, $this->configs)) {
$this->configs[$file] = Config::module($module, $file);
}
return $this->configs[$file];
}
return $this->config;
}
/**
* Return a list of groups for an username
*
* @param string $username
*
* @return array
*/
public function getGroupsByUsername($username)
{
$groups = array();
try {
$config = Config::app('memberships');
} catch (NotReadableError $e) {
return $groups;
}
foreach ($config as $section) {
$users = String::trimSplit($section->users);
if (in_array($username, $users)) {
$groups = array_merge($groups, String::trimSplit($section->groups));
}
}
return $groups;
}
protected function createResourcesIni()
{
$resourceConfig = $this->data['resourceConfig'];
$resourceName = $resourceConfig['name'];
unset($resourceConfig['name']);
try {
$config = Config::app('resources', true);
$config->setSection($resourceName, $resourceConfig);
$config->saveIni();
} catch (Exception $e) {
$this->resourcesIniError = $e;
return false;
}
$this->resourcesIniError = false;
return true;
}
public function setAuthenticated(User $user, $persist = true)
{
$username = $user->getUsername();
try {
$config = Config::app();
} catch (NotReadableError $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$config = new Config();
}
if ($config->get('preferences', 'store', 'ini') !== 'none') {
$preferencesConfig = $config->getSection('preferences');
try {
$preferencesStore = PreferencesStore::create($preferencesConfig, $user);
$preferences = new Preferences($preferencesStore->load());
} catch (Exception $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$preferences = new Preferences();
}
} else {
$preferences = new Preferences();
}
$user->setPreferences($preferences);
$groups = $user->getGroups();
foreach (Config::app('groups') as $name => $config) {
try {
$groupBackend = UserGroupBackend::create($name, $config);
$groupsFromBackend = $groupBackend->getMemberships($user);
} catch (Exception $e) {
Logger::error('Can\'t get group memberships for user \'%s\' from backend \'%s\'. An exception was thrown: %s', $username, $name, $e);
continue;
}
if (empty($groupsFromBackend)) {
continue;
}
$groupsFromBackend = array_values($groupsFromBackend);
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
}
$user->setGroups($groups);
$admissionLoader = new AdmissionLoader();
list($permissions, $restrictions) = $admissionLoader->getPermissionsAndRestrictions($user);
$user->setPermissions($permissions);
$user->setRestrictions($restrictions);
$this->user = $user;
if ($persist) {
$this->persistCurrentUser();
}
}
protected function savePreferences(array $preferences)
{
$session = Session::getSession();
$currentPreferences = $session->user->getPreferences();
foreach ($preferences as $key => $value) {
if ($value === null) {
$currentPreferences->remove($key);
} else {
$currentPreferences->{$key} = $value;
}
}
$session->write();
if (($preferencesConfig = IcingaConfig::app()->preferences) === null) {
throw new ConfigurationError('Cannot save preferences changes since you\'ve not configured a preferences backend');
}
$store = PreferencesStore::create($preferencesConfig, $session->user);
$store->load();
// Necessary for patching existing preferences
$store->save($currentPreferences);
}
/**
* Check if the existing resources are set. If not, load them from resources.ini
*
* @throws ConfigurationError
*/
private static function assertResourcesExist()
{
if (self::$resources === null) {
self::$resources = Config::app('resources');
}
}
/**
* Return the default global setting for show_stacktraces
*
* @return bool
*/
protected function getDefaultShowStacktraces()
{
return Config::app()->get('global', 'show_stacktraces', true);
}
public function Config($file = null)
{
if ($file === null) {
return Config::app();
} else {
return Config::app($file);
}
}
/**
* Set up the user backend factory
*
* @return $this
*/
protected function setupUserBackendFactory()
{
try {
UserBackend::setConfig(Config::app('authentication'));
} catch (NotReadableError $e) {
Logger::error(new IcingaException('Cannot load user backend configuration. An exception was thrown:', $e));
}
return $this;
}
/**
* Create menu from the application's menu config file plus the config files from all enabled modules
*
* @return static
*
* @deprecated THIS IS OBSOLETE. LEFT HERE FOR FUTURE USE WITH USER-SPECIFIC MODULES
*/
public static function fromConfig()
{
$menu = new static('menu');
$manager = Icinga::app()->getModuleManager();
$modules = $manager->listEnabledModules();
$menuConfigs = array(Config::app('menu'));
foreach ($modules as $moduleName) {
$moduleMenuConfig = Config::module($moduleName, 'menu');
if (!$moduleMenuConfig->isEmpty()) {
$menuConfigs[] = $moduleMenuConfig;
}
}
return $menu->loadSubMenus($menu->flattenConfigs($menuConfigs));
}
/**
* Remove a role
*/
public function removeAction()
{
$this->assertPermission('config/authentication/roles/remove');
$name = $this->params->getRequired('role');
$role = new RoleForm();
try {
$role->setIniConfig(Config::app('roles', true))->load($name);
} catch (NotFoundError $e) {
$this->httpNotFound($e->getMessage());
}
$confirmation = new ConfirmRemovalForm(array('onSuccess' => function (ConfirmRemovalForm $confirmation) use($name, $role) {
try {
$role->remove($name);
} catch (NotFoundError $e) {
Notification::error($e->getMessage());
return false;
}
if ($role->save()) {
Notification::success(t('Role removed'));
return true;
}
return false;
}));
$confirmation->setSubmitLabel($this->translate('Remove Role'))->setRedirectUrl('role/list')->handleRequest();
$this->renderForm($confirmation, $this->translate('Remove Role'));
}
/**
* Edit a particular resource
*
* @param string $name The name of the resource to edit
* @param array $values The values to edit the configuration with
*
* @return array The edited configuration
*
* @throws InvalidArgumentException In case the resource does not exist
*/
public function edit($name, array $values)
{
if (!$name) {
throw new InvalidArgumentException($this->translate('Old resource name missing'));
} elseif (!($newName = isset($values['name']) ? $values['name'] : '')) {
throw new InvalidArgumentException($this->translate('New resource name missing'));
} elseif (!$this->config->hasSection($name)) {
throw new InvalidArgumentException($this->translate('Unknown resource provided'));
}
$resourceConfig = $this->config->getSection($name);
$this->config->removeSection($name);
unset($values['name']);
$this->config->setSection($newName, $resourceConfig->merge($values));
if ($newName !== $name) {
$appConfig = Config::app();
$section = $appConfig->getSection('global');
if ($section->config_resource === $name) {
$section->config_resource = $newName;
$this->updatedAppConfig = $appConfig->setSection('global', $section);
}
}
return $resourceConfig;
}
/**
* Retrieve restrictions
*
* @param $username
* @param array $groups
*
* @return array
*/
public function getRestrictions($username, array $groups)
{
$restrictions = array();
try {
$config = Config::app('restrictions');
} catch (NotReadableError $e) {
return $restrictions;
}
foreach ($config as $section) {
if ($this->match($section, $username, $groups)) {
if (!array_key_exists($section->name, $restrictions)) {
$restrictions[$section->name] = array();
}
$restrictions[$section->name][] = $section->restriction;
}
}
return $restrictions;
}
/**
* Return the given user group backend or the first match in order
*
* @param string $name The name of the backend, or null in case the first match should be returned
* @param string $interface The interface the backend should implement, no interface check if null
*
* @return UserGroupBackendInterface
*
* @throws Zend_Controller_Action_Exception In case the given backend name is invalid
*/
protected function getUserGroupBackend($name = null, $interface = 'Icinga\\Data\\Selectable')
{
if ($name !== null) {
$config = Config::app('groups');
if (!$config->hasSection($name)) {
$this->httpNotFound(sprintf($this->translate('User group backend "%s" not found'), $name));
} else {
$backend = UserGroupBackend::create($name, $config->getSection($name));
if ($interface && !$backend instanceof $interface) {
$interfaceParts = explode('\\', strtolower($interface));
throw new Zend_Controller_Action_Exception(sprintf($this->translate('User group backend "%s" is not %s'), $name, array_pop($interfaceParts)), 400);
}
}
} else {
$backends = $this->loadUserGroupBackends($interface);
$backend = array_shift($backends);
}
return $backend;
}
/**
* @depends testWhetherItIsPossibleToInitializeAConfigFromAIniFile
*/
public function testWhetherItIsPossibleToRetrieveApplicationConfiguration()
{
$config = Config::app();
$this->assertEquals(array('logging' => array('enable' => 1), 'backend' => array('type' => 'db', 'user' => 'user', 'password' => 'password', 'disable' => 1)), $config->toArray(), 'Config::app does not load INI files correctly');
}
/**
* Check whether the controller requires configuration. That is when no configuration
* is available and when it is possible to setup the configuration
*
* @return bool
*
* @see requiresConfiguration
*/
protected function requiresConfig()
{
if (!$this->requiresConfiguration) {
return false;
}
if (file_exists(Config::$configDir . '/setup.token')) {
try {
$config = Config::app()->toArray();
} catch (NotReadableError $e) {
return true;
}
return empty($config);
} else {
return false;
}
}
/**
* Log into the application
*/
public function loginAction()
{
$icinga = Icinga::app();
if ($icinga->setupTokenExists() && $icinga->requiresSetup()) {
$this->redirectNow(Url::fromPath('setup'));
}
$triedOnlyExternalAuth = null;
$auth = $this->Auth();
$this->view->form = $form = new LoginForm();
$this->view->title = $this->translate('Icingaweb Login');
try {
$redirectUrl = $this->view->form->getValue('redirect');
if ($redirectUrl) {
$redirectUrl = Url::fromPath($redirectUrl);
} else {
$redirectUrl = Url::fromPath('dashboard');
}
if ($auth->isAuthenticated()) {
$this->rerenderLayout()->redirectNow($redirectUrl);
}
try {
$config = Config::app('authentication');
} catch (NotReadableError $e) {
throw new ConfigurationError($this->translate('Could not read your authentication.ini, no authentication methods are available.'), 0, $e);
}
$chain = new AuthChain($config);
$request = $this->getRequest();
if ($request->isPost() && $this->view->form->isValid($request->getPost())) {
$user = new User($this->view->form->getValue('username'));
$password = $this->view->form->getValue('password');
$backendsTried = 0;
$backendsWithError = 0;
$redirectUrl = $form->getValue('redirect');
if ($redirectUrl) {
$redirectUrl = Url::fromPath($redirectUrl);
} else {
$redirectUrl = Url::fromPath('dashboard');
}
foreach ($chain as $backend) {
if ($backend instanceof ExternalBackend) {
continue;
}
++$backendsTried;
try {
$authenticated = $backend->authenticate($user, $password);
} catch (AuthenticationException $e) {
Logger::error($e);
++$backendsWithError;
continue;
}
if ($authenticated === true) {
$auth->setAuthenticated($user);
$this->rerenderLayout()->redirectNow($redirectUrl);
}
}
if ($backendsTried === 0) {
$this->view->form->addError($this->translate('No authentication methods available. Did you create' . ' authentication.ini when setting up Icinga Web 2?'));
} else {
if ($backendsTried === $backendsWithError) {
$this->view->form->addError($this->translate('All configured authentication methods failed.' . ' Please check the system log or Icinga Web 2 log for more information.'));
} elseif ($backendsWithError) {
$this->view->form->addError($this->translate('Please note that not all authentication methods were available.' . ' Check the system log or Icinga Web 2 log for more information.'));
}
}
if ($backendsTried > 0 && $backendsTried !== $backendsWithError) {
$this->view->form->getElement('password')->addError($this->translate('Incorrect username or password'));
}
} elseif ($request->isGet()) {
$user = new User('');
foreach ($chain as $backend) {
$triedOnlyExternalAuth = $triedOnlyExternalAuth === null;
if ($backend instanceof ExternalBackend) {
$authenticated = $backend->authenticate($user);
if ($authenticated === true) {
$auth->setAuthenticated($user);
$this->rerenderLayout()->redirectNow(Url::fromPath(Url::fromRequest()->getParam('redirect', 'dashboard')));
}
} else {
$triedOnlyExternalAuth = false;
}
}
}
} catch (Exception $e) {
$this->view->form->addError($e->getMessage());
}
$this->view->requiresExternalAuth = $triedOnlyExternalAuth && !$auth->isAuthenticated();
$this->view->requiresSetup = Icinga::app()->requiresSetup();
}
/**
* Remove a user group backend
*/
public function removeAction()
{
$backendName = $this->params->getRequired('backend');
$backendForm = new UserGroupBackendForm();
$backendForm->setIniConfig(Config::app('groups'));
$form = new ConfirmRemovalForm();
$form->setRedirectUrl('usergroupbackend/list');
$form->setOnSuccess(function (ConfirmRemovalForm $form) use($backendName, $backendForm) {
try {
$backendForm->delete($backendName);
} catch (Exception $e) {
$form->error($e->getMessage());
return false;
}
if ($backendForm->save()) {
Notification::success(sprintf(t('User group backend "%s" successfully removed'), $backendName));
return true;
}
return false;
});
$form->handleRequest();
$this->renderForm($form, $this->translate('Remove User Group Backend'));
}
/**
* Load and return the shared navigation of the given type
*
* @param string $type
*
* @return Navigation
*/
public function getSharedNavigation($type)
{
$config = Config::app('navigation')->getConfigObject();
$config->setKeyColumn('name');
if ($type === 'dashboard-pane') {
$panes = array();
foreach ($config->select()->where('type', 'dashlet') as $dashletName => $dashletConfig) {
if ($this->hasAccessToSharedNavigationItem($dashletConfig)) {
// TODO: Throw ConfigurationError if pane or url is missing
$panes[$dashletConfig->pane][$dashletName] = $dashletConfig->url;
}
}
$navigation = new Navigation();
foreach ($panes as $paneName => $dashlets) {
$navigation->addItem($paneName, array('type' => 'dashboard-pane', 'dashlets' => $dashlets));
}
} else {
$items = array();
foreach ($config->select()->where('type', $type) as $name => $typeConfig) {
if ($this->hasAccessToSharedNavigationItem($typeConfig)) {
$items[$name] = $typeConfig;
}
}
$navigation = Navigation::fromConfig($items);
}
return $navigation;
}
/**
* Display a confirmation form to remove a resource
*/
public function removeresourceAction()
{
$this->assertPermission('config/application/resources');
$this->getTabs()->add('resources/remove', array('label' => $this->translate('Remove Resource'), 'url' => Url::fromRequest()))->activate('resources/remove');
$form = new ConfirmRemovalForm(array('onSuccess' => function ($form) {
$configForm = new ResourceConfigForm();
$configForm->setIniConfig(Config::app('resources'));
$resource = $form->getRequest()->getQuery('resource');
try {
$configForm->remove($resource);
} catch (InvalidArgumentException $e) {
Notification::error($e->getMessage());
return false;
}
if ($configForm->save()) {
Notification::success(sprintf(t('Resource "%s" has been successfully removed'), $resource));
} else {
return false;
}
}));
$form->setRedirectUrl('config/resource');
$form->handleRequest();
// Check if selected resource is currently used for authentication
$resource = $this->getRequest()->getQuery('resource');
$authConfig = Config::app('authentication');
foreach ($authConfig as $backendName => $config) {
if ($config->get('resource') === $resource) {
$form->addDescription(sprintf($this->translate('The resource "%s" is currently utilized for authentication by user backend "%s". ' . 'Removing the resource can result in noone being able to log in any longer.'), $resource, $backendName));
}
}
$this->view->form = $form;
$this->render('resource/remove');
}
public function setAuthenticated(User $user, $persist = true)
{
$username = $user->getUsername();
try {
$config = Config::app();
} catch (NotReadableError $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$config = new Config();
}
if ($config->get('global', 'config_backend', 'ini') !== 'none') {
$preferencesConfig = new ConfigObject(array('store' => $config->get('global', 'config_backend', 'ini'), 'resource' => $config->get('global', 'config_resource')));
try {
$preferencesStore = PreferencesStore::create($preferencesConfig, $user);
$preferences = new Preferences($preferencesStore->load());
} catch (Exception $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$preferences = new Preferences();
}
} else {
$preferences = new Preferences();
}
// TODO(el): Quick-fix for #10957. Only reload CSS if the theme changed.
$this->getResponse()->setReloadCss(true);
$user->setPreferences($preferences);
$groups = $user->getGroups();
foreach (Config::app('groups') as $name => $config) {
try {
$groupBackend = UserGroupBackend::create($name, $config);
$groupsFromBackend = $groupBackend->getMemberships($user);
} catch (Exception $e) {
Logger::error('Can\'t get group memberships for user \'%s\' from backend \'%s\'. An exception was thrown: %s', $username, $name, $e);
continue;
}
if (empty($groupsFromBackend)) {
continue;
}
$groupsFromBackend = array_values($groupsFromBackend);
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
}
$user->setGroups($groups);
$admissionLoader = new AdmissionLoader();
$admissionLoader->applyRoles($user);
$this->user = $user;
if ($persist) {
$this->persistCurrentUser();
}
}