public static function auth()
{
if (self::$auth === null) {
self::$auth = Auth::getInstance();
}
return self::$auth;
}
/**
* {@inheritDoc}
*/
protected function createInsertElements(array $formData)
{
$this->addElement('text', 'author', array('required' => true, 'value' => Auth::getInstance()->getUser()->getUsername(), 'disabled' => true));
$this->addElement('textarea', 'message', array('required' => true, 'label' => $this->translate('Message'), 'description' => $this->translate('The message to display to users')));
$this->addElement('dateTimePicker', 'start', array('required' => true, 'label' => $this->translate('Start'), 'description' => $this->translate('The time to display the announcement from')));
$this->addElement('dateTimePicker', 'end', array('required' => true, 'label' => $this->translate('End'), 'description' => $this->translate('The time to display the announcement until')));
$this->setTitle($this->translate('Create a new announcement'));
$this->setSubmitLabel($this->translate('Create'));
}
protected static function username()
{
$auth = Auth::getInstance();
if ($auth->isAuthenticated()) {
return $auth->getUser()->getUsername();
} else {
return '<unknown>';
}
}
protected static function username()
{
if (Icinga::app()->isCli()) {
return 'cli';
}
$auth = Auth::getInstance();
if ($auth->isAuthenticated()) {
return $auth->getUser()->getUsername();
} else {
return '<unknown>';
}
}
/**
* Accept menu items that are permitted to the user
*
* @return bool Whether the user has the required permission granted to display the menu item
*/
public function accept()
{
$item = $this->current();
/** @var Menu $item */
if (($permission = $item->getPermission()) !== null) {
$auth = Auth::getInstance();
if (!$auth->isAuthenticated()) {
// Don't accept menu item because user is not authenticated and the menu item requires a permission
return false;
}
if (!$auth->getUser()->can($permission)) {
return false;
}
}
// Accept menu item if it does not require a permission
return true;
}
/**
* Collect Web 2 and module LESS files and add them to the LESS compiler
*/
protected function collect()
{
foreach (self::$lessFiles as $lessFile) {
$this->lessCompiler->addLessFile($this->pubPath . '/' . $lessFile);
}
$mm = $this->app->getModuleManager();
foreach ($mm->getLoadedModules() as $moduleName => $module) {
if ($module->hasCss()) {
foreach ($module->getCssFiles() as $lessFilePath) {
$this->lessCompiler->addModuleLessFile($moduleName, $lessFilePath);
}
}
}
$themingConfig = $this->app->getConfig()->getSection('themes');
$defaultTheme = $themingConfig->get('default');
$theme = null;
if ((bool) $themingConfig->get('disabled', false)) {
if ($defaultTheme !== null && $defaultTheme !== self::DEFAULT_THEME) {
$theme = $defaultTheme;
}
} else {
$auth = Auth::getInstance();
if ($auth->isAuthenticated()) {
$userTheme = $auth->getUser()->getPreferences()->getValue('icingaweb', 'theme');
if ($userTheme !== null) {
$theme = $userTheme;
} elseif ($defaultTheme !== null && $defaultTheme !== self::DEFAULT_THEME) {
$theme = $defaultTheme;
}
}
}
if ($theme) {
if (($pos = strpos($theme, '/')) !== false) {
$moduleName = substr($theme, 0, $pos);
$theme = substr($theme, $pos + 1);
if ($mm->hasLoaded($moduleName)) {
$module = $mm->getModule($moduleName);
$this->lessCompiler->setTheme($module->getCssDir() . '/themes/' . $theme . '.less');
}
} else {
$this->lessCompiler->setTheme($this->pubPath . '/css/themes/' . $theme . '.less');
}
}
}
/**
* {@inheritdoc}
*/
public function onRequest()
{
$auth = Auth::getInstance();
$onlyExternal = true;
// TODO(el): This may be set on the auth chain once iterated. See Auth::authExternal().
foreach ($auth->getAuthChain() as $backend) {
if (!$backend instanceof ExternalBackend) {
$onlyExternal = false;
}
}
if ($onlyExternal) {
$this->addError($this->translate('You\'re currently not authenticated using any of the web server\'s authentication mechanisms.' . ' Make sure you\'ll configure such, otherwise you\'ll not be able to login.'));
}
}
/**
* @see Form::createElements()
*/
public function createElements(array $formData)
{
$languages = array();
$languages['autodetect'] = sprintf($this->translate('Browser (%s)', 'preferences.form'), $this->getLocale());
foreach (Translator::getAvailableLocaleCodes() as $language) {
$languages[$language] = $language;
}
$tzList = array();
$tzList['autodetect'] = sprintf($this->translate('Browser (%s)', 'preferences.form'), $this->getDefaultTimezone());
foreach (DateTimeZone::listIdentifiers() as $tz) {
$tzList[$tz] = $tz;
}
$this->addElement('select', 'language', array('required' => true, 'label' => $this->translate('Your Current Language'), 'description' => $this->translate('Use the following language to display texts and messages'), 'multiOptions' => $languages, 'value' => substr(setlocale(LC_ALL, 0), 0, 5)));
$this->addElement('select', 'timezone', array('required' => true, 'label' => $this->translate('Your Current Timezone'), 'description' => $this->translate('Use the following timezone for dates and times'), 'multiOptions' => $tzList, 'value' => $this->getDefaultTimezone()));
if (Auth::getInstance()->hasPermission('application/stacktraces')) {
$this->addElement('checkbox', 'show_stacktraces', array('required' => true, 'value' => $this->getDefaultShowStacktraces(), 'label' => $this->translate('Show Stacktraces'), 'description' => $this->translate('Set whether to show an exception\'s stacktrace.')));
}
$this->addElement('checkbox', 'show_benchmark', array('required' => true, 'label' => $this->translate('Use benchmark')));
$this->addElement('checkbox', 'auto_refresh', array('required' => false, 'label' => $this->translate('Enable auto refresh'), 'description' => $this->translate('This option allows you to enable or to disable the global page content auto refresh'), 'value' => 1));
if ($this->store) {
$this->addElement('submit', 'btn_submit_preferences', array('ignore' => true, 'label' => $this->translate('Save to the Preferences'), 'decorators' => array('ViewHelper')));
}
$this->addElement('submit', 'btn_submit_session', array('ignore' => true, 'label' => $this->translate('Save for the current Session'), 'decorators' => array('ViewHelper')));
$this->setAttrib('data-progress-element', 'preferences-progress');
$this->addElement('note', 'preferences-progress', array('decorators' => array('ViewHelper', array('Spinner', array('id' => 'preferences-progress')))));
$this->addDisplayGroup(array('btn_submit_preferences', 'btn_submit_session', 'preferences-progress'), 'submit_buttons', array('decorators' => array('FormElements', array('HtmlTag', array('tag' => 'div', 'class' => 'control-group')))));
}
/**
* {@inheritdoc}
*/
public function isValid($formData)
{
if (!parent::isValid($formData)) {
return false;
}
$valid = true;
if (isset($formData['users']) && $formData['users']) {
$parsedUserRestrictions = array();
foreach (Auth::getInstance()->getRestrictions('application/share/users') as $userRestriction) {
$parsedUserRestrictions[] = array_map('trim', explode(',', $userRestriction));
}
if (!empty($parsedUserRestrictions)) {
$desiredUsers = array_map('trim', explode(',', $formData['users']));
array_unshift($parsedUserRestrictions, $desiredUsers);
$forbiddenUsers = call_user_func_array('array_diff', $parsedUserRestrictions);
if (!empty($forbiddenUsers)) {
$valid = false;
$this->getElement('users')->addError($this->translate(sprintf('You are not permitted to share this navigation item with the following users: %s', implode(', ', $forbiddenUsers))));
}
}
}
if (isset($formData['groups']) && $formData['groups']) {
$parsedGroupRestrictions = array();
foreach (Auth::getInstance()->getRestrictions('application/share/groups') as $groupRestriction) {
$parsedGroupRestrictions[] = array_map('trim', explode(',', $groupRestriction));
}
if (!empty($parsedGroupRestrictions)) {
$desiredGroups = array_map('trim', explode(',', $formData['groups']));
array_unshift($parsedGroupRestrictions, $desiredGroups);
$forbiddenGroups = call_user_func_array('array_diff', $parsedGroupRestrictions);
if (!empty($forbiddenGroups)) {
$valid = false;
$this->getElement('groups')->addError($this->translate(sprintf('You are not permitted to share this navigation item with the following groups: %s', implode(', ', $forbiddenGroups))));
}
}
}
return $valid;
}
/**
* Extend this navigation set with all additional items of the given type
*
* This will fetch navigation items from the following sources:
* * User Shareables
* * User Preferences
* * Modules
* Any existing entry will be overwritten by one that is coming later in order.
*
* @param string $type
*
* @return $this
*/
public function load($type)
{
// Shareables
$this->merge(Icinga::app()->getSharedNavigation($type));
// User Preferences
$user = Auth::getInstance()->getUser();
$this->merge($user->getNavigation($type));
// Modules
$moduleManager = Icinga::app()->getModuleManager();
foreach ($moduleManager->getLoadedModules() as $module) {
if ($user->can($moduleManager::MODULE_PERMISSION_NS . $module->getName())) {
if ($type === 'menu-item') {
$this->merge($module->getMenu());
} elseif ($type === 'dashboard-pane') {
$this->merge($module->getDashboard());
}
}
}
return $this;
}
<?php
/** @var Icinga\Application\Modules\Module $this */
use Icinga\Authentication\Auth;
$auth = Auth::getInstance();
$this->providePermission('elasticsearch/search', $this->translate('Allow unrestricted access to query data in Elasticsearch'));
$this->providePermission('elasticsearch/events', $this->translate('Allow listing of events based on configured event types'));
$this->provideRestriction('elasticsearch/events/allowed_types', $this->translate('Restrict the types the user may use'));
$section = $this->menuSection('Elasticsearch')->setIcon('doc-text')->setUrl('elasticsearch');
if ($auth->hasPermission('elasticsearch/search')) {
$section->add(t('Event search'))->setIcon('search')->setUrl('elasticsearch/search');
}
if ($auth->hasPermission('config/elasticsearch')) {
$section->add(t('Event Types'))->setIcon('sliders')->setUrl('elasticsearch/types');
}
$this->provideConfigTab('elasticsearch', array('title' => $this->translate('Configure Elasticsearch settings'), 'label' => $this->translate('Elasticsearch'), 'url' => 'config/elasticsearch'));
/**
* Return the global navigation item type configuration
*
* @return array
*/
public static function getItemTypeConfiguration()
{
$defaultItemTypes = array('menu-item' => array('label' => t('Menu Entry'), 'config' => 'menu'));
$moduleItemTypes = array();
$moduleManager = Icinga::app()->getModuleManager();
foreach ($moduleManager->getLoadedModules() as $module) {
if (Auth::getInstance()->hasPermission($moduleManager::MODULE_PERMISSION_NS . $module->getName())) {
foreach ($module->getNavigationItems() as $type => $options) {
if (!isset($moduleItemTypes[$type])) {
$moduleItemTypes[$type] = $options;
}
}
}
}
return array_merge($defaultItemTypes, $moduleItemTypes);
}
/**
* Hide all blacklisted properties from the user as restricted by monitoring/blacklist/properties
*
* Currently this only affects the custom variables
*/
protected function hideBlacklistedProperties()
{
if ($this->blacklistedProperties === null) {
$this->blacklistedProperties = new GlobFilter(Auth::getInstance()->getRestrictions('monitoring/blacklist/properties'));
}
$allProperties = $this->blacklistedProperties->removeMatching(array($this->type => array('vars' => $this->customvars)));
$this->customvars = isset($allProperties[$this->type]['vars']) ? $allProperties[$this->type]['vars'] : array();
}
/**
* Setup internationalization using gettext
*
* Uses the preferred user language or the browser suggested language or our default.
*
* @return string Detected locale code
*
* @see Translator::DEFAULT_LOCALE For the the default locale code.
*/
protected function detectLocale()
{
$auth = Auth::getInstance();
if ($auth->isAuthenticated() && ($locale = $auth->getUser()->getPreferences()->getValue('icingaweb', 'language')) !== null) {
return $locale;
}
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
return Translator::getPreferredLocaleCode($_SERVER['HTTP_ACCEPT_LANGUAGE']);
}
return Translator::DEFAULT_LOCALE;
}
<?php
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
namespace Icinga\Web\View;
use Icinga\Authentication\Auth;
use Icinga\Web\Widget;
$this->addHelperFunction('auth', function () {
return Auth::getInstance();
});
$this->addHelperFunction('widget', function ($name, $options = null) {
return Widget::create($name, $options);
});
/**
* Add Applications Main Menu Items
*/
protected function addMainMenuItems()
{
$auth = Auth::getInstance();
if ($auth->isAuthenticated()) {
$this->add(t('Dashboard'), array('url' => 'dashboard', 'icon' => 'dashboard', 'priority' => 10));
$section = $this->add(t('System'), array('icon' => 'services', 'priority' => 700, 'renderer' => array('SummaryMenuItemRenderer', 'state' => 'critical')));
$section->add(t('About'), array('url' => 'about', 'priority' => 701));
if (Logger::writesToFile()) {
$section->add(t('Application Log'), array('url' => 'list/applicationlog', 'permission' => 'application/log', 'priority' => 710));
}
$section = $this->add(t('Configuration'), array('icon' => 'wrench', 'permission' => 'config/*', 'priority' => 800));
$section->add(t('Application'), array('url' => 'config/general', 'permission' => 'config/application/*', 'priority' => 810));
$section->add(t('Authentication'), array('url' => 'config/userbackend', 'permission' => 'config/authentication/*', 'priority' => 820));
$section->add(t('Roles'), array('url' => 'role/list', 'permission' => 'config/authentication/roles/show', 'priority' => 830));
$section->add(t('Users'), array('url' => 'user/list', 'permission' => 'config/authentication/users/show', 'priority' => 840));
$section->add(t('Usergroups'), array('url' => 'group/list', 'permission' => 'config/authentication/groups/show', 'priority' => 850));
$section->add(t('Modules'), array('url' => 'config/modules', 'permission' => 'config/modules', 'priority' => 890));
$section = $this->add($auth->getUser()->getUsername(), array('icon' => 'user', 'priority' => 900));
$section->add(t('Preferences'), array('url' => 'preference', 'priority' => 910));
$section->add(t('Logout'), array('url' => 'authentication/logout', 'priority' => 990, 'renderer' => array('MenuItemRenderer', 'target' => '_self')));
}
}
public function __construct()
{
$this->auth = Auth::getInstance();
}
/**
* Apply a restriction on the given data view
*
* @param string $restriction The name of restriction
* @param Filterable $filterable The filterable to restrict
*
* @return Filterable The filterable
*/
protected static function applyRestriction($restriction, Filterable $filterable)
{
$restrictions = Filter::matchAny();
foreach (Auth::getInstance()->getRestrictions($restriction) as $filter) {
$restrictions->addFilter(Filter::fromQueryString($filter));
}
$filterable->applyFilter($restrictions);
return $filterable;
}
/**
* Return whether the user has the permission to access the module which provides the given hook
*
* @param string $class The hook's class path
*
* @return bool
*/
protected static function hasPermission($class)
{
return Auth::getInstance()->hasPermission(Manager::MODULE_PERMISSION_NS . self::extractModuleName($class));
}
/**
* Get the authentication manager
*
* @return Auth
*/
public function Auth()
{
if ($this->auth === null) {
$this->auth = Auth::getInstance();
}
return $this->auth;
}
/**
* @see Form::createElements()
*/
public function createElements(array $formData)
{
if (setlocale(LC_ALL, 0) === 'C') {
$this->warning($this->translate('Your language setting is not applied because your platform is missing the corresponding locale.' . ' Make sure to install the correct language pack and restart your web server afterwards.'), false);
}
if (!(bool) Config::app()->get('themes', 'disabled', false)) {
$themes = Icinga::app()->getThemes();
if (count($themes) > 1) {
$defaultTheme = Config::app()->get('themes', 'default', StyleSheet::DEFAULT_THEME);
if (isset($themes[$defaultTheme])) {
$themes[$defaultTheme] .= ' (' . $this->translate('default') . ')';
}
$this->addElement('select', 'theme', array('label' => $this->translate('Theme', 'Form element label'), 'multiOptions' => $themes, 'value' => $this->preferences->getValue('icingaweb', 'theme', $defaultTheme)));
}
}
$languages = array();
$languages['autodetect'] = sprintf($this->translate('Browser (%s)', 'preferences.form'), $this->getLocale());
foreach (Translator::getAvailableLocaleCodes() as $language) {
$languages[$language] = $language;
}
$tzList = array();
$tzList['autodetect'] = sprintf($this->translate('Browser (%s)', 'preferences.form'), $this->getDefaultTimezone());
foreach (DateTimeZone::listIdentifiers() as $tz) {
$tzList[$tz] = $tz;
}
$this->addElement('select', 'language', array('required' => true, 'label' => $this->translate('Your Current Language'), 'description' => $this->translate('Use the following language to display texts and messages'), 'multiOptions' => $languages, 'value' => substr(setlocale(LC_ALL, 0), 0, 5)));
$this->addElement('select', 'timezone', array('required' => true, 'label' => $this->translate('Your Current Timezone'), 'description' => $this->translate('Use the following timezone for dates and times'), 'multiOptions' => $tzList, 'value' => $this->getDefaultTimezone()));
if (Auth::getInstance()->hasPermission('application/stacktraces')) {
$this->addElement('checkbox', 'show_stacktraces', array('required' => true, 'value' => $this->getDefaultShowStacktraces(), 'label' => $this->translate('Show Stacktraces'), 'description' => $this->translate('Set whether to show an exception\'s stacktrace.')));
}
$this->addElement('checkbox', 'show_benchmark', array('required' => true, 'label' => $this->translate('Use benchmark')));
$this->addElement('checkbox', 'auto_refresh', array('required' => false, 'label' => $this->translate('Enable auto refresh'), 'description' => $this->translate('This option allows you to enable or to disable the global page content auto refresh'), 'value' => 1));
if ($this->store) {
$this->addElement('submit', 'btn_submit_preferences', array('ignore' => true, 'label' => $this->translate('Save to the Preferences'), 'decorators' => array('ViewHelper')));
}
$this->addElement('submit', 'btn_submit_session', array('ignore' => true, 'label' => $this->translate('Save for the current Session'), 'decorators' => array('ViewHelper')));
$this->setAttrib('data-progress-element', 'preferences-progress');
$this->addElement('note', 'preferences-progress', array('decorators' => array('ViewHelper', array('Spinner', array('id' => 'preferences-progress')))));
$this->addDisplayGroup(array('btn_submit_preferences', 'btn_submit_session', 'preferences-progress'), 'submit_buttons', array('decorators' => array('FormElements', array('HtmlTag', array('tag' => 'div', 'class' => 'control-group')))));
}