diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php index b6e425ef..85ab9495 100644 --- a/application/controllers/UserController.php +++ b/application/controllers/UserController.php @@ -6,6 +6,7 @@ use Icinga\Exception\NotFoundError; use Icinga\Module\Icingadb\Model\User; use Icinga\Module\Icingadb\Web\Controller; use Icinga\Module\Icingadb\Widget\ItemList\UserList; +use Icinga\Security\SecurityException; use ipl\Html\Html; class UserController extends Controller @@ -15,6 +16,10 @@ class UserController extends Controller public function init() { + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + $this->setTitle($this->translate('User')); $name = $this->params->shiftRequired('name'); diff --git a/application/controllers/UsergroupController.php b/application/controllers/UsergroupController.php index 2deb6a1c..06b16a79 100644 --- a/application/controllers/UsergroupController.php +++ b/application/controllers/UsergroupController.php @@ -7,7 +7,7 @@ use Icinga\Module\Icingadb\Model\Usergroup; use Icinga\Module\Icingadb\Web\Controller; use Icinga\Module\Icingadb\Widget\ItemList\UsergroupList; use Icinga\Module\Icingadb\Widget\ItemList\UserList; -use ipl\Html\Html; +use Icinga\Security\SecurityException; class UsergroupController extends Controller { @@ -16,6 +16,10 @@ class UsergroupController extends Controller public function init() { + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + $this->setTitle($this->translate('User Group')); $name = $this->params->shiftRequired('name'); diff --git a/application/controllers/UsergroupsController.php b/application/controllers/UsergroupsController.php index 57f27787..8ec33ec1 100644 --- a/application/controllers/UsergroupsController.php +++ b/application/controllers/UsergroupsController.php @@ -5,9 +5,19 @@ namespace Icinga\Module\Icingadb\Controllers; use Icinga\Module\Icingadb\Model\Usergroup; use Icinga\Module\Icingadb\Web\Controller; use Icinga\Module\Icingadb\Widget\ItemList\UsergroupList; +use Icinga\Security\SecurityException; class UsergroupsController extends Controller { + public function init() + { + parent::init(); + + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + } + public function indexAction() { $this->setTitle($this->translate('User Groups')); diff --git a/application/controllers/UsersController.php b/application/controllers/UsersController.php index fda38a1d..4d9762cc 100644 --- a/application/controllers/UsersController.php +++ b/application/controllers/UsersController.php @@ -5,9 +5,19 @@ namespace Icinga\Module\Icingadb\Controllers; use Icinga\Module\Icingadb\Model\User; use Icinga\Module\Icingadb\Web\Controller; use Icinga\Module\Icingadb\Widget\ItemList\UserList; +use Icinga\Security\SecurityException; class UsersController extends Controller { + public function init() + { + parent::init(); + + if (! $this->hasPermission('*') && $this->hasPermission('no-monitoring/contacts')) { + throw new SecurityException('No permission for %s', 'monitoring/contacts'); + } + } + public function indexAction() { $this->setTitle($this->translate('Users')); diff --git a/configuration.php b/configuration.php index e824d130..36f5c927 100644 --- a/configuration.php +++ b/configuration.php @@ -2,6 +2,8 @@ namespace Icinga\Module\Icingadb { + use Icinga\Authentication\Auth; + /** @var \Icinga\Application\Modules\Module $this */ $section = $this->menuSection(N_('Icinga DB'), [ 'icon' => 'database', @@ -28,14 +30,19 @@ namespace Icinga\Module\Icingadb 'url' => 'icingadb/notifications', 'priority' => 50 ]); - $section->add(N_('Users'), [ - 'url' => 'icingadb/users', - 'priority' => 60 - ]); - $section->add(N_('User Groups'), [ - 'url' => 'icingadb/usergroups', - 'priority' => 70 - ]); + + $auth = Auth::getInstance(); + if ($auth->hasPermission('*') || ! $auth->hasPermission('no-monitoring/contacts')) { + $section->add(N_('Users'), [ + 'url' => 'icingadb/users', + 'priority' => 60 + ]); + $section->add(N_('User Groups'), [ + 'url' => 'icingadb/usergroups', + 'priority' => 70 + ]); + } + $section->add(N_('Host Groups'), [ 'url' => 'icingadb/hostgroups', 'priority' => 80 diff --git a/library/Icingadb/Widget/Detail/ObjectDetail.php b/library/Icingadb/Widget/Detail/ObjectDetail.php index eb29c00e..ed52c56b 100644 --- a/library/Icingadb/Widget/Detail/ObjectDetail.php +++ b/library/Icingadb/Widget/Detail/ObjectDetail.php @@ -3,6 +3,7 @@ namespace Icinga\Module\Icingadb\Widget\Detail; use Icinga\Application\Icinga; +use Icinga\Module\Icingadb\Common\Auth; use Icinga\Module\Icingadb\Common\HostLinks; use Icinga\Module\Icingadb\Common\HostStates; use Icinga\Module\Icingadb\Common\Icons; @@ -26,6 +27,8 @@ use Zend_View_Helper_Perfdata; class ObjectDetail extends BaseHtmlElement { + use Auth; + protected $object; protected $objectType; @@ -219,13 +222,18 @@ class ObjectDetail extends BaseHtmlElement $users = []; $usergroups = []; - foreach ($this->object->notification as $notification) { - foreach ($notification->user as $user) { - $users[$user->name] = $user; - } + if ( + $this->getAuth()->hasPermission('*') + || ! $this->getAuth()->hasPermission('no-monitoring/contacts') + ) { + foreach ($this->object->notification as $notification) { + foreach ($notification->user as $user) { + $users[$user->name] = $user; + } - foreach ($notification->usergroup as $usergroup) { - $usergroups[$usergroup->name] = $usergroup; + foreach ($notification->usergroup as $usergroup) { + $usergroups[$usergroup->name] = $usergroup; + } } }