From: <mgu...@us...> - 2011-09-19 16:55:06
|
Revision: 1809 http://nagios.svn.sourceforge.net/nagios/?rev=1809&view=rev Author: mguthrie88 Date: 2011-09-19 16:54:59 +0000 (Mon, 19 Sep 2011) Log Message: ----------- Merged user-level dev changes into main trunk. Continued User-level auth integration. Began phasing out old global authorizations array usage Modified Paths: -------------- nagiosvshell/trunk/vshell/constants.inc.php nagiosvshell/trunk/vshell/controllers/authorizations.inc.php nagiosvshell/trunk/vshell/controllers/controller.php nagiosvshell/trunk/vshell/controllers/controllers.inc.php nagiosvshell/trunk/vshell/controllers/status_functions.php nagiosvshell/trunk/vshell/data/NagiosData.php nagiosvshell/trunk/vshell/data/build_groups.php nagiosvshell/trunk/vshell/data/data.inc.php nagiosvshell/trunk/vshell/data/get_tac_data.php nagiosvshell/trunk/vshell/data/read_objects.php nagiosvshell/trunk/vshell/data/read_perms.php nagiosvshell/trunk/vshell/index.php nagiosvshell/trunk/vshell/session.inc.php nagiosvshell/trunk/vshell/views/config_viewer.php nagiosvshell/trunk/vshell/views/display_functions.php nagiosvshell/trunk/vshell/views/header.php nagiosvshell/trunk/vshell/views/hostgroups.php nagiosvshell/trunk/vshell/views/servicegroups.php Added Paths: ----------- nagiosvshell/trunk/vshell/controllers/data_functions.inc.php nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php nagiosvshell/trunk/vshell/controllers/output_functions.inc.php nagiosvshell/trunk/vshell/data/NagiosUser.php Modified: nagiosvshell/trunk/vshell/constants.inc.php =================================================================== --- nagiosvshell/trunk/vshell/constants.inc.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/constants.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -68,7 +68,7 @@ // Switch to use external configuration file by Tony Yarusso, 30 March 2011 $ini_array = parse_ini_file("/etc/vshell.conf"); -define('VERSION', '1.7'); +define('VERSION', '1.8'); define('LANG',$ini_array["LANG"]); //server root information Modified: nagiosvshell/trunk/vshell/controllers/authorizations.inc.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/authorizations.inc.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/controllers/authorizations.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -51,13 +51,13 @@ $authorizations = array( - 'host_commands' => 0, - 'hosts' => 0, - 'service_commands' => 0, - 'services' => 0, - 'configuration_information' => 0, - 'system_commands' => 0, - 'system_information' => 0, + 'authorized_for_host_commands' => 0, + 'authorized_for_hosts' => 0, + 'authorized_for_service_commands' => 0, + 'authorized_for_services' => 0, + 'authorized_for_configuration_information' => 0, + 'authorized_for_system_commands' => 0, + 'authorized_for_system_information' => 0, ); Modified: nagiosvshell/trunk/vshell/controllers/controller.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/controller.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/controllers/controller.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -76,6 +76,7 @@ { global $authorizations; + global $NagiosUser; list($mode, $type) = array(NULL, NULL); list($state_filter, $name_filter, $objtype_filter) = array(NULL, NULL, NULL); @@ -92,50 +93,40 @@ switch($type) { case 'services': case 'hosts': - if ($authorizations[$type] == 1) { $data = hosts_and_services_data($type, $state_filter, $name_filter); $html_output_function = 'hosts_and_services_output'; - } break; case 'hostgroups': case 'servicegroups': - if($authorizations['hosts']==1) - { - if ($type == 'hostgroups' || ($type == 'servicegroups' && $authorizations['services']==1)) { - $data = hostgroups_and_servicegroups_data($type, $name_filter); - $html_output_function = 'hostgroups_and_servicegroups_output'; - } + if ($type == 'hostgroups' || $type == 'servicegroups') + { + $data = hostgroups_and_servicegroups_data($type, $name_filter); + $html_output_function = 'hostgroups_and_servicegroups_output'; } - break; case 'hostdetail': case 'servicedetail': - if($authorizations['hosts']==1 && $name_filter) - { $data = host_and_service_detail_data($type, $name_filter); - $html_output_function = 'host_and_service_detail_output'; - } + $html_output_function = 'host_and_service_detail_output'; break; case 'object': if ($objtype_filter) { - if($authorizations['configuration_information']==1 || - $authorizations['host_commands']==1 || - $authorizations['service_commands']==1 || - $authorizations['system_commands']==1) + if($NagiosUser->if_has_authKey('authorized_for_configuration_information')) //only administrative users should be able to see config info { $data = object_data($objtype_filter, $name_filter); $type = $objtype_filter; $html_output_function = 'object_output'; } + else send_home(); } break; case 'backend': - $xmlout = tac_xml(get_tac_data()); + $xmlout = tac_xml(get_tac_data()); break; case 'overview': @@ -160,60 +151,26 @@ break; case 'xml': - if($type!='backend') - { - require_once(DIRBASE.'/views/xml.php'); - $title = ucwords($type); - build_xml_page($data, $title); - header('Location: '.BASEURL.'tmp/'.$title.'.xml'); - } - header('Content-type: text/xml'); - if($type=='backend') echo $xmlout; //xml backend access for nagios fusion - #$output = build_xml_data($data, $title); + if($type!='backend') + { + require_once(DIRBASE.'/views/xml.php'); + $title = ucwords($type); + build_xml_page($data, $title); + header('Location: '.BASEURL.'tmp/'.$title.'.xml'); + } + header('Content-type: text/xml'); + if($type=='backend') echo $xmlout; //xml backend access for nagios fusion + #$output = build_xml_data($data, $title); break; - case 'null': - - break; + } print $output; } -function process_state_filter($filter_str) -{ - $ret_filter = NULL; - $filter_str = strtoupper($filter_str); - $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL', - 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED'); - if (in_array($filter_str, $valid_states)) - { - $ret_filter = $filter_str; - } - return $ret_filter; -} -function process_name_filter($filter_str) { - //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG - $filter_str = strtolower(rawurldecode($filter_str)); - return $filter_str; -} - -function process_objtype_filter($filter_str) -{ - $ret_filter = NULL; - $filter_str = strtolower($filter_str); - $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', - 'timeperiods', 'contacts', 'contactgroups', 'commands'); - if (in_array($filter_str, $valid_objtypes)) - { - $ret_filter = $filter_str; - } - return $ret_filter; -} - - function mode_header($mode) { $retval = ''; @@ -243,169 +200,8 @@ return $retval; } -function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL) -{ - global $NagiosData; - $data = $NagiosData->getProperty($type); - $data_in = $data; - if ($state_filter) - { - if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states - { - $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in), - get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in), - get_by_state('DOWN', $data_in)); - if($state_filter == 'UNHANDLED') //filter down problem array - { - //loop and return array - $unhandled = array(); - foreach($data as $d) - { - if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d; - } - $data = $unhandled; - }//end unhandled if - if($state_filter == 'ACKNOWLEDGED') - { - //loop and return array - $acknowledged = array(); - foreach($data as $d) - { - if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d; - } - $data = $acknowledged; - }//end acknowledged if - } - else - { - $data = get_by_state($state_filter, $data); - } - } - if ($name_filter) - { - $name_data = get_by_name($name_filter, $data); - $service_data = get_by_name($name_filter, $data, 'service_description'); - $data = $name_data; - foreach ($service_data as $i => $service) - { - if (!isset($data[$i])) { $data[$i] = $service; } - } - } - //var_dump($data); - return $data; -} - -function hosts_and_services_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - list($start, $limit) = get_pagination_values(); - $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); - include_once(DIRBASE.'/views/'.$type.'.php'); - $display_function = 'display_'.$type; - $retval = $display_function($data, $start, $limit); - break; - } - return $retval; -} - -function hostgroups_and_servicegroups_data($type, $name_filter=NULL) -{ - include_once(DIRBASE.'/views/'.$type.'.php'); - $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data'; - $data = $data_function(); - if ($name_filter) - { - - // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc... - $name = preg_quote($name_filter, '/'); - $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);')); - // XXX is there a better way? - foreach ($match_keys as $key) - { - unset($data[$key]); - } - } - return $data; -} - -function hostgroups_and_servicegroups_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); - $display_function = 'display_'.$type; - $retval = $display_function($data); - break; - } - return $retval; -} - -function host_and_service_detail_data($type, $name) -{ - $data_function = 'process_'.preg_replace('/detail/', '_detail', $type); - $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG - return $data; -} - -function host_and_service_detail_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - require_once(DIRBASE.'/views/'.$type.'s.php'); - $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s'; - $retval = $display_function($data); - break; - } - return $retval; -} - -function object_data($objtype_filter, $name_filter) -{ - $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', - 'timeperiods', 'contacts', 'contactgroups', 'commands'); - - if (in_array($objtype_filter, $valid_objtype_filters)) { - global $NagiosData; - $data = $NagiosData->getProperty($objtype_filter); - - if ($name_filter) - { - $name_data = get_by_name($name_filter, $data); - $service_data = get_by_name($name_filter, $data, 'service_description'); - - $data = $name_data; - foreach ($service_data as $i => $service) - { - if (!isset($data[$i])) { $data[$i] = $service; } - } - } - } - return $data; -} - -function object_output($objtype_filter, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - include(DIRBASE.'/views/config_viewer.php'); - $retval = build_object_list($data, $objtype_filter); - break; - } - return $retval; -} - - function get_pagination_values() { $start = isset($_GET['start']) ? htmlentities($_GET['start']) : 0; @@ -420,34 +216,10 @@ return array($start, $limit); } -//////////////////////////////////////////////////////////// -//$username is obtained from $_SERVER authorized user for nagios -// -function set_perms($username) -{ - global $NagiosData; - $permissions = $NagiosData->getProperty('permissions'); - foreach($permissions as $key => $array)//perms = array('system_information' - { - foreach($array as $user) - { - if($user == $username || $user == '*') - { - //print "authorizing $username"; - authorize($key); - } - } - } -} -////////////////////////////////////////////////////// -// -//activates authorization for user. See authorizations.inc.php for auth list -// -function authorize($auth) //sets global permission -{ - global $authorizations; //global authorization array controller - $authorizations[$auth] = 1; -} + + + + ?> Modified: nagiosvshell/trunk/vshell/controllers/controllers.inc.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/controllers.inc.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/controllers/controllers.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -53,5 +53,8 @@ include(dirname(__FILE__).'/controller.php'); include(dirname(__FILE__).'/authorizations.inc.php'); include(dirname(__FILE__).'/status_functions.php'); +include(dirname(__FILE__).'/output_functions.inc.php'); +include(dirname(__FILE__).'/filtering_functions.inc.php'); +include(dirname(__FILE__).'/data_functions.inc.php'); ?> Added: nagiosvshell/trunk/vshell/controllers/data_functions.inc.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/data_functions.inc.php (rev 0) +++ nagiosvshell/trunk/vshell/controllers/data_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -0,0 +1,131 @@ +<?php //data_functions.inc.php + + + + + +function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL) +{ + global $NagiosData; + global $NagiosUser; + $data = $NagiosData->getProperty($type); + + + //add filter for user-level filtering + if(!$NagiosUser->is_admin()) { + //print $type; + $data = user_filtering($data,$type); + } + + $data_in = $data; + + if ($state_filter) + { + if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states + { + + $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in), + get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in), + get_by_state('DOWN', $data_in)); + if($state_filter == 'UNHANDLED') //filter down problem array + { + //loop and return array + $unhandled = array(); + foreach($data as $d) + { + if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d; + } + $data = $unhandled; + }//end unhandled if + if($state_filter == 'ACKNOWLEDGED') + { + //loop and return array + $acknowledged = array(); + foreach($data as $d) + { + if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d; + } + $data = $acknowledged; + }//end acknowledged if + } + else + { + $data = get_by_state($state_filter, $data); + } + } + if ($name_filter) + { + $name_data = get_by_name($name_filter, $data); + $service_data = get_by_name($name_filter, $data, 'service_description'); + $data = $name_data; + foreach ($service_data as $i => $service) + { + if (!isset($data[$i])) { $data[$i] = $service; } + } + } + //var_dump($data); + return $data; +} + + + +function host_and_service_detail_data($type, $name) +{ + $data_function = 'process_'.preg_replace('/detail/', '_detail', $type); + $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG + + $data = user_filtering($data,$type); + + return $data; +} + + + +function hostgroups_and_servicegroups_data($type, $name_filter=NULL) +{ + include_once(DIRBASE.'/views/'.$type.'.php'); + $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data'; + $data = $data_function(); + if ($name_filter) + { + + // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc... + $name = preg_quote($name_filter, '/'); + $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);')); + // XXX is there a better way? + foreach ($match_keys as $key) + { + unset($data[$key]); + } + } + return $data; +} + +function object_data($objtype_filter, $name_filter) +{ + $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', + 'timeperiods', 'contacts', 'contactgroups', 'commands'); + + if (in_array($objtype_filter, $valid_objtype_filters)) { + global $NagiosData; + $data = $NagiosData->getProperty($objtype_filter); + $data = user_filtering($data,$objtype_filter); + + if ($name_filter) + { + $name_data = get_by_name($name_filter, $data); + $service_data = get_by_name($name_filter, $data, 'service_description'); + + $data = $name_data; + foreach ($service_data as $i => $service) + { + if (!isset($data[$i])) { $data[$i] = $service; } + } + } + } + return $data; +} + + + +?> \ No newline at end of file Added: nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php (rev 0) +++ nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -0,0 +1,67 @@ +<?php //filtering_functions.inc.php + + + + +function user_filtering($data,$type) +{ + global $NagiosUser; + $new_data = array(); + //rebuild array for auth hosts + if($type=='hosts') { + foreach($data as $d) { + //echo $d['host_name']; + if($NagiosUser->is_authorized_for_host($d['host_name']) ) $new_data[] = $d; + + } + } + //rebuild array for auth services + if($type=='services') { + foreach($data as $d) { + //print "<pre>".print_r($d,true)."</pre>"; + if($NagiosUser->is_authorized_for_service($d['host_name'],$d['service_description'])) $new_data[] = $d; + //die(); + } + } + return $new_data; + +} + + +function process_state_filter($filter_str) +{ + $ret_filter = NULL; + $filter_str = strtoupper($filter_str); + $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL', + 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED'); + + + if (in_array($filter_str, $valid_states)) + { + $ret_filter = $filter_str; + } + return $ret_filter; +} + +function process_name_filter($filter_str) { + //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG + $filter_str = strtolower(rawurldecode($filter_str)); + return $filter_str; +} + +function process_objtype_filter($filter_str) +{ + $ret_filter = NULL; + $filter_str = strtolower($filter_str); + $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', + 'timeperiods', 'contacts', 'contactgroups', 'commands'); + if (in_array($filter_str, $valid_objtypes)) + { + $ret_filter = $filter_str; + } + return $ret_filter; +} + + + +?> \ No newline at end of file Added: nagiosvshell/trunk/vshell/controllers/output_functions.inc.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/output_functions.inc.php (rev 0) +++ nagiosvshell/trunk/vshell/controllers/output_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -0,0 +1,64 @@ +<?php //output_functions.inc.php + +function object_output($objtype_filter, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + include(DIRBASE.'/views/config_viewer.php'); + $retval = build_object_list($data, $objtype_filter); + break; + } + return $retval; +} + + + +function host_and_service_detail_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + require_once(DIRBASE.'/views/'.$type.'s.php'); + $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s'; + $retval = $display_function($data); + break; + } + return $retval; +} + + +function hostgroups_and_servicegroups_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); + $display_function = 'display_'.$type; + $retval = $display_function($data); + break; + } + return $retval; +} + + +function hosts_and_services_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + list($start, $limit) = get_pagination_values(); + $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); + include_once(DIRBASE.'/views/'.$type.'.php'); + $display_function = 'display_'.$type; + $retval = $display_function($data, $start, $limit); + break; + } + return $retval; +} + +?> \ No newline at end of file Modified: nagiosvshell/trunk/vshell/controllers/status_functions.php =================================================================== --- nagiosvshell/trunk/vshell/controllers/status_functions.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/controllers/status_functions.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -66,12 +66,14 @@ function get_state_of($type, $array=NULL) //create host or service arrays by status { global $NagiosData; + global $NagiosUser; if($type == 'services') { $state_counts = array('OK'=>0, 'WARNING'=>0, 'CRITICAL'=>0, 'UNKNOWN'=>0, 'PENDING'=>0); if (is_null($array)) { $array = $NagiosData->getProperty('services'); + } } elseif($type == 'hosts') @@ -88,8 +90,18 @@ foreach($array as $a) { - $state_counts[$a['current_state']]++; + if($type=='services') + { + if($NagiosUser->is_authorized_for_service($a['host_name'],$a['service_description'])) + $state_counts[$a['current_state']]++; + } + if($type=='hosts') + { + if($NagiosUser->is_authorized_for_host($a['host_name'])) + $state_counts[$a['current_state']]++; + } } + return $state_counts; } Modified: nagiosvshell/trunk/vshell/data/NagiosData.php =================================================================== --- nagiosvshell/trunk/vshell/data/NagiosData.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/NagiosData.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -53,11 +53,15 @@ { // Hold an instance of the class private static $instance; + + // Storage for all necessary variables. Replaces the many globals + protected $_vars; protected static $property_list = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', 'contacts', 'contactgroups', 'timeperiods', 'commands', 'hosts', 'services', 'comments', 'info', - 'details', 'permissions', 'hostgroups', 'servicegroups', 'program'); + 'details', 'permissions', 'hostgroups', 'servicegroups', 'program', + 'hostescalations','serviceescalations','hostdependencys','servicedependencys'); /* Return, and build as necessary, the singleton to store nagios data * @@ -74,6 +78,12 @@ self::$instance->__update(); return self::$instance; } + + + public function dumpVars() + { + return $this->_vars; + } /* General purpose "getter" for protected properties * @@ -175,15 +185,13 @@ $disk_cache_keys = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', 'contacts', 'contactgroups', 'timeperiods', 'commands', 'hostgroups', - 'servicegroups', 'program'); - self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, - $disk_cache_keys)); + 'servicegroups', 'program','hostescalations','serviceescalations', + 'hostdependencys','servicedependencys'); + self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, $disk_cache_keys)); - self::$instance->_set_vars(cache_or_disk('perms', CGICFG, - array('permissions'))); + self::$instance->_set_vars(cache_or_disk('perms', CGICFG, array('permissions'))); - self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, - array('hosts', 'services', 'comments', 'info', 'details', 'program'))); + self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, array('hosts', 'services', 'comments', 'info', 'details', 'program'))); } @@ -199,6 +207,7 @@ } else { // XXX Do something better here //fb($var, "Invalid property"); + echo "invalid property <pre>".print_r($var,true)." ".print_r($value,true)." </pre>"; } } @@ -222,8 +231,7 @@ trigger_error('Singleton', E_USER_ERROR); } - // Storage for all necessary variables. Replaces the many globals - protected $_vars; + } ?> Added: nagiosvshell/trunk/vshell/data/NagiosUser.php =================================================================== --- nagiosvshell/trunk/vshell/data/NagiosUser.php (rev 0) +++ nagiosvshell/trunk/vshell/data/NagiosUser.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -0,0 +1,443 @@ +<?php //NagiosUser.php nagios user class to handle authorized hosts, services, and admin functionality + + + + +class NagiosUser +{ + /* + * boolean for users who can see and access all features + * @var boolean $admin + */ + protected $admin = false; + + /* + * boolean for viewing all hosts and services + * @var boolean $sees_all + */ + protected $sees_all = false; + + /** + * array for storing global authorizations from cgi file + * @var mixed $authKeys + */ + protected $authKeys = array( + 'authorized_for_all_host_commands' => false, + 'authorized_for_all_hosts' => false, + 'authorized_for_all_service_commands' => false, + 'authorized_for_all_services' => false, + 'authorized_for_configuration_information' => false, + 'authorized_for_system_commands' => false, + 'authorized_for_system_information' => false, + 'authorized_for_read_only' => true, + ); + + /** + * MAIN AUTH ARRAY + * @var mixed $authHosts + */ + protected $authHosts = array(); //see below for array structure + /* + $authHosts = + array ( 'localhost' => array( + 'host_name' => 'localhost', + 'all_services' => true | false, + 'services' => array( 0 => service1 + 1 => service2 + 3 => service3 + ) + ) + */ + /** + * contactgroup memberships + * @var mixed $cg_memberships + */ + protected $cg_memberships = array(); + + /** + * current user + * @var string username + */ + protected $username; + + /** + * constructor initializes authorized hosts and services and determines global privileges + * @TODO cache data and move towards session auth so this info gets updated upon login and restart of Nagios + */ + function __construct() { + + if(!$this->get_user()) exit('Access Denied: No authentication detected.'); + //build main authKeys array (cgi.cfg settings) + $this->set_perms(); + //check if user can see everything + $this->admin = $this->determine_admin(); + + //if user level account, determin authorized objects for object filtering + if(!$this->admin) { + //check fo see if user can see all hosts and services + $this->sees_all = ($this->authKeys['authorized_for_all_hosts'] == true && $this->authKeys['authorized_for_all_services']) ? true : false; + //build auth objects array + $this->build_authorized_objects(); + } + //print_r($this->authHosts); + + } + + /** + * determines authorized user, checks for hard-coded name, then Basic Auth, then Digest auth. Sets $this->username + * @global string $username + * @return string $this->username + */ + private function get_user() + { + global $username; //some users have requested to turn off authentication or user other methods, this allows override and backwards compatibility + //allow for basic auth override for backwards compatibility with early versions of V-Shell + if($username) + { + $this->username = $username; + } + // HTTP BASIC AUTHENTICATION through Nagios Core or XI + //$remote_user=""; + elseif(isset($_SERVER["REMOTE_USER"])) + { + $remote_user=$_SERVER["REMOTE_USER"]; + //echo "REMOTE USER is set: $remote_user<br />"; + $this->username = $remote_user; + } + //digest authentication + elseif(isset($_SERVER['PHP_AUTH_USER'])) + { + //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER']; + $this->username = $_SERVER['PHP_AUTH_USER']; + } + + if(!$this->username) + return false; + else return $this->username; + + } + + /** + * username is obtained from @global $_SERVER authorized user for nagios + * @TODO: make this better. All auth stuff needs to be handled here, no more global authorizations array + * @global mixed $NagiosData + */ + private function set_perms() + { + global $NagiosData; + $permissions = $NagiosData->getProperty('permissions'); + + foreach($permissions as $key => $array) { + foreach($array as $user) { //look for wildcard + if($user == $this->username || $user == '*') $this->authorize($key); + } + } + } + + /** + * sets authorization for user, also sets global $authorizations. See authorizations.inc.php for auth list + * @TODO replace @global $authorizations array and encapsulate this in user object + * @global mixed $authorizations array + */ + private function authorize($auth) //sets global permission + { + global $authorizations; //global authorization array controller + $authorizations[$auth] = 1; + $this->authKeys[$auth] = true; //class auth controller + } + + ///////////////get methods /////////////////////// + + /** + * gets list of authorized hosts for user + * @return mixed $authHosts array of all authorized hosts and services + */ + public function get_authorized_hosts() { + return $this->authHosts; + } + + /** + * returns username + * @return string $username current user + */ + public function get_username() { + return $this->username; + } + + /** + * returns boolean if user is admin + * @return boolean $admin boolean if user has admin privileges and can see and do everything + */ + public function is_admin() { + return $this->admin; + } + /** + * @return boolean $key authorization key from cgi.cfg file + */ + public function if_has_authKey($key) { + if(isset($this->authKeys[$key])) + return $this->authKeys[$key]; + } + + /** + * @return boolean decide if this user is an admin + */ + private function determine_admin() { + if($this->username == 'nagiosadmin') return true; + foreach($this->authKeys as $key) + { + if($key != true) return false; //if all auth keys are set, user is an admin + } + return true; + + } + + + /** + * sets global auths from cgi.cfg file + * @TODO: move to protected method -> this will replace previous global auths in future versions + * @return null changes cgi.cfg booleans for current NagiosUser + */ + public function setAuthKey($keyname,$value) { + if(isset($this->authKeys[$keyname])) { + $this->authKeys[$keyname] = $value; + } + } + + /** + * tests if user can view host + * @returns boolean + */ + public function is_authorized_for_host($hostname) { + //can user see everything? + if($this->admin == true || $this->sees_all == true) return true; + //user level filtering + if(isset($this->authHosts[$hostname]) && $this->authHosts[$hostname]['all_services']==true ) return true; + + //not authorized + return false; + } + + /** + * tests if user can view service + * @returns boolean + */ + public function is_authorized_for_service($hostname,$service) { + //can user see everything? + if($this->admin == true || $this->sees_all == true) return true; + //user level filtering + if(isset($this->authHosts[$hostname]) && (in_array($service,$this->authHosts[$hostname]['services']) || $this->authHosts[$hostname]['all_services']==true) ) return true; + //not authorized + return false; + } + + + /** /////////////////////////////////////////////////// + * main logic function for user-level filtering, builds $this->authHosts array + * CREATES SINGLE MULTI-D HEIRARCHY ARRAY + * LOGIC: - check for host contacts, and host contactgroups + * - check for host escalations, and hostescalation contactgroups + * - check for service contacts, and service contactgroups + * - check for serviceescalation contacts, then serviceescalation contact groups + * + * ARRAY STRUCTURE + * $authObjects = + * array ( 'localhost' => array( + * 'host_name' => 'localhost', + * 'all_services' => true | false, + * 'services' => array( 0 => service1 + * 1 => service2 + * 3 => service3 ) + * + * ) + * + * @global mixed $NagiosData object.cache array + */ + private function build_authorized_objects() { + global $NagiosData; + + //fetch necessary object config arrays + $hosts = $NagiosData->getProperty('hosts_objs'); + $contactgroups = $NagiosData->getProperty('contactgroups'); + + //find relevant contact groups for user + foreach($contactgroups as $cg) + { + //echo $cg['contactgroup_name']; + if(in_array($this->username,explode(',',$cg['members'])) ) + $this->cg_memberships[] = $cg['contactgroup_name']; //add contactgroup to array if user is a member of it + } + + ///////////////////////////////////HOSTS//////////////////////// + foreach($hosts as $host) + { + //check is user is a direct contact + $key = $host['host_name']; + if(isset($host['contacts']) && in_array($this->username, explode(',',$host['contacts'])) ) + { + $this->authHosts[$key] = array('host_name' => $key, 'all_services' => true, 'services' => array()); + continue; //skip to next host + } + + //if host has contact groups + if(isset($host['contact_groups'])) + { + $cgmems = explode(',',$host['contact_groups']); //members to array + foreach($cgmems as $cg) + { + if(in_array($cg,$this->cg_memberships)) //check if contact group is in user's list of memberships + { + $this->authHosts[$key] = array('host_name' => $key, 'services' => array(), 'all_services' => true ); + break; + } //end IF + + } //end FOREACH contactgroup member + }//end IF contactgroups set + + }//end FOREACH host + + /////////////////////////HOST ESCALATIONS/////////////////////// + //add hosts if user is assigned as a contact or contactgroup member + $this->add_escalated_hosts(); + + ////////////////////////////SERVICES////////////////////////// + //get services objects + $services = $NagiosData->getProperty('services_objs'); + //echo "Services: <br /><pre>".print_r($services,true)."</pre>"; + + foreach($services as $service) + { + $key = $service['host_name']; + //check for authorized host first, if all services are authorized skip ahead + if(isset($this->authHosts[$key]) && $this->authHosts[$key]['all_services'] == true) continue; + + //check for authorization at the service level + if(isset($service['contacts']) && in_array($this->username, explode(',',$service['contacts'])) ) //user is a contact + { + //echo $service['service_description']." : ".$service['contacts']; + //only add the service if it's not already there + if(!isset($this->authHosts[$key])) //if this is set somewhere else, the all_services boolean should already be set + $this->authHosts[$key] = array('host_name' => $key, 'services' =>array($service['service_description']), 'all_services' => false ); + else + { + //only add service if it's not already there + if(!in_array($service['service_description'], $this->authHosts[$key]['services']) && $this->authHosts[$key]['all_services'] == false) + $this->authHosts[$key]['services'][] = $service['service_description']; + } + continue; + } + + //check against contactgroups + if(isset($service['contact_groups']) ) + { + $cgmems = explode(',',$service['contact_groups']); + foreach($cgmems as $cg) + { + if(in_array($cg,$this->cg_memberships)) //user is a contact for service + { + if(!isset($this->authHosts[$key])) //if this is set somewhere else, the all_services boolean should already be set + $this->authHosts[$key] = array('host_name' => $key, 'services' =>array(), 'all_services' => false ); + else + { //add service if it's not already in the array + if(!in_array($service['service_description'], $this->authHosts[$key]['services']) && $this->authHosts[$key]['all_services'] == false) + $this->authHosts[$key]['services'][] = $service['service_description']; + } + break; + } //end IF + } //end FOREACH contactgroup member + } //end IF contactgroups + } //end services FOREACH + + ////////////////////////SERVICE ESCALATIONS///////////////////// + //add services if user is assigned as an escalated contact or contactgroup member + $this->add_escalated_services(); + + }//end function build_authorized_objects() + + + /** + * sweeps through host escalation definitions and adds to authHosts as needed + * @global mixed $NagiosData object.cache array + */ + private function add_escalated_hosts() + { + global $NagiosData; + + $host_escs = $NagiosData->getProperty('hostescalations'); + foreach($host_escs as $he) //loop through all host escalations + { + //check for authorized host first, skip ahead if it + if(isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) continue; + + //check if user is a contact for escalation + if(in_array($this->username,explode(',',$he['contacts'])) ) //if user is in list of contacts + { //add host if not already there, or if it's there but not all services are authorized + if(!isset($this->authHosts[$he['host_name']]) || (isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) ) //don't overwrite existing arrays + $this->authHosts[$he['host_name']] = array('host_name' => $he['host_name'], 'services' => array(), 'all_services' => true ); + //do nothing if host is already authorized + continue; //no need to check contactgroups + } + //check if user's contactgroups are in the list + if(isset($he['contact_groups'])) + { + //compare arrays + $matches = array_intersect(explode(',',$he['contact_groups']),$this->cg_memberships); + if(!empty($matches)) // push host list into authHosts array + { + if(!isset($this->authHosts[$he['host_name']]) || (isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) ) //don't overwrite existing arrays + $this->authHosts[$he['host_name']] = array('host_name' => $he['host_name'], 'services' => array(), 'all_services' => true ); + //do nothing if host is already fully authorized + } + }//end IF contactgroup + }//end hostescalation loop + }//end add_escalated_hosts() + + /** + * sweeps through escalation definitions and adds to $authHosts as needed + * sort through all service escalations in objects.cache and push appropriate services onto array stack + * NOTE host_name and service_descriptions are not comma delineated in objects.cache, all single definitions + * @global mixed $NagiosData object.cache array + */ + private function add_escalated_services() + { + global $NagiosData; + //fetch escalations array + $serv_escs = $NagiosData->getProperty('serviceescalations'); + foreach($serv_escs as $se) //loop through all host escalations + { + //skip ahead if all services are already authorized for host + if(isset($this->authHosts[$se['host_name']]) && $this->authHosts[$se['host_name']]['all_services'] == true) continue; + + //check if user is a contact for escalation + if(isset($se['contacts']) && in_array($this->username, explode(',',$se['contacts'])) ) //if user is in list of contacts + { + //check to see if host key exists in the array + if(!isset($this->authHosts[$se['host_name']])) //don't overwrite existing arrays + $this->authHosts[$se['host_name']] = array('host_name' => $se['host_name'], 'all_services'=> false, 'services' => array($se['service_description']) ); + else //if it exists, push services onto array stack, services array should already be there + $this->authHosts[$se['host_name']]['services'][] = $se['service_description']; + + continue; //no need to check contactgroups if defined as contact + } + + //check if user's contactgroups are in the list + if(isset($se['contact_groups'])) + { + //compare arrays + $matches = array_intersect(explode(',',$se['contact_groups']),$this->cg_memberships); + if(!empty($matches)) + { //check to see if array key exists yet + if(!isset($this->authHosts[$se['host_name']]) ) //don't overwrite existing arrays + $this->authHosts[$se['host_name']] = array('host_name' => $se['host_name'], 'services' => array($se['service_description']),'all_services'=>false ); + else //if it exists, push services onto array stack + $this->authHosts[$se['host_name']]['services'][] = $se['service_description']; //object.cache separates services into individual defs + } + }//end IF contactgroups + }//end foreach service escalation + }//end method add_escalated_services() + +} ///////////////////end NagiosUser class //////////////////////// + + + +?> \ No newline at end of file Modified: nagiosvshell/trunk/vshell/data/build_groups.php =================================================================== --- nagiosvshell/trunk/vshell/data/build_groups.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/build_groups.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -56,12 +56,21 @@ function build_hostgroup_details($group_members) //make this return the totals array for hosts and services { global $NagiosData; + global $NagiosUser; + $hosts = $NagiosData->getProperty('hosts'); + +// //add filter for user-level filtering +// if(!$NagiosUser->is_admin()) { + //print $type; +// $hosts = user_filtering($hosts,'hosts'); +// } $hostgroup_details = array(); foreach($group_members as $member) { - $hostgroup_details[] = $hosts[$member]; + if($NagiosUser->is_authorized_for_host($member)) //user-level filtering + $hostgroup_details[] = $hosts[$member]; } return $hostgroup_details; @@ -74,17 +83,21 @@ function build_host_servicegroup_details($group_members) { global $NagiosData; + global $NagiosUser; $hosts = $NagiosData->getProperty('hosts'); + $servicegroup_details = array(); foreach($group_members as $member) { - if (isset($hosts[$member]['services'])) + if($NagiosUser->is_authorized_for_host($member)) //user-level filtering { - foreach ($hosts[$member]['services'] as $service) - { - $servicegroup_details[] = $service; - } + if (isset($hosts[$member]['services'])) + foreach ($hosts[$member]['services'] as $service) + { + if($NagiosUser->is_authorized_for_service($member,$service)) //user-level filtering + $servicegroup_details[] = $service; + } } } return $servicegroup_details; @@ -166,9 +179,11 @@ function build_servicegroups_array() { global $NagiosData; + global $NagiosUser; $servicegroups = $NagiosData->getProperty('servicegroups'); $services = $NagiosData->getProperty('services'); - + $services = user_filtering($services,'services'); + $servicegroups_details = array(); //multi-dim array to hold servicegroups foreach($servicegroups as $groupname => $member) { Modified: nagiosvshell/trunk/vshell/data/data.inc.php =================================================================== --- nagiosvshell/trunk/vshell/data/data.inc.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/data.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -58,7 +58,8 @@ require_once('data_utils.php'); require_once('NagiosData.php'); -$NagiosData = NagiosData::singleton(); +require_once('NagiosUser.php'); + require_once('get_tac_data.php'); require_once('build_groups.php'); Modified: nagiosvshell/trunk/vshell/data/get_tac_data.php =================================================================== --- nagiosvshell/trunk/vshell/data/get_tac_data.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/get_tac_data.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -56,6 +56,8 @@ //print "<br /><br /><br /><br />"; global $username; global $NagiosData; + global $NagiosUser; + $now = time(); $info = $NagiosData->getProperty('info'); $program = $NagiosData->getProperty('program'); @@ -81,7 +83,7 @@ 'hostlink' => htmlentities(BASEURL.'index.php?type=hosts&state_filter='), //host counts - 'hostsTotal' => ($hoststates['UP'] + $hoststates['DOWN'] + $hoststates['UNREACHABLE']), + 'hostsTotal' => ($hoststates['UP'] + $hoststates['DOWN'] + $hoststates['UNREACHABLE'] +$hoststates['PENDING']), 'hostsUpTotal' => $hoststates['UP'], 'hostsDownTotal' => $hoststates['DOWN'], 'hostsUnreachableTotal' => $hoststates['UNREACHABLE'], @@ -135,6 +137,7 @@ 'servicesWarningDisabled' => 0, 'servicesCriticalDisabled' => 0, 'servicesUnknownDisabled' => 0, + 'servicesTotalDisabled' => 0, 'servicesPending' => 0, 'servicesPendingDisabled' => 0, 'servicesWarningHostProblem' => 0, @@ -165,6 +168,8 @@ $hostStates = array(NULL, 'Down', 'Unreachable'); // used in tracking host states foreach($hosts as $h) { + if(!$NagiosUser->is_authorized_for_host($h['host_name'])) continue; //user-level filtering + //html specific data if($h['flap_detection_enabled'] != 1) $tac_data['hostsFlappingDisabled']++; if($h['is_flapping'] == 1) $tac_data['hostsFlapping']++; @@ -201,7 +206,8 @@ $serviceStates = array(NULL, 'Warning', 'Critical', 'Unknown'); // used in tracking service states foreach($services as $s) { - + if(!$NagiosUser->is_authorized_for_service($s['host_name'],$s['service_description'])) continue; + //html specific data if($s['flap_detection_enabled'] != 1) $tac_data['servicesFlappingDisabled']++; if($s['is_flapping'] == 1) $tac_data['servicesFlapping']++; @@ -214,7 +220,7 @@ $current_host = $h_states[$s['host_name']]; if($s['last_check'] == 0 && $s['active_checks_enabled'] == 1) { $tac_data['servicesPending']++; continue; } //pending if($s['last_check'] == 0 && $s['active_checks_enabled'] == 0) { $tac_data['servicesPendingDisabled']++; continue; } //pending - if($s['active_checks_enabled'] == 0) $tac_data['servicesDisabled']++; + if($s['active_checks_enabled'] == 0) $tac_data['servicesTotalDisabled']++; switch($s['current_state']) { case 0: Modified: nagiosvshell/trunk/vshell/data/read_objects.php =================================================================== --- nagiosvshell/trunk/vshell/data/read_objects.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/read_objects.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -91,7 +91,7 @@ case 'service': $object_collector[typemap('host')][$kvp['host_name']]['services'][] = $kvp; $object_collector[typemap($curdeftype)][] = $kvp; - break; + break; default: $object_collector[typemap($curdeftype)][] = $kvp; @@ -125,7 +125,7 @@ $retval = NULL; if (in_array($type, array('host', 'service', 'hostgroup', 'servicegroup'))) { $retval = $type.'s_objs'; - } elseif (in_array($type, array('contact', 'contactgroup', 'timeperiod', 'command'))) { + } elseif (in_array($type, array('contact', 'contactgroup', 'timeperiod', 'command','hostescalation','serviceescalation','hostdependency','servicedependency'))) { $retval = $type.'s'; } else { // TODO other types? } Modified: nagiosvshell/trunk/vshell/data/read_perms.php =================================================================== --- nagiosvshell/trunk/vshell/data/read_perms.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/data/read_perms.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -74,7 +74,7 @@ $permusers = explode(',', $userlist); array_walk($permusers, create_function('&$v', 'trim($v);')); - $perms[$perm] = $permusers; + $perms[$actual_perm] = $permusers; //XXX move all to NagiosUser in future versions } } Modified: nagiosvshell/trunk/vshell/index.php =================================================================== --- nagiosvshell/trunk/vshell/index.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/index.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -55,24 +55,27 @@ session_start(); //no need for sessions at this time ob_start(); +$username = false; +//////////////USE TO OVERRIDE APACHE AUTHENTICATION LOGIC: /////////////////////////////// +//////////UNCOMMENTING THIS WILL LEAVE YOUR MONITORING ENVIRONMENT WIDE OPEN!!! /////////////////////////// +//$username = 'nagiosadmin'; + + include(dirname(__FILE__).'/inc.inc.php'); //master include file +//load language and other sitewide settings init_vshell(); -$page_title = 'Nagios Visual Shell'; - -//check_auth() needs to be revised to include other auth types and contact viewing of hosts -$username = get_user(); - -//$username = 'nagiosadmin'; //uncomment this to only use apache authentication methods - - -if($username) //if logged in, display the page +//needs a username to do anything +if($username) //if logged in, display the page { - set_perms($username); //set global $authorization + //set_perms($username); //set global $authorization page_router(); } +//$hosts = $NagiosData->getProperty('hosts_objs'); +//$hosts = $NagiosUser->get_authorized_hosts(); +//echo "<pre>".print_r($hosts,true)."</pre>"; ob_end_flush(); ?> Modified: nagiosvshell/trunk/vshell/session.inc.php =================================================================== --- nagiosvshell/trunk/vshell/session.inc.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/session.inc.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -1,5 +1,13 @@ <?php //user authentication + +//initialize main classes +$NagiosData = NagiosData::singleton(); +$NagiosUser = new NagiosUser(); + + + + //initializes all session variables as neccessary function init_vshell() { @@ -16,33 +24,12 @@ textdomain(LANG); + + } -function get_user() //return $username if logged into nagios -{ - // HTTP BASIC AUTHENTICATION through Nagios Core or XI - //$remote_user=""; - if(isset($_SERVER["REMOTE_USER"])) - { - $remote_user=$_SERVER["REMOTE_USER"]; - //echo "REMOTE USER is set: $remote_user<br />"; - return $remote_user; - } - //digest authentication - elseif(isset($_SERVER['PHP_AUTH_USER'])) - { - //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER']; - return $_SERVER['PHP_AUTH_USER']; - } - else - { - echo "Access Denied: No authentication detected."; - return false; - } - -} Modified: nagiosvshell/trunk/vshell/views/config_viewer.php =================================================================== --- nagiosvshell/trunk/vshell/views/config_viewer.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/views/config_viewer.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -6,12 +6,9 @@ // $arg is the argument taken from the browser. example object=services_objs function build_object_list($data, $arg) //expecting arrays from read_objects.php file { - global $authorizations; - $count = 0; + $count = 0; $object_list = ''; - - $name_filter = isset($_GET['name_filter']) ? htmlentities($_GET['name_filter']) : ''; $objtype_filter = isset($_GET['objtype_filter']) ? htmlentities($_GET['objtype_filter']) : ''; $type = isset($_GET['type']) ? htmlentities($_GET['type']) : ''; @@ -41,20 +38,14 @@ switch($arg) { case 'hosts_objs': - if($authorizations['configuration_information']==1) - { $name=$a['host_name']; $linkkey = 'host'.$a['host_name']; #$link = htmlentities(BASEURL.'index.php?cmd=gethostdetail&arg='.$name); $link = htmlentities(BASEURL.'index.php?type=hostdetail&name_filter='.$name); $title = gettext('Host').": <a href='$link' title='Host Details'>$name</a>"; - } - //else{ continue; } break; case 'services_objs': - if($authorizations['configuration_information']==1) - { $count++; $name=$a['service_description']; $linkkey = 'service'.$count; @@ -65,74 +56,54 @@ $link = htmlentities(BASEURL.'index.php?type=servicedetail&name_filter='.$linkkey); $title = gettext('Host').": <a href='$hlink' title='Host Details'>$host</a> ".gettext('Service').":<a href='$link' title='Service Details'>$name</a>"; - } + break; case 'commands': - if(($authorizations['host_commands']==1 && $authorizations['service_commands']) - ||$authorizations['system_commands']==1 ) - { $name=$a['command_name']; $title = gettext('Command').": $name"; $linkkey = $name; - } break; case 'hostgroups_objs': - if($authorizations['configuration_information']==1) - { $name=$a['hostgroup_name']; $title = gettext('Group Name').": $name"; $linkkey = 'hg'.$name; - } break; case 'servicegroups_objs': - if($authorizations['configuration_information']==1) - { $name=$a['servicegroup_name']; $title = gettext('Group Name').": $name"; $linkkey = 'sg'.$name; - } break; case 'timeperiods': - if($authorizations['configuration_information']==1) - { $name=$a['timeperiod_name']; $title = gettext('Timeperiod').": $name"; $linkkey = 'tp'.$name; - } break; case 'contacts': - if($authorizations['configuration_information']==1) - { $name=$a['contact_name']; $title = gettext('Contact').": $name"; $linkkey = $name; - } break; case 'contactgroups': - if($authorizations['configuration_information']==1) - { $name=$a['contactgroup_name']; $title = gettext('Contact Group').": $name"; $linkkey = $name; - } break; default: - $title = gettext('Access Denied').'<br />'; - $linkkey = gettext('You do not have permissions to view this information'); + $title = gettext('Access Denied').'<br />'; + $linkkey = gettext('You do not have permissions to view this information'); break; } $id = preg_replace('/[\. ]/', '_', $linkkey); //replacing dots with underscores #$id = preg_replace('/\ /', '_', $id); //replacing spaces with underscores - //using HEREDOC string syntax $confighead=" <li class='configlist'>{$title} <a class='label' onclick='showHide(\"{$id}\")' href='javascript:void(0)'> Modified: nagiosvshell/trunk/vshell/views/display_functions.php =================================================================== --- nagiosvshell/trunk/vshell/views/display_functions.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/views/display_functions.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -58,18 +58,9 @@ // function build_nav_links() //build page links based on user's permission level { - global $authorizations; + global $NagiosUser; - $keys = array(); - foreach($authorizations as $key => $value) - { - //echo "$key : $value <br />"; - if($value == 1) //if permission is set - { - $keys[$key] = 1; - } - } - //print_r($keys); + //generate links based on permissions $base = BASEURL.'index.php?'; @@ -78,18 +69,14 @@ $navlinks .= '<ul class="nav">'; $navlinks .= '<li class="nav"><a href="index.php" class="nav" rel="internal">'.gettext('Tactical Overview').'</a></li>'; //default tactical overview link - if(isset($keys['hosts'], $keys['services'])) - { - $navlinks .= "<li class='nav'><a href='".$base."type=hosts' class='nav' rel='internal'>".gettext('Hosts')."</a></li>"; //hosts - $navlinks .= "<li class='nav'><a href='".$base."type=services' class='nav' rel='internal'>".gettext('Services')."</a></li>"; //services - $navlinks .= "<li class='nav'><a href='".$base."type=hostgroups' class='nav' rel='internal'>".gettext('Hostgroups')."</a></li>"; //hostgroups - $navlinks .= "<li class='nav'><a href='".$base."type=servicegroups' class='nav' rel='internal'>".gettext('Servicegroups')."</a></li>"; //servicegroups - } - - + $navlinks .= "<li class='nav'><a href='".$base."type=hosts' class='nav' rel='internal'>".gettext('Hosts')."</a></li>"; //hosts + $navlinks .= "<li class='nav'><a href='".$base."type=services' class='nav' rel='internal'>".gettext('Services')."</a></li>"; //services + $navlinks .= "<li class='nav'><a href='".$base."type=hostgroups' class='nav' rel='internal'>".gettext('Hostgroups')."</a></li>"; //hostgroups + $navlinks .= "<li class='nav'><a href='".$base."type=servicegroups' class='nav' rel='internal'>".gettext('Servicegroups')."</a></li>"; //servicegroups + /////////////OBJECT VIEWS - if(isset($keys['configuration_information'])) //assuming full admin + if($NagiosUser->if_has_authKey('authorized_for_configuration_information')) //assuming full admin { $navlinks .= "<li class='nav'><a class='nav' onmouseover='showDropdown(\"confDrop\")' onmouseout='hideDropdown(\"confDrop\")' href='javascript:void(0)'>".gettext('Configurations')."</a> <div onmouseover='showDropdown(\"confDrop\")' onmouseout='hideDropdown(\"confDrop\")' id='confDrop'><ul>"; @@ -105,7 +92,7 @@ $navlinks .= "<li><a class='nav' href='".$base."type=object&objtype_filter=contactgroups'>".gettext('Contactgroups')."</a></li>\n"; //contactgroups //COMMAND VIEW - if(isset($keys['host_commands'],$keys['service_commands'], $keys['system_commands'])) + if($NagiosUser->is_admin()) { //make link for commands $navlinks .= "<li><a href='".$base."type=object&objtype_filter=commands' class='nav'>".gettext('Commands')."</a></li>\n"; //commands config @@ -115,7 +102,7 @@ } //Nagios Core System links dropdown menu - if(isset($keys['system_commands'])) + if($NagiosUser->if_has_authKey('authorized_for_system_commands')) { $navlinks .= "<li class='nav'><a class='nav' onmouseover='showDropdown(\"sysDrop\")' onmouseout='hideDropdown(\"sysDrop\")' href='javascript:void(0)'>".gettext('System Commands')."</a> Modified: nagiosvshell/trunk/vshell/views/header.php =================================================================== --- nagiosvshell/trunk/vshell/views/header.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/views/header.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -51,7 +51,7 @@ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -function display_header($page_title) +function display_header($page_title='Nagios Visual Shell') { $js_path = BASEURL.'js/'; $jquery_path = $js_path.'jquery-1.4.4.min.js'; Modified: nagiosvshell/trunk/vshell/views/hostgroups.php =================================================================== --- nagiosvshell/trunk/vshell/views/hostgroups.php 2011-09-16 10:22:24 UTC (rev 1808) +++ nagiosvshell/trunk/vshell/views/hostgroups.php 2011-09-19 16:54:59 UTC (rev 1809) @@ -53,17 +53,29 @@ function get_hostgroup_data() { global $NagiosData; + global $NagiosUser; + $hostgroups = $NagiosData->getProperty('hostgroups'); $hosts = $NagiosData->getProperty('hosts'); $hostgroup_data = array(); - foreach ($hostgroups as $group => $members) { + foreach ($hostgroups as $group => $members) + { + + $hostgroup_data[$group] = array( 'member_data' => array(), 'host_counts' => get_state_of('hosts', build_hostgroup_details($members)), 'service_counts' => get_state_of('services', build_host_servicegroup_details($members)) ); + + //skip ahead if there are no authorized hosts + if(array_sum($hostgroup_data[$group]['host_counts'])==0) continue; //skip empty groups + foreach ($members as $member) { + + if(!$NagiosUser->is_authorized_for_host($member)) continue; //user-level filtering + $host = $ho... [truncated message content] |