Menu
▾
▴
[Nagios-checkins] SF.net SVN: nagios:[1809] nagiosvshell/trunk/vshell
|
From: <mgu...@us...> - 2011-09-19 16:55:06
|
Revision: 1809
http://nagios.svn.sourceforge.net/nagios/?rev=1809&view=rev
Author: mguthrie88
Date: 2011-09-19 16:54:59 +0000 (Mon, 19 Sep 2011)
Log Message:
-----------
Merged user-level dev changes into main trunk.
Continued User-level auth integration.
Began phasing out old global authorizations array usage
Modified Paths:
--------------
nagiosvshell/trunk/vshell/constants.inc.php
nagiosvshell/trunk/vshell/controllers/authorizations.inc.php
nagiosvshell/trunk/vshell/controllers/controller.php
nagiosvshell/trunk/vshell/controllers/controllers.inc.php
nagiosvshell/trunk/vshell/controllers/status_functions.php
nagiosvshell/trunk/vshell/data/NagiosData.php
nagiosvshell/trunk/vshell/data/build_groups.php
nagiosvshell/trunk/vshell/data/data.inc.php
nagiosvshell/trunk/vshell/data/get_tac_data.php
nagiosvshell/trunk/vshell/data/read_objects.php
nagiosvshell/trunk/vshell/data/read_perms.php
nagiosvshell/trunk/vshell/index.php
nagiosvshell/trunk/vshell/session.inc.php
nagiosvshell/trunk/vshell/views/config_viewer.php
nagiosvshell/trunk/vshell/views/display_functions.php
nagiosvshell/trunk/vshell/views/header.php
nagiosvshell/trunk/vshell/views/hostgroups.php
nagiosvshell/trunk/vshell/views/servicegroups.php
Added Paths:
-----------
nagiosvshell/trunk/vshell/controllers/data_functions.inc.php
nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php
nagiosvshell/trunk/vshell/controllers/output_functions.inc.php
nagiosvshell/trunk/vshell/data/NagiosUser.php
Modified: nagiosvshell/trunk/vshell/constants.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/constants.inc.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/constants.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -68,7 +68,7 @@
// Switch to use external configuration file by Tony Yarusso, 30 March 2011
$ini_array = parse_ini_file("/etc/vshell.conf");
-define('VERSION', '1.7');
+define('VERSION', '1.8');
define('LANG',$ini_array["LANG"]);
//server root information
Modified: nagiosvshell/trunk/vshell/controllers/authorizations.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/authorizations.inc.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/controllers/authorizations.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -51,13 +51,13 @@
$authorizations = array(
- 'host_commands' => 0,
- 'hosts' => 0,
- 'service_commands' => 0,
- 'services' => 0,
- 'configuration_information' => 0,
- 'system_commands' => 0,
- 'system_information' => 0,
+ 'authorized_for_host_commands' => 0,
+ 'authorized_for_hosts' => 0,
+ 'authorized_for_service_commands' => 0,
+ 'authorized_for_services' => 0,
+ 'authorized_for_configuration_information' => 0,
+ 'authorized_for_system_commands' => 0,
+ 'authorized_for_system_information' => 0,
);
Modified: nagiosvshell/trunk/vshell/controllers/controller.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/controller.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/controllers/controller.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -76,6 +76,7 @@
{
global $authorizations;
+ global $NagiosUser;
list($mode, $type) = array(NULL, NULL);
list($state_filter, $name_filter, $objtype_filter) = array(NULL, NULL, NULL);
@@ -92,50 +93,40 @@
switch($type) {
case 'services':
case 'hosts':
- if ($authorizations[$type] == 1) {
$data = hosts_and_services_data($type, $state_filter, $name_filter);
$html_output_function = 'hosts_and_services_output';
- }
break;
case 'hostgroups':
case 'servicegroups':
- if($authorizations['hosts']==1)
- {
- if ($type == 'hostgroups' || ($type == 'servicegroups' && $authorizations['services']==1)) {
- $data = hostgroups_and_servicegroups_data($type, $name_filter);
- $html_output_function = 'hostgroups_and_servicegroups_output';
- }
+ if ($type == 'hostgroups' || $type == 'servicegroups')
+ {
+ $data = hostgroups_and_servicegroups_data($type, $name_filter);
+ $html_output_function = 'hostgroups_and_servicegroups_output';
}
-
break;
case 'hostdetail':
case 'servicedetail':
- if($authorizations['hosts']==1 && $name_filter)
- {
$data = host_and_service_detail_data($type, $name_filter);
- $html_output_function = 'host_and_service_detail_output';
- }
+ $html_output_function = 'host_and_service_detail_output';
break;
case 'object':
if ($objtype_filter)
{
- if($authorizations['configuration_information']==1 ||
- $authorizations['host_commands']==1 ||
- $authorizations['service_commands']==1 ||
- $authorizations['system_commands']==1)
+ if($NagiosUser->if_has_authKey('authorized_for_configuration_information')) //only administrative users should be able to see config info
{
$data = object_data($objtype_filter, $name_filter);
$type = $objtype_filter;
$html_output_function = 'object_output';
}
+ else send_home();
}
break;
case 'backend':
- $xmlout = tac_xml(get_tac_data());
+ $xmlout = tac_xml(get_tac_data());
break;
case 'overview':
@@ -160,60 +151,26 @@
break;
case 'xml':
- if($type!='backend')
- {
- require_once(DIRBASE.'/views/xml.php');
- $title = ucwords($type);
- build_xml_page($data, $title);
- header('Location: '.BASEURL.'tmp/'.$title.'.xml');
- }
- header('Content-type: text/xml');
- if($type=='backend') echo $xmlout; //xml backend access for nagios fusion
- #$output = build_xml_data($data, $title);
+ if($type!='backend')
+ {
+ require_once(DIRBASE.'/views/xml.php');
+ $title = ucwords($type);
+ build_xml_page($data, $title);
+ header('Location: '.BASEURL.'tmp/'.$title.'.xml');
+ }
+ header('Content-type: text/xml');
+ if($type=='backend') echo $xmlout; //xml backend access for nagios fusion
+ #$output = build_xml_data($data, $title);
break;
- case 'null':
-
- break;
+
}
print $output;
}
-function process_state_filter($filter_str)
-{
- $ret_filter = NULL;
- $filter_str = strtoupper($filter_str);
- $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL',
- 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED');
- if (in_array($filter_str, $valid_states))
- {
- $ret_filter = $filter_str;
- }
- return $ret_filter;
-}
-function process_name_filter($filter_str) {
- //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG
- $filter_str = strtolower(rawurldecode($filter_str));
- return $filter_str;
-}
-
-function process_objtype_filter($filter_str)
-{
- $ret_filter = NULL;
- $filter_str = strtolower($filter_str);
- $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
- 'timeperiods', 'contacts', 'contactgroups', 'commands');
- if (in_array($filter_str, $valid_objtypes))
- {
- $ret_filter = $filter_str;
- }
- return $ret_filter;
-}
-
-
function mode_header($mode)
{
$retval = '';
@@ -243,169 +200,8 @@
return $retval;
}
-function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL)
-{
- global $NagiosData;
- $data = $NagiosData->getProperty($type);
- $data_in = $data;
- if ($state_filter)
- {
- if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states
- {
- $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in),
- get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in),
- get_by_state('DOWN', $data_in));
- if($state_filter == 'UNHANDLED') //filter down problem array
- {
- //loop and return array
- $unhandled = array();
- foreach($data as $d)
- {
- if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d;
- }
- $data = $unhandled;
- }//end unhandled if
- if($state_filter == 'ACKNOWLEDGED')
- {
- //loop and return array
- $acknowledged = array();
- foreach($data as $d)
- {
- if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d;
- }
- $data = $acknowledged;
- }//end acknowledged if
- }
- else
- {
- $data = get_by_state($state_filter, $data);
- }
- }
- if ($name_filter)
- {
- $name_data = get_by_name($name_filter, $data);
- $service_data = get_by_name($name_filter, $data, 'service_description');
- $data = $name_data;
- foreach ($service_data as $i => $service)
- {
- if (!isset($data[$i])) { $data[$i] = $service; }
- }
- }
- //var_dump($data);
- return $data;
-}
-
-function hosts_and_services_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- list($start, $limit) = get_pagination_values();
- $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
- include_once(DIRBASE.'/views/'.$type.'.php');
- $display_function = 'display_'.$type;
- $retval = $display_function($data, $start, $limit);
- break;
- }
- return $retval;
-}
-
-function hostgroups_and_servicegroups_data($type, $name_filter=NULL)
-{
- include_once(DIRBASE.'/views/'.$type.'.php');
- $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data';
- $data = $data_function();
- if ($name_filter)
- {
-
- // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc...
- $name = preg_quote($name_filter, '/');
- $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);'));
- // XXX is there a better way?
- foreach ($match_keys as $key)
- {
- unset($data[$key]);
- }
- }
- return $data;
-}
-
-function hostgroups_and_servicegroups_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
- $display_function = 'display_'.$type;
- $retval = $display_function($data);
- break;
- }
- return $retval;
-}
-
-function host_and_service_detail_data($type, $name)
-{
- $data_function = 'process_'.preg_replace('/detail/', '_detail', $type);
- $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG
- return $data;
-}
-
-function host_and_service_detail_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- require_once(DIRBASE.'/views/'.$type.'s.php');
- $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s';
- $retval = $display_function($data);
- break;
- }
- return $retval;
-}
-
-function object_data($objtype_filter, $name_filter)
-{
- $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
- 'timeperiods', 'contacts', 'contactgroups', 'commands');
-
- if (in_array($objtype_filter, $valid_objtype_filters)) {
- global $NagiosData;
- $data = $NagiosData->getProperty($objtype_filter);
-
- if ($name_filter)
- {
- $name_data = get_by_name($name_filter, $data);
- $service_data = get_by_name($name_filter, $data, 'service_description');
-
- $data = $name_data;
- foreach ($service_data as $i => $service)
- {
- if (!isset($data[$i])) { $data[$i] = $service; }
- }
- }
- }
- return $data;
-}
-
-function object_output($objtype_filter, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- include(DIRBASE.'/views/config_viewer.php');
- $retval = build_object_list($data, $objtype_filter);
- break;
- }
- return $retval;
-}
-
-
function get_pagination_values()
{
$start = isset($_GET['start']) ? htmlentities($_GET['start']) : 0;
@@ -420,34 +216,10 @@
return array($start, $limit);
}
-////////////////////////////////////////////////////////////
-//$username is obtained from $_SERVER authorized user for nagios
-//
-function set_perms($username)
-{
- global $NagiosData;
- $permissions = $NagiosData->getProperty('permissions');
- foreach($permissions as $key => $array)//perms = array('system_information'
- {
- foreach($array as $user)
- {
- if($user == $username || $user == '*')
- {
- //print "authorizing $username";
- authorize($key);
- }
- }
- }
-}
-//////////////////////////////////////////////////////
-//
-//activates authorization for user. See authorizations.inc.php for auth list
-//
-function authorize($auth) //sets global permission
-{
- global $authorizations; //global authorization array controller
- $authorizations[$auth] = 1;
-}
+
+
+
+
?>
Modified: nagiosvshell/trunk/vshell/controllers/controllers.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/controllers.inc.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/controllers/controllers.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -53,5 +53,8 @@
include(dirname(__FILE__).'/controller.php');
include(dirname(__FILE__).'/authorizations.inc.php');
include(dirname(__FILE__).'/status_functions.php');
+include(dirname(__FILE__).'/output_functions.inc.php');
+include(dirname(__FILE__).'/filtering_functions.inc.php');
+include(dirname(__FILE__).'/data_functions.inc.php');
?>
Added: nagiosvshell/trunk/vshell/controllers/data_functions.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/data_functions.inc.php (rev 0)
+++ nagiosvshell/trunk/vshell/controllers/data_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -0,0 +1,131 @@
+<?php //data_functions.inc.php
+
+
+
+
+
+function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL)
+{
+ global $NagiosData;
+ global $NagiosUser;
+ $data = $NagiosData->getProperty($type);
+
+
+ //add filter for user-level filtering
+ if(!$NagiosUser->is_admin()) {
+ //print $type;
+ $data = user_filtering($data,$type);
+ }
+
+ $data_in = $data;
+
+ if ($state_filter)
+ {
+ if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states
+ {
+
+ $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in),
+ get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in),
+ get_by_state('DOWN', $data_in));
+ if($state_filter == 'UNHANDLED') //filter down problem array
+ {
+ //loop and return array
+ $unhandled = array();
+ foreach($data as $d)
+ {
+ if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d;
+ }
+ $data = $unhandled;
+ }//end unhandled if
+ if($state_filter == 'ACKNOWLEDGED')
+ {
+ //loop and return array
+ $acknowledged = array();
+ foreach($data as $d)
+ {
+ if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d;
+ }
+ $data = $acknowledged;
+ }//end acknowledged if
+ }
+ else
+ {
+ $data = get_by_state($state_filter, $data);
+ }
+ }
+ if ($name_filter)
+ {
+ $name_data = get_by_name($name_filter, $data);
+ $service_data = get_by_name($name_filter, $data, 'service_description');
+ $data = $name_data;
+ foreach ($service_data as $i => $service)
+ {
+ if (!isset($data[$i])) { $data[$i] = $service; }
+ }
+ }
+ //var_dump($data);
+ return $data;
+}
+
+
+
+function host_and_service_detail_data($type, $name)
+{
+ $data_function = 'process_'.preg_replace('/detail/', '_detail', $type);
+ $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG
+
+ $data = user_filtering($data,$type);
+
+ return $data;
+}
+
+
+
+function hostgroups_and_servicegroups_data($type, $name_filter=NULL)
+{
+ include_once(DIRBASE.'/views/'.$type.'.php');
+ $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data';
+ $data = $data_function();
+ if ($name_filter)
+ {
+
+ // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc...
+ $name = preg_quote($name_filter, '/');
+ $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);'));
+ // XXX is there a better way?
+ foreach ($match_keys as $key)
+ {
+ unset($data[$key]);
+ }
+ }
+ return $data;
+}
+
+function object_data($objtype_filter, $name_filter)
+{
+ $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
+ 'timeperiods', 'contacts', 'contactgroups', 'commands');
+
+ if (in_array($objtype_filter, $valid_objtype_filters)) {
+ global $NagiosData;
+ $data = $NagiosData->getProperty($objtype_filter);
+ $data = user_filtering($data,$objtype_filter);
+
+ if ($name_filter)
+ {
+ $name_data = get_by_name($name_filter, $data);
+ $service_data = get_by_name($name_filter, $data, 'service_description');
+
+ $data = $name_data;
+ foreach ($service_data as $i => $service)
+ {
+ if (!isset($data[$i])) { $data[$i] = $service; }
+ }
+ }
+ }
+ return $data;
+}
+
+
+
+?>
\ No newline at end of file
Added: nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php (rev 0)
+++ nagiosvshell/trunk/vshell/controllers/filtering_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -0,0 +1,67 @@
+<?php //filtering_functions.inc.php
+
+
+
+
+function user_filtering($data,$type)
+{
+ global $NagiosUser;
+ $new_data = array();
+ //rebuild array for auth hosts
+ if($type=='hosts') {
+ foreach($data as $d) {
+ //echo $d['host_name'];
+ if($NagiosUser->is_authorized_for_host($d['host_name']) ) $new_data[] = $d;
+
+ }
+ }
+ //rebuild array for auth services
+ if($type=='services') {
+ foreach($data as $d) {
+ //print "<pre>".print_r($d,true)."</pre>";
+ if($NagiosUser->is_authorized_for_service($d['host_name'],$d['service_description'])) $new_data[] = $d;
+ //die();
+ }
+ }
+ return $new_data;
+
+}
+
+
+function process_state_filter($filter_str)
+{
+ $ret_filter = NULL;
+ $filter_str = strtoupper($filter_str);
+ $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL',
+ 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED');
+
+
+ if (in_array($filter_str, $valid_states))
+ {
+ $ret_filter = $filter_str;
+ }
+ return $ret_filter;
+}
+
+function process_name_filter($filter_str) {
+ //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG
+ $filter_str = strtolower(rawurldecode($filter_str));
+ return $filter_str;
+}
+
+function process_objtype_filter($filter_str)
+{
+ $ret_filter = NULL;
+ $filter_str = strtolower($filter_str);
+ $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
+ 'timeperiods', 'contacts', 'contactgroups', 'commands');
+ if (in_array($filter_str, $valid_objtypes))
+ {
+ $ret_filter = $filter_str;
+ }
+ return $ret_filter;
+}
+
+
+
+?>
\ No newline at end of file
Added: nagiosvshell/trunk/vshell/controllers/output_functions.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/output_functions.inc.php (rev 0)
+++ nagiosvshell/trunk/vshell/controllers/output_functions.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -0,0 +1,64 @@
+<?php //output_functions.inc.php
+
+function object_output($objtype_filter, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ include(DIRBASE.'/views/config_viewer.php');
+ $retval = build_object_list($data, $objtype_filter);
+ break;
+ }
+ return $retval;
+}
+
+
+
+function host_and_service_detail_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ require_once(DIRBASE.'/views/'.$type.'s.php');
+ $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s';
+ $retval = $display_function($data);
+ break;
+ }
+ return $retval;
+}
+
+
+function hostgroups_and_servicegroups_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
+ $display_function = 'display_'.$type;
+ $retval = $display_function($data);
+ break;
+ }
+ return $retval;
+}
+
+
+function hosts_and_services_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ list($start, $limit) = get_pagination_values();
+ $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
+ include_once(DIRBASE.'/views/'.$type.'.php');
+ $display_function = 'display_'.$type;
+ $retval = $display_function($data, $start, $limit);
+ break;
+ }
+ return $retval;
+}
+
+?>
\ No newline at end of file
Modified: nagiosvshell/trunk/vshell/controllers/status_functions.php
===================================================================
--- nagiosvshell/trunk/vshell/controllers/status_functions.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/controllers/status_functions.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -66,12 +66,14 @@
function get_state_of($type, $array=NULL) //create host or service arrays by status
{
global $NagiosData;
+ global $NagiosUser;
if($type == 'services')
{
$state_counts = array('OK'=>0, 'WARNING'=>0, 'CRITICAL'=>0, 'UNKNOWN'=>0, 'PENDING'=>0);
if (is_null($array)) {
$array = $NagiosData->getProperty('services');
+
}
}
elseif($type == 'hosts')
@@ -88,8 +90,18 @@
foreach($array as $a)
{
- $state_counts[$a['current_state']]++;
+ if($type=='services')
+ {
+ if($NagiosUser->is_authorized_for_service($a['host_name'],$a['service_description']))
+ $state_counts[$a['current_state']]++;
+ }
+ if($type=='hosts')
+ {
+ if($NagiosUser->is_authorized_for_host($a['host_name']))
+ $state_counts[$a['current_state']]++;
+ }
}
+
return $state_counts;
}
Modified: nagiosvshell/trunk/vshell/data/NagiosData.php
===================================================================
--- nagiosvshell/trunk/vshell/data/NagiosData.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/NagiosData.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -53,11 +53,15 @@
{
// Hold an instance of the class
private static $instance;
+
+ // Storage for all necessary variables. Replaces the many globals
+ protected $_vars;
protected static $property_list = array('hosts_objs', 'services_objs',
'hostgroups_objs', 'servicegroups_objs', 'contacts', 'contactgroups',
'timeperiods', 'commands', 'hosts', 'services', 'comments', 'info',
- 'details', 'permissions', 'hostgroups', 'servicegroups', 'program');
+ 'details', 'permissions', 'hostgroups', 'servicegroups', 'program',
+ 'hostescalations','serviceescalations','hostdependencys','servicedependencys');
/* Return, and build as necessary, the singleton to store nagios data
*
@@ -74,6 +78,12 @@
self::$instance->__update();
return self::$instance;
}
+
+
+ public function dumpVars()
+ {
+ return $this->_vars;
+ }
/* General purpose "getter" for protected properties
*
@@ -175,15 +185,13 @@
$disk_cache_keys = array('hosts_objs', 'services_objs',
'hostgroups_objs', 'servicegroups_objs', 'contacts',
'contactgroups', 'timeperiods', 'commands', 'hostgroups',
- 'servicegroups', 'program');
- self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE,
- $disk_cache_keys));
+ 'servicegroups', 'program','hostescalations','serviceescalations',
+ 'hostdependencys','servicedependencys');
+ self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, $disk_cache_keys));
- self::$instance->_set_vars(cache_or_disk('perms', CGICFG,
- array('permissions')));
+ self::$instance->_set_vars(cache_or_disk('perms', CGICFG, array('permissions')));
- self::$instance->_set_vars(cache_or_disk('status', STATUSFILE,
- array('hosts', 'services', 'comments', 'info', 'details', 'program')));
+ self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, array('hosts', 'services', 'comments', 'info', 'details', 'program')));
}
@@ -199,6 +207,7 @@
} else {
// XXX Do something better here
//fb($var, "Invalid property");
+ echo "invalid property <pre>".print_r($var,true)." ".print_r($value,true)." </pre>";
}
}
@@ -222,8 +231,7 @@
trigger_error('Singleton', E_USER_ERROR);
}
- // Storage for all necessary variables. Replaces the many globals
- protected $_vars;
+
}
?>
Added: nagiosvshell/trunk/vshell/data/NagiosUser.php
===================================================================
--- nagiosvshell/trunk/vshell/data/NagiosUser.php (rev 0)
+++ nagiosvshell/trunk/vshell/data/NagiosUser.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -0,0 +1,443 @@
+<?php //NagiosUser.php nagios user class to handle authorized hosts, services, and admin functionality
+
+
+
+
+class NagiosUser
+{
+ /*
+ * boolean for users who can see and access all features
+ * @var boolean $admin
+ */
+ protected $admin = false;
+
+ /*
+ * boolean for viewing all hosts and services
+ * @var boolean $sees_all
+ */
+ protected $sees_all = false;
+
+ /**
+ * array for storing global authorizations from cgi file
+ * @var mixed $authKeys
+ */
+ protected $authKeys = array(
+ 'authorized_for_all_host_commands' => false,
+ 'authorized_for_all_hosts' => false,
+ 'authorized_for_all_service_commands' => false,
+ 'authorized_for_all_services' => false,
+ 'authorized_for_configuration_information' => false,
+ 'authorized_for_system_commands' => false,
+ 'authorized_for_system_information' => false,
+ 'authorized_for_read_only' => true,
+ );
+
+ /**
+ * MAIN AUTH ARRAY
+ * @var mixed $authHosts
+ */
+ protected $authHosts = array(); //see below for array structure
+ /*
+ $authHosts =
+ array ( 'localhost' => array(
+ 'host_name' => 'localhost',
+ 'all_services' => true | false,
+ 'services' => array( 0 => service1
+ 1 => service2
+ 3 => service3
+ )
+ )
+ */
+ /**
+ * contactgroup memberships
+ * @var mixed $cg_memberships
+ */
+ protected $cg_memberships = array();
+
+ /**
+ * current user
+ * @var string username
+ */
+ protected $username;
+
+ /**
+ * constructor initializes authorized hosts and services and determines global privileges
+ * @TODO cache data and move towards session auth so this info gets updated upon login and restart of Nagios
+ */
+ function __construct() {
+
+ if(!$this->get_user()) exit('Access Denied: No authentication detected.');
+ //build main authKeys array (cgi.cfg settings)
+ $this->set_perms();
+ //check if user can see everything
+ $this->admin = $this->determine_admin();
+
+ //if user level account, determin authorized objects for object filtering
+ if(!$this->admin) {
+ //check fo see if user can see all hosts and services
+ $this->sees_all = ($this->authKeys['authorized_for_all_hosts'] == true && $this->authKeys['authorized_for_all_services']) ? true : false;
+ //build auth objects array
+ $this->build_authorized_objects();
+ }
+ //print_r($this->authHosts);
+
+ }
+
+ /**
+ * determines authorized user, checks for hard-coded name, then Basic Auth, then Digest auth. Sets $this->username
+ * @global string $username
+ * @return string $this->username
+ */
+ private function get_user()
+ {
+ global $username; //some users have requested to turn off authentication or user other methods, this allows override and backwards compatibility
+ //allow for basic auth override for backwards compatibility with early versions of V-Shell
+ if($username)
+ {
+ $this->username = $username;
+ }
+ // HTTP BASIC AUTHENTICATION through Nagios Core or XI
+ //$remote_user="";
+ elseif(isset($_SERVER["REMOTE_USER"]))
+ {
+ $remote_user=$_SERVER["REMOTE_USER"];
+ //echo "REMOTE USER is set: $remote_user<br />";
+ $this->username = $remote_user;
+ }
+ //digest authentication
+ elseif(isset($_SERVER['PHP_AUTH_USER']))
+ {
+ //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER'];
+ $this->username = $_SERVER['PHP_AUTH_USER'];
+ }
+
+ if(!$this->username)
+ return false;
+ else return $this->username;
+
+ }
+
+ /**
+ * username is obtained from @global $_SERVER authorized user for nagios
+ * @TODO: make this better. All auth stuff needs to be handled here, no more global authorizations array
+ * @global mixed $NagiosData
+ */
+ private function set_perms()
+ {
+ global $NagiosData;
+ $permissions = $NagiosData->getProperty('permissions');
+
+ foreach($permissions as $key => $array) {
+ foreach($array as $user) { //look for wildcard
+ if($user == $this->username || $user == '*') $this->authorize($key);
+ }
+ }
+ }
+
+ /**
+ * sets authorization for user, also sets global $authorizations. See authorizations.inc.php for auth list
+ * @TODO replace @global $authorizations array and encapsulate this in user object
+ * @global mixed $authorizations array
+ */
+ private function authorize($auth) //sets global permission
+ {
+ global $authorizations; //global authorization array controller
+ $authorizations[$auth] = 1;
+ $this->authKeys[$auth] = true; //class auth controller
+ }
+
+ ///////////////get methods ///////////////////////
+
+ /**
+ * gets list of authorized hosts for user
+ * @return mixed $authHosts array of all authorized hosts and services
+ */
+ public function get_authorized_hosts() {
+ return $this->authHosts;
+ }
+
+ /**
+ * returns username
+ * @return string $username current user
+ */
+ public function get_username() {
+ return $this->username;
+ }
+
+ /**
+ * returns boolean if user is admin
+ * @return boolean $admin boolean if user has admin privileges and can see and do everything
+ */
+ public function is_admin() {
+ return $this->admin;
+ }
+ /**
+ * @return boolean $key authorization key from cgi.cfg file
+ */
+ public function if_has_authKey($key) {
+ if(isset($this->authKeys[$key]))
+ return $this->authKeys[$key];
+ }
+
+ /**
+ * @return boolean decide if this user is an admin
+ */
+ private function determine_admin() {
+ if($this->username == 'nagiosadmin') return true;
+ foreach($this->authKeys as $key)
+ {
+ if($key != true) return false; //if all auth keys are set, user is an admin
+ }
+ return true;
+
+ }
+
+
+ /**
+ * sets global auths from cgi.cfg file
+ * @TODO: move to protected method -> this will replace previous global auths in future versions
+ * @return null changes cgi.cfg booleans for current NagiosUser
+ */
+ public function setAuthKey($keyname,$value) {
+ if(isset($this->authKeys[$keyname])) {
+ $this->authKeys[$keyname] = $value;
+ }
+ }
+
+ /**
+ * tests if user can view host
+ * @returns boolean
+ */
+ public function is_authorized_for_host($hostname) {
+ //can user see everything?
+ if($this->admin == true || $this->sees_all == true) return true;
+ //user level filtering
+ if(isset($this->authHosts[$hostname]) && $this->authHosts[$hostname]['all_services']==true ) return true;
+
+ //not authorized
+ return false;
+ }
+
+ /**
+ * tests if user can view service
+ * @returns boolean
+ */
+ public function is_authorized_for_service($hostname,$service) {
+ //can user see everything?
+ if($this->admin == true || $this->sees_all == true) return true;
+ //user level filtering
+ if(isset($this->authHosts[$hostname]) && (in_array($service,$this->authHosts[$hostname]['services']) || $this->authHosts[$hostname]['all_services']==true) ) return true;
+ //not authorized
+ return false;
+ }
+
+
+ /** ///////////////////////////////////////////////////
+ * main logic function for user-level filtering, builds $this->authHosts array
+ * CREATES SINGLE MULTI-D HEIRARCHY ARRAY
+ * LOGIC: - check for host contacts, and host contactgroups
+ * - check for host escalations, and hostescalation contactgroups
+ * - check for service contacts, and service contactgroups
+ * - check for serviceescalation contacts, then serviceescalation contact groups
+ *
+ * ARRAY STRUCTURE
+ * $authObjects =
+ * array ( 'localhost' => array(
+ * 'host_name' => 'localhost',
+ * 'all_services' => true | false,
+ * 'services' => array( 0 => service1
+ * 1 => service2
+ * 3 => service3 )
+ *
+ * )
+ *
+ * @global mixed $NagiosData object.cache array
+ */
+ private function build_authorized_objects() {
+ global $NagiosData;
+
+ //fetch necessary object config arrays
+ $hosts = $NagiosData->getProperty('hosts_objs');
+ $contactgroups = $NagiosData->getProperty('contactgroups');
+
+ //find relevant contact groups for user
+ foreach($contactgroups as $cg)
+ {
+ //echo $cg['contactgroup_name'];
+ if(in_array($this->username,explode(',',$cg['members'])) )
+ $this->cg_memberships[] = $cg['contactgroup_name']; //add contactgroup to array if user is a member of it
+ }
+
+ ///////////////////////////////////HOSTS////////////////////////
+ foreach($hosts as $host)
+ {
+ //check is user is a direct contact
+ $key = $host['host_name'];
+ if(isset($host['contacts']) && in_array($this->username, explode(',',$host['contacts'])) )
+ {
+ $this->authHosts[$key] = array('host_name' => $key, 'all_services' => true, 'services' => array());
+ continue; //skip to next host
+ }
+
+ //if host has contact groups
+ if(isset($host['contact_groups']))
+ {
+ $cgmems = explode(',',$host['contact_groups']); //members to array
+ foreach($cgmems as $cg)
+ {
+ if(in_array($cg,$this->cg_memberships)) //check if contact group is in user's list of memberships
+ {
+ $this->authHosts[$key] = array('host_name' => $key, 'services' => array(), 'all_services' => true );
+ break;
+ } //end IF
+
+ } //end FOREACH contactgroup member
+ }//end IF contactgroups set
+
+ }//end FOREACH host
+
+ /////////////////////////HOST ESCALATIONS///////////////////////
+ //add hosts if user is assigned as a contact or contactgroup member
+ $this->add_escalated_hosts();
+
+ ////////////////////////////SERVICES//////////////////////////
+ //get services objects
+ $services = $NagiosData->getProperty('services_objs');
+ //echo "Services: <br /><pre>".print_r($services,true)."</pre>";
+
+ foreach($services as $service)
+ {
+ $key = $service['host_name'];
+ //check for authorized host first, if all services are authorized skip ahead
+ if(isset($this->authHosts[$key]) && $this->authHosts[$key]['all_services'] == true) continue;
+
+ //check for authorization at the service level
+ if(isset($service['contacts']) && in_array($this->username, explode(',',$service['contacts'])) ) //user is a contact
+ {
+ //echo $service['service_description']." : ".$service['contacts'];
+ //only add the service if it's not already there
+ if(!isset($this->authHosts[$key])) //if this is set somewhere else, the all_services boolean should already be set
+ $this->authHosts[$key] = array('host_name' => $key, 'services' =>array($service['service_description']), 'all_services' => false );
+ else
+ {
+ //only add service if it's not already there
+ if(!in_array($service['service_description'], $this->authHosts[$key]['services']) && $this->authHosts[$key]['all_services'] == false)
+ $this->authHosts[$key]['services'][] = $service['service_description'];
+ }
+ continue;
+ }
+
+ //check against contactgroups
+ if(isset($service['contact_groups']) )
+ {
+ $cgmems = explode(',',$service['contact_groups']);
+ foreach($cgmems as $cg)
+ {
+ if(in_array($cg,$this->cg_memberships)) //user is a contact for service
+ {
+ if(!isset($this->authHosts[$key])) //if this is set somewhere else, the all_services boolean should already be set
+ $this->authHosts[$key] = array('host_name' => $key, 'services' =>array(), 'all_services' => false );
+ else
+ { //add service if it's not already in the array
+ if(!in_array($service['service_description'], $this->authHosts[$key]['services']) && $this->authHosts[$key]['all_services'] == false)
+ $this->authHosts[$key]['services'][] = $service['service_description'];
+ }
+ break;
+ } //end IF
+ } //end FOREACH contactgroup member
+ } //end IF contactgroups
+ } //end services FOREACH
+
+ ////////////////////////SERVICE ESCALATIONS/////////////////////
+ //add services if user is assigned as an escalated contact or contactgroup member
+ $this->add_escalated_services();
+
+ }//end function build_authorized_objects()
+
+
+ /**
+ * sweeps through host escalation definitions and adds to authHosts as needed
+ * @global mixed $NagiosData object.cache array
+ */
+ private function add_escalated_hosts()
+ {
+ global $NagiosData;
+
+ $host_escs = $NagiosData->getProperty('hostescalations');
+ foreach($host_escs as $he) //loop through all host escalations
+ {
+ //check for authorized host first, skip ahead if it
+ if(isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) continue;
+
+ //check if user is a contact for escalation
+ if(in_array($this->username,explode(',',$he['contacts'])) ) //if user is in list of contacts
+ { //add host if not already there, or if it's there but not all services are authorized
+ if(!isset($this->authHosts[$he['host_name']]) || (isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) ) //don't overwrite existing arrays
+ $this->authHosts[$he['host_name']] = array('host_name' => $he['host_name'], 'services' => array(), 'all_services' => true );
+ //do nothing if host is already authorized
+ continue; //no need to check contactgroups
+ }
+ //check if user's contactgroups are in the list
+ if(isset($he['contact_groups']))
+ {
+ //compare arrays
+ $matches = array_intersect(explode(',',$he['contact_groups']),$this->cg_memberships);
+ if(!empty($matches)) // push host list into authHosts array
+ {
+ if(!isset($this->authHosts[$he['host_name']]) || (isset($this->authHosts[$he['host_name']]) && $this->authHosts[$he['host_name']]['all_services']==false) ) //don't overwrite existing arrays
+ $this->authHosts[$he['host_name']] = array('host_name' => $he['host_name'], 'services' => array(), 'all_services' => true );
+ //do nothing if host is already fully authorized
+ }
+ }//end IF contactgroup
+ }//end hostescalation loop
+ }//end add_escalated_hosts()
+
+ /**
+ * sweeps through escalation definitions and adds to $authHosts as needed
+ * sort through all service escalations in objects.cache and push appropriate services onto array stack
+ * NOTE host_name and service_descriptions are not comma delineated in objects.cache, all single definitions
+ * @global mixed $NagiosData object.cache array
+ */
+ private function add_escalated_services()
+ {
+ global $NagiosData;
+ //fetch escalations array
+ $serv_escs = $NagiosData->getProperty('serviceescalations');
+ foreach($serv_escs as $se) //loop through all host escalations
+ {
+ //skip ahead if all services are already authorized for host
+ if(isset($this->authHosts[$se['host_name']]) && $this->authHosts[$se['host_name']]['all_services'] == true) continue;
+
+ //check if user is a contact for escalation
+ if(isset($se['contacts']) && in_array($this->username, explode(',',$se['contacts'])) ) //if user is in list of contacts
+ {
+ //check to see if host key exists in the array
+ if(!isset($this->authHosts[$se['host_name']])) //don't overwrite existing arrays
+ $this->authHosts[$se['host_name']] = array('host_name' => $se['host_name'], 'all_services'=> false, 'services' => array($se['service_description']) );
+ else //if it exists, push services onto array stack, services array should already be there
+ $this->authHosts[$se['host_name']]['services'][] = $se['service_description'];
+
+ continue; //no need to check contactgroups if defined as contact
+ }
+
+ //check if user's contactgroups are in the list
+ if(isset($se['contact_groups']))
+ {
+ //compare arrays
+ $matches = array_intersect(explode(',',$se['contact_groups']),$this->cg_memberships);
+ if(!empty($matches))
+ { //check to see if array key exists yet
+ if(!isset($this->authHosts[$se['host_name']]) ) //don't overwrite existing arrays
+ $this->authHosts[$se['host_name']] = array('host_name' => $se['host_name'], 'services' => array($se['service_description']),'all_services'=>false );
+ else //if it exists, push services onto array stack
+ $this->authHosts[$se['host_name']]['services'][] = $se['service_description']; //object.cache separates services into individual defs
+ }
+ }//end IF contactgroups
+ }//end foreach service escalation
+ }//end method add_escalated_services()
+
+} ///////////////////end NagiosUser class ////////////////////////
+
+
+
+?>
\ No newline at end of file
Modified: nagiosvshell/trunk/vshell/data/build_groups.php
===================================================================
--- nagiosvshell/trunk/vshell/data/build_groups.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/build_groups.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -56,12 +56,21 @@
function build_hostgroup_details($group_members) //make this return the totals array for hosts and services
{
global $NagiosData;
+ global $NagiosUser;
+
$hosts = $NagiosData->getProperty('hosts');
+
+// //add filter for user-level filtering
+// if(!$NagiosUser->is_admin()) {
+ //print $type;
+// $hosts = user_filtering($hosts,'hosts');
+// }
$hostgroup_details = array();
foreach($group_members as $member)
{
- $hostgroup_details[] = $hosts[$member];
+ if($NagiosUser->is_authorized_for_host($member)) //user-level filtering
+ $hostgroup_details[] = $hosts[$member];
}
return $hostgroup_details;
@@ -74,17 +83,21 @@
function build_host_servicegroup_details($group_members)
{
global $NagiosData;
+ global $NagiosUser;
$hosts = $NagiosData->getProperty('hosts');
+
$servicegroup_details = array();
foreach($group_members as $member)
{
- if (isset($hosts[$member]['services']))
+ if($NagiosUser->is_authorized_for_host($member)) //user-level filtering
{
- foreach ($hosts[$member]['services'] as $service)
- {
- $servicegroup_details[] = $service;
- }
+ if (isset($hosts[$member]['services']))
+ foreach ($hosts[$member]['services'] as $service)
+ {
+ if($NagiosUser->is_authorized_for_service($member,$service)) //user-level filtering
+ $servicegroup_details[] = $service;
+ }
}
}
return $servicegroup_details;
@@ -166,9 +179,11 @@
function build_servicegroups_array()
{
global $NagiosData;
+ global $NagiosUser;
$servicegroups = $NagiosData->getProperty('servicegroups');
$services = $NagiosData->getProperty('services');
-
+ $services = user_filtering($services,'services');
+
$servicegroups_details = array(); //multi-dim array to hold servicegroups
foreach($servicegroups as $groupname => $member)
{
Modified: nagiosvshell/trunk/vshell/data/data.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/data/data.inc.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/data.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -58,7 +58,8 @@
require_once('data_utils.php');
require_once('NagiosData.php');
-$NagiosData = NagiosData::singleton();
+require_once('NagiosUser.php');
+
require_once('get_tac_data.php');
require_once('build_groups.php');
Modified: nagiosvshell/trunk/vshell/data/get_tac_data.php
===================================================================
--- nagiosvshell/trunk/vshell/data/get_tac_data.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/get_tac_data.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -56,6 +56,8 @@
//print "<br /><br /><br /><br />";
global $username;
global $NagiosData;
+ global $NagiosUser;
+
$now = time();
$info = $NagiosData->getProperty('info');
$program = $NagiosData->getProperty('program');
@@ -81,7 +83,7 @@
'hostlink' => htmlentities(BASEURL.'index.php?type=hosts&state_filter='),
//host counts
- 'hostsTotal' => ($hoststates['UP'] + $hoststates['DOWN'] + $hoststates['UNREACHABLE']),
+ 'hostsTotal' => ($hoststates['UP'] + $hoststates['DOWN'] + $hoststates['UNREACHABLE'] +$hoststates['PENDING']),
'hostsUpTotal' => $hoststates['UP'],
'hostsDownTotal' => $hoststates['DOWN'],
'hostsUnreachableTotal' => $hoststates['UNREACHABLE'],
@@ -135,6 +137,7 @@
'servicesWarningDisabled' => 0,
'servicesCriticalDisabled' => 0,
'servicesUnknownDisabled' => 0,
+ 'servicesTotalDisabled' => 0,
'servicesPending' => 0,
'servicesPendingDisabled' => 0,
'servicesWarningHostProblem' => 0,
@@ -165,6 +168,8 @@
$hostStates = array(NULL, 'Down', 'Unreachable'); // used in tracking host states
foreach($hosts as $h)
{
+ if(!$NagiosUser->is_authorized_for_host($h['host_name'])) continue; //user-level filtering
+
//html specific data
if($h['flap_detection_enabled'] != 1) $tac_data['hostsFlappingDisabled']++;
if($h['is_flapping'] == 1) $tac_data['hostsFlapping']++;
@@ -201,7 +206,8 @@
$serviceStates = array(NULL, 'Warning', 'Critical', 'Unknown'); // used in tracking service states
foreach($services as $s)
{
-
+ if(!$NagiosUser->is_authorized_for_service($s['host_name'],$s['service_description'])) continue;
+
//html specific data
if($s['flap_detection_enabled'] != 1) $tac_data['servicesFlappingDisabled']++;
if($s['is_flapping'] == 1) $tac_data['servicesFlapping']++;
@@ -214,7 +220,7 @@
$current_host = $h_states[$s['host_name']];
if($s['last_check'] == 0 && $s['active_checks_enabled'] == 1) { $tac_data['servicesPending']++; continue; } //pending
if($s['last_check'] == 0 && $s['active_checks_enabled'] == 0) { $tac_data['servicesPendingDisabled']++; continue; } //pending
- if($s['active_checks_enabled'] == 0) $tac_data['servicesDisabled']++;
+ if($s['active_checks_enabled'] == 0) $tac_data['servicesTotalDisabled']++;
switch($s['current_state']) {
case 0:
Modified: nagiosvshell/trunk/vshell/data/read_objects.php
===================================================================
--- nagiosvshell/trunk/vshell/data/read_objects.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/read_objects.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -91,7 +91,7 @@
case 'service':
$object_collector[typemap('host')][$kvp['host_name']]['services'][] = $kvp;
$object_collector[typemap($curdeftype)][] = $kvp;
- break;
+ break;
default:
$object_collector[typemap($curdeftype)][] = $kvp;
@@ -125,7 +125,7 @@
$retval = NULL;
if (in_array($type, array('host', 'service', 'hostgroup', 'servicegroup'))) {
$retval = $type.'s_objs';
- } elseif (in_array($type, array('contact', 'contactgroup', 'timeperiod', 'command'))) {
+ } elseif (in_array($type, array('contact', 'contactgroup', 'timeperiod', 'command','hostescalation','serviceescalation','hostdependency','servicedependency'))) {
$retval = $type.'s';
} else { // TODO other types?
}
Modified: nagiosvshell/trunk/vshell/data/read_perms.php
===================================================================
--- nagiosvshell/trunk/vshell/data/read_perms.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/data/read_perms.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -74,7 +74,7 @@
$permusers = explode(',', $userlist);
array_walk($permusers, create_function('&$v', 'trim($v);'));
- $perms[$perm] = $permusers;
+ $perms[$actual_perm] = $permusers; //XXX move all to NagiosUser in future versions
}
}
Modified: nagiosvshell/trunk/vshell/index.php
===================================================================
--- nagiosvshell/trunk/vshell/index.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/index.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -55,24 +55,27 @@
session_start(); //no need for sessions at this time
ob_start();
+$username = false;
+//////////////USE TO OVERRIDE APACHE AUTHENTICATION LOGIC: ///////////////////////////////
+//////////UNCOMMENTING THIS WILL LEAVE YOUR MONITORING ENVIRONMENT WIDE OPEN!!! ///////////////////////////
+//$username = 'nagiosadmin';
+
+
include(dirname(__FILE__).'/inc.inc.php'); //master include file
+//load language and other sitewide settings
init_vshell();
-$page_title = 'Nagios Visual Shell';
-
-//check_auth() needs to be revised to include other auth types and contact viewing of hosts
-$username = get_user();
-
-//$username = 'nagiosadmin'; //uncomment this to only use apache authentication methods
-
-
-if($username) //if logged in, display the page
+//needs a username to do anything
+if($username) //if logged in, display the page
{
- set_perms($username); //set global $authorization
+ //set_perms($username); //set global $authorization
page_router();
}
+//$hosts = $NagiosData->getProperty('hosts_objs');
+//$hosts = $NagiosUser->get_authorized_hosts();
+//echo "<pre>".print_r($hosts,true)."</pre>";
ob_end_flush();
?>
Modified: nagiosvshell/trunk/vshell/session.inc.php
===================================================================
--- nagiosvshell/trunk/vshell/session.inc.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/session.inc.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -1,5 +1,13 @@
<?php //user authentication
+
+//initialize main classes
+$NagiosData = NagiosData::singleton();
+$NagiosUser = new NagiosUser();
+
+
+
+
//initializes all session variables as neccessary
function init_vshell()
{
@@ -16,33 +24,12 @@
textdomain(LANG);
+
+
}
-function get_user() //return $username if logged into nagios
-{
- // HTTP BASIC AUTHENTICATION through Nagios Core or XI
- //$remote_user="";
- if(isset($_SERVER["REMOTE_USER"]))
- {
- $remote_user=$_SERVER["REMOTE_USER"];
- //echo "REMOTE USER is set: $remote_user<br />";
- return $remote_user;
- }
- //digest authentication
- elseif(isset($_SERVER['PHP_AUTH_USER']))
- {
- //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER'];
- return $_SERVER['PHP_AUTH_USER'];
- }
- else
- {
- echo "Access Denied: No authentication detected.";
- return false;
- }
-
-}
Modified: nagiosvshell/trunk/vshell/views/config_viewer.php
===================================================================
--- nagiosvshell/trunk/vshell/views/config_viewer.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/views/config_viewer.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -6,12 +6,9 @@
// $arg is the argument taken from the browser. example object=services_objs
function build_object_list($data, $arg) //expecting arrays from read_objects.php file
{
- global $authorizations;
- $count = 0;
+ $count = 0;
$object_list = '';
-
-
$name_filter = isset($_GET['name_filter']) ? htmlentities($_GET['name_filter']) : '';
$objtype_filter = isset($_GET['objtype_filter']) ? htmlentities($_GET['objtype_filter']) : '';
$type = isset($_GET['type']) ? htmlentities($_GET['type']) : '';
@@ -41,20 +38,14 @@
switch($arg)
{
case 'hosts_objs':
- if($authorizations['configuration_information']==1)
- {
$name=$a['host_name'];
$linkkey = 'host'.$a['host_name'];
#$link = htmlentities(BASEURL.'index.php?cmd=gethostdetail&arg='.$name);
$link = htmlentities(BASEURL.'index.php?type=hostdetail&name_filter='.$name);
$title = gettext('Host').": <a href='$link' title='Host Details'>$name</a>";
- }
- //else{ continue; }
break;
case 'services_objs':
- if($authorizations['configuration_information']==1)
- {
$count++;
$name=$a['service_description'];
$linkkey = 'service'.$count;
@@ -65,74 +56,54 @@
$link = htmlentities(BASEURL.'index.php?type=servicedetail&name_filter='.$linkkey);
$title = gettext('Host').": <a href='$hlink' title='Host Details'>$host</a>
".gettext('Service').":<a href='$link' title='Service Details'>$name</a>";
- }
+
break;
case 'commands':
- if(($authorizations['host_commands']==1 && $authorizations['service_commands'])
- ||$authorizations['system_commands']==1 )
- {
$name=$a['command_name'];
$title = gettext('Command').": $name";
$linkkey = $name;
- }
break;
case 'hostgroups_objs':
- if($authorizations['configuration_information']==1)
- {
$name=$a['hostgroup_name'];
$title = gettext('Group Name').": $name";
$linkkey = 'hg'.$name;
- }
break;
case 'servicegroups_objs':
- if($authorizations['configuration_information']==1)
- {
$name=$a['servicegroup_name'];
$title = gettext('Group Name').": $name";
$linkkey = 'sg'.$name;
- }
break;
case 'timeperiods':
- if($authorizations['configuration_information']==1)
- {
$name=$a['timeperiod_name'];
$title = gettext('Timeperiod').": $name";
$linkkey = 'tp'.$name;
- }
break;
case 'contacts':
- if($authorizations['configuration_information']==1)
- {
$name=$a['contact_name'];
$title = gettext('Contact').": $name";
$linkkey = $name;
- }
break;
case 'contactgroups':
- if($authorizations['configuration_information']==1)
- {
$name=$a['contactgroup_name'];
$title = gettext('Contact Group').": $name";
$linkkey = $name;
- }
break;
default:
- $title = gettext('Access Denied').'<br />';
- $linkkey = gettext('You do not have permissions to view this information');
+ $title = gettext('Access Denied').'<br />';
+ $linkkey = gettext('You do not have permissions to view this information');
break;
}
$id = preg_replace('/[\. ]/', '_', $linkkey); //replacing dots with underscores
#$id = preg_replace('/\ /', '_', $id); //replacing spaces with underscores
- //using HEREDOC string syntax
$confighead="
<li class='configlist'>{$title} <a class='label' onclick='showHide(\"{$id}\")' href='javascript:void(0)'>
Modified: nagiosvshell/trunk/vshell/views/display_functions.php
===================================================================
--- nagiosvshell/trunk/vshell/views/display_functions.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/views/display_functions.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -58,18 +58,9 @@
//
function build_nav_links() //build page links based on user's permission level
{
- global $authorizations;
+ global $NagiosUser;
- $keys = array();
- foreach($authorizations as $key => $value)
- {
- //echo "$key : $value <br />";
- if($value == 1) //if permission is set
- {
- $keys[$key] = 1;
- }
- }
- //print_r($keys);
+
//generate links based on permissions
$base = BASEURL.'index.php?';
@@ -78,18 +69,14 @@
$navlinks .= '<ul class="nav">';
$navlinks .= '<li class="nav"><a href="index.php" class="nav" rel="internal">'.gettext('Tactical Overview').'</a></li>'; //default tactical overview link
- if(isset($keys['hosts'], $keys['services']))
- {
- $navlinks .= "<li class='nav'><a href='".$base."type=hosts' class='nav' rel='internal'>".gettext('Hosts')."</a></li>"; //hosts
- $navlinks .= "<li class='nav'><a href='".$base."type=services' class='nav' rel='internal'>".gettext('Services')."</a></li>"; //services
- $navlinks .= "<li class='nav'><a href='".$base."type=hostgroups' class='nav' rel='internal'>".gettext('Hostgroups')."</a></li>"; //hostgroups
- $navlinks .= "<li class='nav'><a href='".$base."type=servicegroups' class='nav' rel='internal'>".gettext('Servicegroups')."</a></li>"; //servicegroups
- }
-
-
+ $navlinks .= "<li class='nav'><a href='".$base."type=hosts' class='nav' rel='internal'>".gettext('Hosts')."</a></li>"; //hosts
+ $navlinks .= "<li class='nav'><a href='".$base."type=services' class='nav' rel='internal'>".gettext('Services')."</a></li>"; //services
+ $navlinks .= "<li class='nav'><a href='".$base."type=hostgroups' class='nav' rel='internal'>".gettext('Hostgroups')."</a></li>"; //hostgroups
+ $navlinks .= "<li class='nav'><a href='".$base."type=servicegroups' class='nav' rel='internal'>".gettext('Servicegroups')."</a></li>"; //servicegroups
+
/////////////OBJECT VIEWS
- if(isset($keys['configuration_information'])) //assuming full admin
+ if($NagiosUser->if_has_authKey('authorized_for_configuration_information')) //assuming full admin
{
$navlinks .= "<li class='nav'><a class='nav' onmouseover='showDropdown(\"confDrop\")' onmouseout='hideDropdown(\"confDrop\")' href='javascript:void(0)'>".gettext('Configurations')."</a>
<div onmouseover='showDropdown(\"confDrop\")' onmouseout='hideDropdown(\"confDrop\")' id='confDrop'><ul>";
@@ -105,7 +92,7 @@
$navlinks .= "<li><a class='nav' href='".$base."type=object&objtype_filter=contactgroups'>".gettext('Contactgroups')."</a></li>\n"; //contactgroups
//COMMAND VIEW
- if(isset($keys['host_commands'],$keys['service_commands'], $keys['system_commands']))
+ if($NagiosUser->is_admin())
{
//make link for commands
$navlinks .= "<li><a href='".$base."type=object&objtype_filter=commands' class='nav'>".gettext('Commands')."</a></li>\n"; //commands config
@@ -115,7 +102,7 @@
}
//Nagios Core System links dropdown menu
- if(isset($keys['system_commands']))
+ if($NagiosUser->if_has_authKey('authorized_for_system_commands'))
{
$navlinks .= "<li class='nav'><a class='nav' onmouseover='showDropdown(\"sysDrop\")'
onmouseout='hideDropdown(\"sysDrop\")' href='javascript:void(0)'>".gettext('System Commands')."</a>
Modified: nagiosvshell/trunk/vshell/views/header.php
===================================================================
--- nagiosvshell/trunk/vshell/views/header.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/views/header.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -51,7 +51,7 @@
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-function display_header($page_title)
+function display_header($page_title='Nagios Visual Shell')
{
$js_path = BASEURL.'js/';
$jquery_path = $js_path.'jquery-1.4.4.min.js';
Modified: nagiosvshell/trunk/vshell/views/hostgroups.php
===================================================================
--- nagiosvshell/trunk/vshell/views/hostgroups.php 2011-09-16 10:22:24 UTC (rev 1808)
+++ nagiosvshell/trunk/vshell/views/hostgroups.php 2011-09-19 16:54:59 UTC (rev 1809)
@@ -53,17 +53,29 @@
function get_hostgroup_data()
{
global $NagiosData;
+ global $NagiosUser;
+
$hostgroups = $NagiosData->getProperty('hostgroups');
$hosts = $NagiosData->getProperty('hosts');
$hostgroup_data = array();
- foreach ($hostgroups as $group => $members) {
+ foreach ($hostgroups as $group => $members)
+ {
+
+
$hostgroup_data[$group] = array(
'member_data' => array(),
'host_counts' => get_state_of('hosts', build_hostgroup_details($members)),
'service_counts' => get_state_of('services', build_host_servicegroup_details($members))
);
+
+ //skip ahead if there are no authorized hosts
+ if(array_sum($hostgroup_data[$group]['host_counts'])==0) continue; //skip empty groups
+
foreach ($members as $member) {
+
+ if(!$NagiosUser->is_authorized_for_host($member)) continue; //user-level filtering
+
$host = $ho...
[truncated message content] |