[omd-commits] OMD Git: omd: New hook MULTISITE_AUTHORISATION

Wed Apr 17 15:00:43 CEST 2013

Module:   omd
Branch:   master
Commit:   af978e0dc56b011587e29559ce999963d96c7a1c
URL:      http://omdistro.org/projects/omd/repository/revisions/af978e0dc56b011587e29559ce999963d96c7a1c

Author:   Lars Michelsen <lm at mathias-kettner.de>
Date:     Wed Apr 17 15:00:19 2013 +0200
Commiter: Lars Michelsen <lm at mathias-kettner.de>
Date:     Wed Apr 17 15:00:19 2013 +0200

New hook MULTISITE_AUTHORISATION

Added config hook MULTISITE_AUTHORISATION to control some user
permissions in NagVis and pnp4nagios via multisite permissions

---

 Changelog                                      |    2 +
 packages/check_mk/MULTISITE_AUTHORISATION.hook |   54 ++++++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/Changelog b/Changelog
index e839876..d5d65a5 100644
--- a/Changelog
+++ b/Changelog
@@ -11,6 +11,8 @@ This file documents the revision history for the Open Monitoring Distribution
             - Changed path for check manpages from share/doc/check_mk/checks
               to share/check_mk/checkman to match the local/ path
             - Installing livestatus python API module now
+            - Added config hook MULTISITE_AUTHORISATION to control some user
+              permissions in NagVis and pnp4nagios via multisite permissions
           - NagVis: Update to 1.7.7
           - omd:
             - new option --no-autostart, -A for omd create (set AUTOSTART
diff --git a/packages/check_mk/MULTISITE_AUTHORISATION.hook b/packages/check_mk/MULTISITE_AUTHORISATION.hook
new file mode 100644
index 0000000..a199218
--- /dev/null
+++ b/packages/check_mk/MULTISITE_AUTHORISATION.hook
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Alias: Control permissions in addons with Multisite
+# Menu: Web GUI
+# Description: 
+#  Multisite can be used to manage the permissions of
+#  the users in the addons e.g. if a user can edit NagVis
+#  maps.
+
+case "$1" in
+   default)
+       echo "off"
+   ;;
+   choices)
+       echo "on: control user permissions"
+       echo "off: disable permission control"
+   ;;
+   set)
+       NAGVIS_CFG=${OMD_ROOT}/etc/nagvis/conf.d/authorisation.ini.php
+       PNP_CFG=${OMD_ROOT}/etc/pnp4nagios/config.d/authorisation.php
+       if [ "$2" == "on" ]; then
+          cat > $NAGVIS_CFG <<EOF
+; Created by OMD hook MULTISITE_AUTHORISATION
+; Use the permissions files generated by multisite
+[global]
+authorisationmodule="CoreAuthorisationModMultisite"
+authorisation_multisite_file="$OMD_ROOT/var/check_mk/wato/auth/auth.php"
+EOF
+
+          if [ ! -d $(dirname $PNP_CFG) ]; then
+              mkdir $(dirname $PNP_CFG)
+          fi
+          cat > $PNP_CFG <<EOF
+<?php
+// Created by OMD hook MULTISITE_AUTHORISATION
+// Use the permissions files generated by multisite
+if(file_exists(OMD_SITE_ROOT.'/var/check_mk/wato/auth/auth.php')) {
+    require_once(OMD_SITE_ROOT.'/var/check_mk/wato/auth/auth.php');
+    
+    // Before the first use of multisite the auth.php is empty and does not contain this
+    // function. Do try to execute these functions in this case.
+    if(function_exists('users_with_permission')) {
+        \$conf['allowed_for_all_services'] = implode(',', users_with_permission('general.see_all'));
+        \$conf['allowed_for_all_hosts'] = implode(',', users_with_permission('general.see_all'));
+    }
+}
+?>
+EOF
+       else
+          [ -f $NAGVIS_CFG ] && rm $NAGVIS_CFG
+          [ -f $PNP_CFG ] && rm $PNP_CFG
+       fi
+   ;;
+esac

