packages/check_mk/MULTISITE_AUTHORISATION.hook

   1 #!/bin/bash
   2
   3 # Alias: Control permissions in addons with Multisite
   4 # Menu: Web GUI
   5 # Description:
   6 #  Multisite can be used to manage the permissions of
   7 #  the users in the addons e.g. if a user can edit NagVis
   8 #  maps.
   9
  10 case "$1" in
  11    default)
  12        echo "off"
  13    ;;
  14    choices)
  15        echo "on: control user permissions"
  16        echo "off: disable permission control"
  17    ;;
  18    set)
  19        NAGVIS_CFG=${OMD_ROOT}/etc/nagvis/conf.d/authorisation.ini.php
  20        PNP_CFG=${OMD_ROOT}/etc/pnp4nagios/config.d/authorisation.php
  21        if [ "$2" == "on" ]; then
  22           cat > $NAGVIS_CFG <<EOF
  23 ; Created by OMD hook MULTISITE_AUTHORISATION
  24 ; Use the permissions files generated by multisite
  25 [global]
  26 authorisationmodule="CoreAuthorisationModMultisite"
  27 authorisation_multisite_file="$OMD_ROOT/var/check_mk/wato/auth/auth.php"
  28 EOF
  29
  30           if [ ! -d $(dirname $PNP_CFG) ]; then
  31               mkdir $(dirname $PNP_CFG)
  32           fi
  33           cat > $PNP_CFG <<EOF
  34 <?php
  35 // Created by OMD hook MULTISITE_AUTHORISATION
  36 // Use the permissions files generated by multisite
  37 if(file_exists(OMD_SITE_ROOT.'/var/check_mk/wato/auth/auth.php')) {
  38     require_once(OMD_SITE_ROOT.'/var/check_mk/wato/auth/auth.php');
  39
  40     // Before the first use of multisite the auth.php is empty and does not contain this
  41     // function. Do try to execute these functions in this case.
  42     if(function_exists('users_with_permission')) {
  43         \$conf['allowed_for_all_services'] = implode(',', users_with_permission('general.see_all'));
  44         \$conf['allowed_for_all_hosts'] = implode(',', users_with_permission('general.see_all'));
  45     }
  46 }
  47 ?>
  48 EOF
  49        else
  50           [ -f $NAGVIS_CFG ] && rm $NAGVIS_CFG
  51           [ -f $PNP_CFG ] && rm $PNP_CFG
  52        fi
  53    ;;
  54 esac