enh(conf) migrate acls for pollers page actions (#11662)

* enh(conf) migrate acls for pollers page actions * fix cs * fix typo
centreon · Sep 1, 2022 · d1b9ce4 · d1b9ce4
1 parent e8e9725
commit d1b9ce4
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 1 deletion.
diff --git a/www/install/insertTopology.sql b/www/install/insertTopology.sql
@@ -102,7 +102,7 @@ INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topo
 
 INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (149,'Categories',602,60209,90,1,'./include/configuration/configObject/service_categories/serviceCategories.php',NULL,'0','0','1',NULL,NULL,NULL,'0');
 INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (150,'Pollers',6,609,90,1,NULL,NULL,'0','0','1',NULL,NULL,NULL,'0');
-INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (153,'Pollers',609,60901,10,1,'./include/configuration/configServers/servers.php',NULL,'0','0','1',NULL,NULL,NULL,'0');
+INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (153,'Pollers',609,60901,10,1,'./include/configuration/configServers/servers.php',NULL,'0','0','1',NULL,NULL,NULL,'1');
 INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (154,'Hosts',601,NULL,NULL,1,NULL,NULL,'0','0','1',NULL,NULL,NULL,'1');
 INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (158,'Notifications',6,604,40,1,NULL,NULL,'0','0','1',NULL,NULL,NULL,'1');
 INSERT INTO `topology` (`topology_id`, `topology_name`, `topology_parent`, `topology_page`, `topology_order`, `topology_group`, `topology_url`, `topology_url_opt`, `topology_popup`, `topology_modules`, `topology_show`, `topology_style_class`, `topology_style_id`, `topology_OnClick`, `readonly`) VALUES (159,'Escalations',604,NULL,NULL,1,NULL,NULL,'0','0','1',NULL,NULL,NULL,'1');

diff --git a/www/install/php/Update-22.10.0-beta.1.php b/www/install/php/Update-22.10.0-beta.1.php
@@ -41,6 +41,9 @@
     $errorMessage = "Impossible to add new BBDO streams";
     createBbdoStreamConfigurationForms($pearDB);
 
+    $errorMessage = "Impossible to update pollers ACLs";
+    updatePollerAcls($pearDB);
+
     $pearDB->commit();
 
     if ($pearDB->isColumnExist('remote_servers', 'app_key') === 1) {
@@ -63,6 +66,98 @@
     throw new \Exception($versionOfTheUpgrade . $errorMessage, (int) $e->getCode(), $e);
 }
 
+/**
+ * @param CentreonDB $pearDB
+ * @throws \Exception
+ */
+function updatePollerAcls(CentreonDB $pearDB): void
+{
+    $stmt = $pearDB->query(
+        "SELECT topology_id FROM topology WHERE topology_page = 60901"
+    );
+    $pollersTopologyId = $stmt->fetch();
+    if ($pollersTopologyId === false) {
+        return;
+    }
+    $pollersTopologyId = (int) $pollersTopologyId['topology_id'];
+
+    updatePollerActionsAcls($pearDB, $pollersTopologyId);
+    updatePollerMenusAcls($pearDB, $pollersTopologyId);
+}
+
+/**
+ * @param CentreonDB $pearDB
+ * @param int $topologyId
+ * @throws \Exception
+ */
+function updatePollerMenusAcls(CentreonDB $pearDB, int $topologyId): void
+{
+    $stmt = $pearDB->prepare(
+        "UPDATE acl_topology_relations SET access_right = '1'
+        WHERE access_right = '2' AND topology_topology_id = :topologyId"
+    );
+    $stmt->bindValue(':topologyId', $topologyId, \PDO::PARAM_INT);
+    $stmt->execute();
+
+    $stmt = $pearDB->prepare("UPDATE topology SET readonly = '1' WHERE topology_id = :topologyId");
+    $stmt->bindValue(':topologyId', $topologyId, \PDO::PARAM_INT);
+    $stmt->execute();
+}
+
+/**
+ * @param CentreonDB $pearDB
+ * @param int $topologyId
+ * @throws \Exception
+ */
+function updatePollerActionsAcls(CentreonDB $pearDB, int $topologyId): void
+{
+    // Get ACL action ids linked to pollers page with read/write access
+    $stmt = $pearDB->prepare(
+        "SELECT DISTINCT(gar.acl_action_id) FROM acl_group_actions_relations gar
+        JOIN acl_group_topology_relations gtr ON gar.acl_group_id = gtr.acl_group_id
+        JOIN acl_topology_relations tr ON tr.acl_topo_id = gtr.acl_topology_id
+        WHERE tr.topology_topology_id = :topologyId AND tr.access_right = '1'"
+    );
+    $stmt->bindValue(':topologyId', $topologyId, \PDO::PARAM_INT);
+    $stmt->execute();
+
+    $actionIdsToUpdate = $stmt->fetchAll(\PDO::FETCH_COLUMN, 0);
+    if (empty($actionIdsToUpdate)) {
+        return;
+    }
+
+    // Get ACL action ids linked to pollers page without read/write access
+    $stmt = $pearDB->prepare(
+        "SELECT DISTINCT(gar.acl_action_id) FROM acl_group_actions_relations gar
+        JOIN acl_group_topology_relations gtr ON gar.acl_group_id = gtr.acl_group_id
+        WHERE gtr.acl_topology_id NOT IN (
+            SELECT acl_topo_id FROM acl_topology_relations
+            WHERE topology_topology_id = :topologyId AND access_right = '1'
+        )"
+    );
+    $stmt->bindValue(':topologyId', $topologyId, \PDO::PARAM_INT);
+    $stmt->execute();
+
+    $actionIdsToExclude = $stmt->fetchAll(\PDO::FETCH_COLUMN, 0);
+
+    foreach ($actionIdsToUpdate as $actionId) {
+        /**
+         * Do not update ACL action linked to write AND read only / none pollers page access
+         * so the most restrictive access wins
+         */
+        if (in_array($actionId, $actionIdsToExclude)) {
+            continue;
+        }
+
+        $stmt = $pearDB->prepare(
+            "INSERT INTO acl_actions_rules (acl_action_rule_id, acl_action_name) VALUES
+            (:actionId, 'create_edit_poller_cfg'), (:actionId, 'delete_poller_cfg')"
+        );
+        $stmt->bindValue(':actionId', $actionId);
+        $stmt->execute();
+    }
+}
+
 /**
  * @param CentreonDb $pearDB
  */