[dozmod] Add UI to create preset network rules

13 files changed, 256 insertions, 1 deletions

diff --git a/modules-available/dozmod/lang/de/messages.json b/modules-available/dozmod/lang/de/messages.json
index 4a4be923..805472d0 100644
--- a/modules-available/dozmod/lang/de/messages.json
+++ b/modules-available/dozmod/lang/de/messages.json
@@ -11,6 +11,12 @@
     "ldap-filter-saved": "LDAP Filter wurde erfolgreich gespeichert",
     "ldap-invalid-filter-id": "Ung\u00fcltige LDAP Filter ID",
     "mail-config-saved": "Mail-Konfiguration gespeichert",
+    "networkrule-deleted": "Netzwerk-Regel gel\u00f6scht",
+    "networkrule-invalid-direction": "Ung\u00fcltige Richtung: {{0}}",
+    "networkrule-invalid-ruleid": "Nicht-existierende Regel: {{0}}",
+    "networkrule-missing-host": "Fehlende Hostangabe",
+    "networkrule-missing-port": "Fehlende Portangabe",
+    "networkrule-saved": "Netzwerk-Regel gespeichert",
     "networkshare-deleted": "Netzlaufwerk gel\u00f6scht",
     "networkshare-invalid-auth-type": "Ung\u00fcltiger Authentifizierungs-Typ: {{0}}",
     "networkshare-invalid-shareid": "Nicht-existierender Share: {{0}}",
diff --git a/modules-available/dozmod/lang/de/module.json b/modules-available/dozmod/lang/de/module.json
index 8902852a..ff4519a7 100644
--- a/modules-available/dozmod/lang/de/module.json
+++ b/modules-available/dozmod/lang/de/module.json
@@ -5,6 +5,7 @@
     "submenu_expiredimages": "Abgelaufene VM-Versionen",
     "submenu_ldapfilters": "LDAP-Filter",
     "submenu_mailconfig": "Email-Konfiguration",
+    "submenu_networkrules": "Netzwerk-Regeln",
     "submenu_networkshares": "Netzlaufwerke",
     "submenu_runscripts": "Startskripte",
     "submenu_runtimeconfig": "Limits und Standardwerte",
diff --git a/modules-available/dozmod/lang/de/permissions.json b/modules-available/dozmod/lang/de/permissions.json
index a1675148..6475f7ab 100644
--- a/modules-available/dozmod/lang/de/permissions.json
+++ b/modules-available/dozmod/lang/de/permissions.json
@@ -4,6 +4,8 @@
     "ldapfilters.save": "LDAP Filter speichern.",
     "ldapfilters.view": "LDAP Filter einsehen.",
     "mailconfig.save": "\u00c4nderungen an der SMTP-Konfiguration zum Versenden von Mails speichern.",
+    "networkrules.save": "Netzwerk-Regeln einsehen.",
+    "networkrules.view": "\u00c4nderungen an den Netzwerk-Regeln speichern.",
     "networkshares.save": "Netzlaufwerke einsehen.",
     "networkshares.view": "\u00c4nderungen an den Netzlaufwerken speichern.",
     "runscripts.save": "Startkripte erstellen\/bearbeiten",
diff --git a/modules-available/dozmod/lang/de/template-tags.json b/modules-available/dozmod/lang/de/template-tags.json
index 0a719057..320c7592 100644
--- a/modules-available/dozmod/lang/de/template-tags.json
+++ b/modules-available/dozmod/lang/de/template-tags.json
@@ -1,6 +1,7 @@
 {
     "lang_actionTarget": "Aktionsziel",
     "lang_active": "Aktiv",
+    "lang_addRule": "Netzwerk-Regel hinzuf\u00fcgen",
     "lang_addShare": "Netzlaufwerk hinzuf\u00fcgen",
     "lang_allowLoginByDefault": "Login standardm\u00e4\u00dfig erlauben",
     "lang_allowLoginDescription": "Wenn diese Option aktiviert ist, k\u00f6nnen sich alle Mitarbeiter der Einrichtung \u00fcber die bwLehrpool-Suite anmelden und VMs\/Veranstaltungen verwalten. Wenn Sie diese Option deaktivieren, m\u00fcssen Sie in der Untersektion \"Benutzer und Berechtigungen\" jeden Benutzer nach dem ersten Loginversuch manuell freischalten.",
@@ -23,7 +24,9 @@
     "lang_descriptionPermissionConfig": "Dies sind die Berechtigungen, die ein Benutzer standardm\u00e4\u00dfig f\u00fcr fremde VMs\/Veranstaltungen hat. Sie werden angewandt, wenn der Besitzer keine anderweitigen Berechtigungen w\u00e4hlt.",
     "lang_descriptionRuntimeLimits": "Hier k\u00f6nnen Sie verschiedene Limits festlegen, z.B. wie lange eine VM nach dem Hochladen g\u00fcltig ist. Nach Ablauf dieses Zeitraums ist der Verantwortliche gezwungen, eine neue Version der VM hochzuladen. Damit k\u00f6nnen Sie das Ansammeln nicht mehr ben\u00f6tigter VMs eind\u00e4mmen. Weiterhin k\u00f6nnen Sie die maximale Anzahl gleichzeitiger Transfers pro Benutzer einschr\u00e4nken.\r\n\r\nVer\u00e4nderte Einstellungen wirken sich nicht auf bereits bestehende VMs aus.",
     "lang_description_delete_images": "Diese Liste zeigt VMs, die entweder abgelaufen sind, oder deren Datei besch\u00e4digt, verschoben oder gel\u00f6scht wurde. Diese Images sind zur Zeit im Lehrpool nicht verf\u00fcgbar, ihre endg\u00fcltige L\u00f6schung muss aber manuell best\u00e4tigt werden, um gr\u00f6\u00dfere Katastrophen durch Softwarefehler, verstellte Systemuhren etc. zu vermeiden.",
+    "lang_direction": "Richtung",
     "lang_dozmodLogHeading": "bwLehrpool-Suite Aktionslog",
+    "lang_editNetworkrule": "Netzwerk-Regel bearbeiten",
     "lang_editNetworkshare": "Netzlaufwerk bearbeiten",
     "lang_editScript": "Startscript bearbeiten",
     "lang_email": "EMail",
@@ -66,6 +69,7 @@
     "lang_miscOptions": "Verschiedene Einstellungen",
     "lang_modified": "Modifiziert",
     "lang_name": "Name",
+    "lang_networkrules": "Netzwerk-Regeln",
     "lang_networkshares": "Netzlaufwerke",
     "lang_networksharesIntro": "Hier k\u00f6nnen Sie vordefinierte Netzlaufwerke anlegen, die den Nutzern der bwLehrpool-Suite zur Auswahl gestellt werden. Es ist den Nutzern der bwLehrpool-Suite weiterhin m\u00f6glich, komplett eigene Netzwerkfreigaben zu definieren. Die Angaben hier sollen lediglich das Hinzuf\u00fcgen h\u00e4ufig genutzter Laufwerke vereinfachen, bzw. das \u00c4ndern eines Netzwerkpfades vereinfachen, da in diesem Fall nur der Zentrale Eintrag hier angepasst werden muss, und nicht mehr wie zuvor jede Veranstaltung einzeln.",
     "lang_none": "(Keiner)",
diff --git a/modules-available/dozmod/lang/en/messages.json b/modules-available/dozmod/lang/en/messages.json
index d09ff279..6d8296ec 100644
--- a/modules-available/dozmod/lang/en/messages.json
+++ b/modules-available/dozmod/lang/en/messages.json
@@ -11,6 +11,12 @@
     "ldap-filter-saved": "Successfully modified LDAP filter",
     "ldap-invalid-filter-id": "Invalid LDAP filter id",
     "mail-config-saved": "Mail config saved",
+    "networkrule-deleted": "Network rule deleted",
+    "networkrule-invalid-direction": "Invalid direction: {{0}}",
+    "networkrule-invalid-ruleid": "Invalid rule id: {{0}}",
+    "networkrule-missing-host": "Missing host",
+    "networkrule-missing-port": "Missing port",
+    "networkrule-saved": "Network rule saved",
     "networkshare-deleted": "Network share deleted",
     "networkshare-invalid-auth-type": "Invalid auth type: {{0}}",
     "networkshare-invalid-shareid": "Invalid share id: {{0}}",
diff --git a/modules-available/dozmod/lang/en/module.json b/modules-available/dozmod/lang/en/module.json
index 4e3969ff..8967493d 100644
--- a/modules-available/dozmod/lang/en/module.json
+++ b/modules-available/dozmod/lang/en/module.json
@@ -5,6 +5,7 @@
     "submenu_expiredimages": "Expired VM versions",
     "submenu_ldapfilters": "LDAP filters",
     "submenu_mailconfig": "email configuration",
+    "submenu_networkrules": "Network Rules",
     "submenu_networkshares": "Network Shares",
     "submenu_runtimeconfig": "limits and defaults",
     "submenu_templates": "templates",
diff --git a/modules-available/dozmod/lang/en/permissions.json b/modules-available/dozmod/lang/en/permissions.json
index d45e5207..dec3171a 100644
--- a/modules-available/dozmod/lang/en/permissions.json
+++ b/modules-available/dozmod/lang/en/permissions.json
@@ -4,6 +4,8 @@
     "ldapfilters.save": "Save LDAP filter.",
     "ldapfilters.view": "View LDAP filters. ",
     "mailconfig.save": "Save SMTP configuration for sending mails.",
+    "networkrules.save": "View network rules.",
+    "networkrules.view": "Save network rules.",
     "networkshares.save": "View network drives.",
     "networkshares.view": "Save network drives.",
     "runtimeconfig.save": "Save limits and defaults of a runtime configuration.",
diff --git a/modules-available/dozmod/lang/en/template-tags.json b/modules-available/dozmod/lang/en/template-tags.json
index ddc89284..3f2ae1fc 100644
--- a/modules-available/dozmod/lang/en/template-tags.json
+++ b/modules-available/dozmod/lang/en/template-tags.json
@@ -1,6 +1,7 @@
 {
     "lang_actionTarget": "Action target",
     "lang_active": "Active",
+    "lang_addRule": "Add Network Rule",
     "lang_addShare": "Add Network Share",
     "lang_allowLoginByDefault": "Allow all staff members to login and use the bwLehrpool-Suite",
     "lang_allowLoginDescription": "If this option is enabled, all members of the organization marked as staff or employee are allowed to login to this server and manage VMs\/courses. Otherwise, new users need to be individually allowed access after their first login attempt by visiting the sub page \"users and permissions\" in this web interface.",
@@ -23,7 +24,9 @@
     "lang_descriptionPermissionConfig": "These are the default permissions being used for VMs and lectures if the owner does not specify any.",
     "lang_descriptionRuntimeLimits": "Here you can define some limits, e.g. how long a newly uploaded VM will be valid. This should make sure that you don't end up with a lot of old, unused VMs over time.\r\n\r\nModified settings won't apply for already existing VMs.",
     "lang_description_delete_images": "This is a list of VMs that either expired, or where the disk image is damaged or missing. These VMs are not available in bwLehrpool currently, but you have to manually confirm the deletion of the disk images for safety reasons (clock skew etc.)",
+    "lang_direction": "Direction",
     "lang_dozmodLogHeading": "bwLehrpool-Suite action log",
+    "lang_editNetworkrule": "Edit Network Rule",
     "lang_editNetworkshare": "Edit Network Share",
     "lang_email": "E-Mail",
     "lang_emailNotifications": "E-Mail notifications enabled",
@@ -63,6 +66,7 @@
     "lang_miscOptions": "Misc options",
     "lang_modified": "modified",
     "lang_name": "Name",
+    "lang_networkrules": "Network Rules",
     "lang_networkshares": "Network Shares",
     "lang_networksharesIntro": "This is the list of predefined network shares. bwLehrpool-Suite users can still add custom network shares to their lectures, however having commonly used network shares as predefined entries should be much more convenient. Another advantage is that changing the path of a network share centrally avoids having to edit a dozen lectures' configuration manually.",
     "lang_none": "(none)",
diff --git a/modules-available/dozmod/page.inc.php b/modules-available/dozmod/page.inc.php
index 776109cf..b772890f 100644
--- a/modules-available/dozmod/page.inc.php
+++ b/modules-available/dozmod/page.inc.php
@@ -5,7 +5,7 @@ class Page_DozMod extends Page
 	/** @var bool true if we have a proper subpage */
 	private $haveSubPage = false;
 
-	private $validSections = ['expiredimages', 'mailconfig', 'templates', 'runtimeconfig', 'users', 'actionlog', 'networkshares', 'ldapfilters', 'runscripts'];
+	private $validSections = ['expiredimages', 'mailconfig', 'templates', 'runtimeconfig', 'users', 'actionlog', 'networkshares', 'ldapfilters', 'runscripts', 'networkrules'];
 
 	private $section;
 
diff --git a/modules-available/dozmod/pages/networkrules.inc.php b/modules-available/dozmod/pages/networkrules.inc.php
new file mode 100644
index 00000000..6011e3ff
--- /dev/null
+++ b/modules-available/dozmod/pages/networkrules.inc.php
@@ -0,0 +1,98 @@
+<?php
+
+class SubPage
+{
+
+	public static function doPreprocess()
+	{
+		$action = Request::post('action', '', 'string');
+
+		if ($action === 'delete') {
+			User::assertPermission('networkrules.save');
+			$ruleid = Request::post('ruleid', false, 'int');
+			if ($ruleid !== false) {
+				$res = Database::exec('DELETE FROM sat.presetnetworkrules WHERE ruleid = :ruleid', ['ruleid' => $ruleid]);
+				if ($res !== false) {
+					Message::addSuccess('networkrule-deleted');
+				}
+			}
+		} else if ($action === 'save') {
+			User::assertPermission('networkrules.save');
+			$ruleid = Request::post('ruleid', 0, 'int');
+			$rulename = Request::post('rulename', '', 'string');
+			$host = Request::post('host', '', 'string');
+			$port = Request::post('port', '', 'string');
+			$direction = Request::post('direction', '', 'string');
+
+			if (!in_array($direction, ['IN', 'OUT'], true)) {
+				Message::addError('networkrule-invalid-direction', $direction);
+			} elseif (empty($host)) {
+				Message::addError('networkrule-missing-host');
+			} elseif (empty($port)) {
+				Message::addError('networkrule-missing-port');
+			} else {
+				$data = json_encode([
+					'host' => $host,
+					'port' => $port,
+					'direction' => $direction
+				]);
+				if ($ruleid !== 0) {
+					Database::exec('UPDATE sat.presetnetworkrules SET rulename = :rulename, ruledata = :data'
+						.' WHERE ruleid = :ruleid', compact('ruleid', 'rulename', 'data'));
+				} else {
+					Database::exec('INSERT INTO sat.presetnetworkrules (rulename, ruledata)'
+						.' VALUES (:rulename, :data)', compact('rulename', 'data'));
+				}
+				Message::addSuccess('networkrule-saved');
+			}
+		}
+		if (Request::isPost()) {
+			Util::redirect('?do=dozmod&section=networkrules');
+		}
+		User::assertPermission('networkrules.view');
+	}
+
+	public static function doRender()
+	{
+		$show = Request::get('show', 'list', 'string');
+		if ($show === 'list') {
+			$res = Database::simpleQuery('SELECT ruleid, rulename, ruledata
+					FROM sat.presetnetworkrules ORDER BY rulename ASC');
+			$rows = array();
+			while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+				$dec = json_decode($row['ruledata'], true);
+				if (!is_array($dec)) {
+					$dec = [];
+				}
+				$rows[] = $row + $dec;
+			}
+			Render::addTemplate('networkrules', [
+				'networkrules' => $rows,
+				'hasEditPermissions' => User::hasPermission('networkrules.save')
+			]);
+		} else if ($show === 'edit') {
+			$ruleid = Request::get('ruleid', 0, 'int');
+			if ($ruleid === 0) {
+				$data = [];
+			} else {
+				$data = Database::queryFirst('SELECT ruleid, rulename, ruledata
+						FROM sat.presetnetworkrules WHERE ruleid = :ruleid', ['ruleid' => $ruleid]);
+				if ($data === false) {
+					Message::addError('networkrule-invalid-ruleid', $ruleid);
+					Util::redirect('?do=dozmod&section=networkrules');
+				}
+				$dec = json_decode($data['ruledata'], true);
+				if (is_array($dec)) {
+					$data += $dec;
+				}
+				if ($data['direction'] === 'IN') {
+					$data['inSelected'] = 'selected';
+				} else {
+					$data['outSelected'] = 'selected';
+				}
+			}
+			Render::addTemplate('networkrules-edit', $data);
+		}
+	}
+
+}
diff --git a/modules-available/dozmod/permissions/permissions.json b/modules-available/dozmod/permissions/permissions.json
index 3f9cd604..c8958089 100644
--- a/modules-available/dozmod/permissions/permissions.json
+++ b/modules-available/dozmod/permissions/permissions.json
@@ -14,6 +14,12 @@
     "mailconfig.save": {
         "location-aware": false
     },
+    "networkrules.view": {
+        "location-aware": false
+    },
+    "networkrules.save": {
+        "location-aware": false
+    },
     "networkshares.view": {
         "location-aware": false
     },
diff --git a/modules-available/dozmod/templates/networkrules-edit.html b/modules-available/dozmod/templates/networkrules-edit.html
new file mode 100644
index 00000000..c04e2825
--- /dev/null
+++ b/modules-available/dozmod/templates/networkrules-edit.html
@@ -0,0 +1,43 @@
+<h1>{{lang_networkrules}}</h1>
+
+<div class="panel panel-default">
+	<div class="panel-heading">
+		{{lang_editNetworkrule}}
+	</div>
+	<div class="panel-body">
+		<form method="post" action="?do=dozmod">
+			<input type="hidden" name="token" value="{{token}}">
+			<input type="hidden" name="section" value="networkrules">
+			<input type="hidden" name="ruleid" value="{{ruleid}}">
+
+			<div class="input-group">
+				<label class="input-group-addon" for="rulename">{{lang_name}}</label>
+				<input required type="text" name="rulename" id="rulename" class="form-control" value="{{rulename}}">
+			</div>
+			<div class="input-group">
+				<label class="input-group-addon" for="host">{{lang_host}}</label>
+				<input required type="text" name="host" id="host" class="form-control" value="{{host}}">
+			</div>
+			<div class="input-group">
+				<label class="input-group-addon" for="port">{{lang_port}}</label>
+				<input required type="number" name="port" id="port" class="form-control" value="{{port}}">
+			</div>
+			<div class="input-group">
+				<label class="input-group-addon" for="direction">{{lang_direction}}</label>
+				<select class="form-control" name="direction" id="direction">
+					<option {{inSelected}} value="IN">IN</option>
+					<option {{outSelected}} value="OUT">OUT</option>
+				</select>
+			</div>
+			<div class="text-right" style="margin-top: 20px">
+				<a href="?do=dozmod&amp;section=networkrules" class="btn btn-default">
+					{{lang_cancel}}
+				</a>
+				<button type="submit" class="btn btn-primary" name="action" value="save">
+					<span class="glyphicon glyphicon-floppy-disk"></span>
+					{{lang_save}}
+				</button>
+			</div>
+		</form>
+	</div>
+</div>
\ No newline at end of file
diff --git a/modules-available/dozmod/templates/networkrules.html b/modules-available/dozmod/templates/networkrules.html
new file mode 100644
index 00000000..4344ff4f
--- /dev/null
+++ b/modules-available/dozmod/templates/networkrules.html
@@ -0,0 +1,82 @@
+<h1>{{lang_networkrules}}</h1>
+
+<p>
+	{{lang_networkrulesIntro}}
+</p>
+
+<table class="table">
+	<thead>
+		<tr>
+			<th>{{lang_name}}</th>
+			<th>{{lang_host}}</th>
+			<th>{{lang_port}}</th>
+			<th>{{lang_direction}}</th>
+			{{#hasEditPermissions}}
+			<th class="slx-smallcol">{{lang_edit}}</th>
+			<th class="slx-smallcol">{{lang_delete}}</th>
+			{{/hasEditPermissions}}
+		</tr>
+	</thead>
+	<tbody>
+	{{#networkrules}}
+		<tr>
+			<td>{{rulename}}</td>
+			<td>{{host}}</td>
+			<td>{{port}}</td>
+			<td>{{direction}}</td>
+			{{#hasEditPermissions}}
+			<td align="center">
+				<a href="?do=dozmod&amp;section=networkrules&amp;show=edit&amp;ruleid={{ruleid}}" class="btn btn-xs btn-primary">
+					<span class="glyphicon glyphicon-edit"></span>
+				</a>
+			</td>
+			<td align="center">
+				<button type="button" class="btn btn-xs btn-danger" data-toggle="modal" data-target="#deleteModal" onclick="deleteRule('{{ruleid}}')">
+					<span class="glyphicon glyphicon-trash"></span>
+				</button>
+			</td>
+			{{/hasEditPermissions}}
+		</tr>
+	{{/networkrules}}
+	</tbody>
+</table>
+{{#hasEditPermissions}}
+<div class="text-right">
+	<a href="?do=dozmod&amp;section=networkrules&amp;show=edit" class="btn btn-success">
+		<span class="glyphicon glyphicon-plus"></span>
+		{{lang_addRule}}
+	</a>
+</div>
+{{/hasEditPermissions}}
+
+<!-- Modals -->
+<form method="post" action="?do=dozmod">
+	<input type="hidden" name="token" value="{{token}}">
+	<input type="hidden" name="section" value="networkrules">
+	<div class ="modal fade" id="deleteModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
+		<div class="modal-dialog" role="document">
+			<div class="modal-content">
+				<div class="modal-header">
+					<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+					<h4 class="modal-title" id="myModalLabel">{{lang_delete}}</h4>
+				</div>
+				<div class="modal-body">
+					<p>{{lang_ruleDeleteConfirm}}</p>
+				</div>
+				<div class="modal-footer">
+					<input type="hidden" id="delete-rule-id" name="ruleid" value="">
+					<button type="button" class="btn btn-default" data-dismiss="modal">{{lang_cancel}}</button>
+					<button type="submit" name="action" value="delete" class="btn btn-danger"><span class="glyphicon glyphicon-trash"></span> {{lang_delete}}</button>
+				</div>
+			</div>
+		</div>
+	</div>
+</form>
+
+<script type="text/javascript">
+
+	function deleteRule(ruleid) {
+		$("#delete-rule-id").val(ruleid);
+	}
+
+</script>
\ No newline at end of file