From e92f67936eaae163aa2ac207384bddf8f483d85c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 26 Feb 2018 10:32:56 +0100 Subject: [dnbd3] Add permissions --- .../dnbd3/templates/page-serverlist.html | 30 ++++++++++++++-------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'modules-available/dnbd3/templates/page-serverlist.html') diff --git a/modules-available/dnbd3/templates/page-serverlist.html b/modules-available/dnbd3/templates/page-serverlist.html index c5905dcd..118da8d2 100644 --- a/modules-available/dnbd3/templates/page-serverlist.html +++ b/modules-available/dnbd3/templates/page-serverlist.html @@ -15,14 +15,14 @@
- +
- +
- @@ -36,7 +36,9 @@

{{lang_serverList}} - +

@@ -78,14 +80,18 @@ {{#machineuuid}} - + {{/machineuuid}} + {{^perms.view.details.disabled}} + {{/perms.view.details.disabled}} {{fixedip}} {{clientip}} + {{^perms.view.details.disabled}} + {{/perms.view.details.disabled}}
{{hostname}}
@@ -123,7 +129,7 @@ {{#locations}} {{locations}} {{/locations}} - + {{/self}} @@ -132,17 +138,19 @@ {{#machineuuid}} {{#rebootcontrol}} {{/rebootcontrol}} {{/machineuuid}} {{^self}} - @@ -156,7 +164,7 @@
- @@ -165,7 +173,7 @@
- + {{lang_managedServerAdd}} -- cgit v1.2.3-55-g7522 From bf1c0558f7afb4a6bf1716d533b901f51f60fa4d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 27 Feb 2018 14:35:01 +0100 Subject: [dnbd3] Implement permissions --- modules-available/dnbd3/hooks/runmode/config.json | 3 +- modules-available/dnbd3/page.inc.php | 78 +++++++++++++++------- .../dnbd3/permissions/permissions.json | 2 +- .../dnbd3/templates/page-serverlist.html | 9 +-- 4 files changed, 61 insertions(+), 31 deletions(-) (limited to 'modules-available/dnbd3/templates/page-serverlist.html') diff --git a/modules-available/dnbd3/hooks/runmode/config.json b/modules-available/dnbd3/hooks/runmode/config.json index a3f6d01f..683e0280 100644 --- a/modules-available/dnbd3/hooks/runmode/config.json +++ b/modules-available/dnbd3/hooks/runmode/config.json @@ -4,5 +4,6 @@ "noSysconfig": true, "systemdDefaultTarget": "dnbd3-proxy", "allowGenericEditor": true, - "deleteUrlSnippet": "dummyparam=" + "deleteUrlSnippet": "dummyparam=", + "permission": ".dnbd3.configure.proxy" } \ No newline at end of file diff --git a/modules-available/dnbd3/page.inc.php b/modules-available/dnbd3/page.inc.php index d27afe01..afcb9b2c 100644 --- a/modules-available/dnbd3/page.inc.php +++ b/modules-available/dnbd3/page.inc.php @@ -39,7 +39,7 @@ class Page_Dnbd3 extends Page Message::addError('not-automatic-server', $server['ip']); return; } - User::assertPermission('configure.proxy'); + $this->assertPermission($server); $bgr = Request::post('bgr', false, 'bool'); $firewall = Request::post('firewall', false, 'bool'); $overrideIp = false; @@ -87,11 +87,7 @@ class Page_Dnbd3 extends Page private function saveServerLocations() { $server = $this->getServerById(); - if (isset($server['machineuuid'])) { - User::assertPermission('configure.proxy'); - } else { - User::assertPermission('configure.external'); - } + $this->assertPermission($server); $locids = Request::post('location', [], 'array'); if (empty($locids)) { Database::exec('DELETE FROM dnbd3_server_x_location WHERE serverid = :serverid', @@ -136,13 +132,11 @@ class Page_Dnbd3 extends Page private function deleteServer() { $server = $this->getServerById(); + $this->assertPermission($server); if ($server['fixedip'] === '') return; if (!is_null($server['machineuuid'])) { - User::assertPermission('configure.proxy'); RunMode::setRunMode($server['machineuuid'], 'dnbd3', null, null, null); - } else { - User::assertPermission('configure.external'); } Database::exec('DELETE FROM dnbd3_server WHERE serverid = :serverid', array('serverid' => $server['serverid'])); @@ -172,7 +166,7 @@ class Page_Dnbd3 extends Page User::assertPermission('view.list'); $dynClients = RunMode::getForMode(Page::getModule(), 'proxy', true, true); $res = Database::simpleQuery('SELECT s.serverid, s.machineuuid, s.fixedip, s.lastseen AS dnbd3lastseen, - s.uptime, s.totalup, s.totaldown, s.clientcount, s.disktotal, s.diskfree, Count(sxl.locationid) AS locations, + s.uptime, s.totalup, s.totaldown, s.clientcount, s.disktotal, s.diskfree, GROUP_CONCAT(sxl.locationid) AS locations, s.errormsg FROM dnbd3_server s LEFT JOIN dnbd3_server_x_location sxl USING (serverid) @@ -180,10 +174,22 @@ class Page_Dnbd3 extends Page $servers = array(); $sort = array(); $NOW = time(); - $permExt = User::hasPermission('configure.external'); - $permRunmode = User::hasPermission('configure.proxy'); + $externalAllowed = User::hasPermission('configure.external'); + $locsRunmode = User::getAllowedLocations('configure.proxy'); while ($server = $res->fetch(PDO::FETCH_ASSOC)) { - if (isset($dynClients[$server['machineuuid']])) { + if (!is_null($server['machineuuid'])) { + // Auto proxy + if (!isset($dynClients[$server['machineuuid']])) { + // Not in runmode dnbd3!? + if ($NOW - $server['dnbd3lastseen'] > 660) { + // Also seems to be down - delete + Database::exec('DELETE FROM dnbd3_server WHERE serverid = :serverid', + array('serverid' => $server['serverid'])); + continue; + } + // Not in runmode but (still?) up -- show + $server += ['locationid' => null, 'hostname' => '']; + } $server += $dynClients[$server['machineuuid']]; unset($dynClients[$server['machineuuid']]); } @@ -211,21 +217,35 @@ class Page_Dnbd3 extends Page $server['slxOk'] = true; } } + if (is_null($server['locations'])) { + $server['locations'] = 0; + } else { + $locations = explode(',', $server['locations']); + $server['locations'] = count($locations); + } + // Permission to edit + if (is_null($server['machineuuid'])) { + if (!$externalAllowed) { + $server['edit_disabled'] = 'disabled'; + } + } else { + if (!array_key_exists('locationid', $server) || !in_array($server['locationid'], $locsRunmode)) { + $server['edit_disabled'] = 'disabled'; + } + } + // Array for sorting if ($server['self']) { $sort[] = '---'; } else { $sort[] = $server['fixedip'] . '.' . $server['machineuuid']; } - // Permission to edit - if (!($permExt && is_null($server['machineuuid'])) && !($permRunmode && !is_null($server['machineuuid']))) { - $server['edit_disabled'] = 'disabled'; - } $servers[] = $server; } foreach ($dynClients as $server) { + $server['edit_disabled'] = 'disabled'; $servers[] = $server; $sort[] = '-' . $server['machineuuid']; - Database::exec('INSERT INTO dnbd3_server (machineuuid) VALUES (:uuid)', array('uuid' => $server['machineuuid'])); + Database::exec('INSERT IGNORE INTO dnbd3_server (machineuuid) VALUES (:uuid)', array('uuid' => $server['machineuuid'])); } array_multisort($sort, SORT_ASC, $servers); $data = array( @@ -316,11 +336,7 @@ class Page_Dnbd3 extends Page private function showServerLocationEdit() { $server = $this->getServerById(); - if (isset($server['machineuuid'])) { - User::assertPermission('configure.proxy'); - } else { - User::assertPermission('configure.external'); - } + $this->assertPermission($server); // Get selected ones $res = Database::simpleQuery('SELECT locationid FROM dnbd3_server_x_location WHERE serverid = :serverid', array('serverid' => $server['serverid'])); @@ -356,14 +372,14 @@ class Page_Dnbd3 extends Page Message::addError('main.parameter-missing', 'server'); Util::redirect('?do=dnbd3'); } - $server = Database::queryFirst('SELECT s.serverid, s.machineuuid, s.fixedip, m.clientip, m.hostname + $server = Database::queryFirst('SELECT s.serverid, s.machineuuid, s.fixedip, m.clientip, m.hostname, m.locationid FROM dnbd3_server s LEFT JOIN machine m USING (machineuuid) WHERE s.serverid = :serverId', compact('serverId')); if ($server === false) { if (AJAX) die('Invalid server id'); - Message::addError('server-non-existent', 'server'); + Message::addError('server-non-existent', $serverId); Util::redirect('?do=dnbd3'); } if (!is_null($server['fixedip'])) { @@ -376,6 +392,15 @@ class Page_Dnbd3 extends Page return $server; } + private function assertPermission($server) + { + if (isset($server['machineuuid'])) { + User::assertPermission('configure.proxy', $server['locationid'], '?do=dnbd3'); + } else { + User::assertPermission('configure.external', null, '?do=dnbd3'); + } + } + /* * AJAX */ @@ -399,6 +424,7 @@ class Page_Dnbd3 extends Page private function ajaxServerTest() { + User::assertPermission('configure.external'); Header('Content-Type: application/json; charset=utf-8'); $ip = Request::post('ip', false, 'string'); if ($ip === false) @@ -435,6 +461,7 @@ class Page_Dnbd3 extends Page echo 'Not automatic server.'; return; } + $this->assertPermission($server); $rm = RunMode::getForMode(Page::getModule(), 'proxy', false, true); if (!isset($rm[$server['machineuuid']])) { echo 'Error: RunMode entry missing.'; @@ -451,6 +478,7 @@ class Page_Dnbd3 extends Page if (!isset($server['machineuuid'])) { die('Not automatic server.'); } + $this->assertPermission($server); if (!Module::isAvailable('rebootcontrol')) { die('No rebootcontrol'); } diff --git a/modules-available/dnbd3/permissions/permissions.json b/modules-available/dnbd3/permissions/permissions.json index 5e16b290..1939e32a 100644 --- a/modules-available/dnbd3/permissions/permissions.json +++ b/modules-available/dnbd3/permissions/permissions.json @@ -12,7 +12,7 @@ "location-aware": false }, "configure.proxy": { - "location-aware": false + "location-aware": true }, "configure.external": { "location-aware": false diff --git a/modules-available/dnbd3/templates/page-serverlist.html b/modules-available/dnbd3/templates/page-serverlist.html index 118da8d2..a51e9723 100644 --- a/modules-available/dnbd3/templates/page-serverlist.html +++ b/modules-available/dnbd3/templates/page-serverlist.html @@ -36,8 +36,9 @@

{{lang_serverList}} -

@@ -139,18 +140,18 @@ {{#rebootcontrol}} {{/rebootcontrol}} {{/machineuuid}} {{^self}} - -- cgit v1.2.3-55-g7522 From aeb96b5b7019b2f0bc40ed699dc2877a8729a06b Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 29 Mar 2018 10:47:58 +0200 Subject: [dnbd3] Fix dnbd3 reboot status feedback Closes #3276 --- modules-available/dnbd3/page.inc.php | 37 +++++++++++++++------- .../dnbd3/templates/page-serverlist.html | 24 ++++++++++---- 2 files changed, 43 insertions(+), 18 deletions(-) (limited to 'modules-available/dnbd3/templates/page-serverlist.html') diff --git a/modules-available/dnbd3/page.inc.php b/modules-available/dnbd3/page.inc.php index 6e4f8885..f30abfe1 100644 --- a/modules-available/dnbd3/page.inc.php +++ b/modules-available/dnbd3/page.inc.php @@ -490,24 +490,37 @@ class Page_Dnbd3 extends Page if (!isset($server['machineuuid'])) { die('Not automatic server.'); } - $this->assertPermission($server); - if (!Module::isAvailable('rebootcontrol')) { - die('No rebootcontrol'); - } $uuid = $server['machineuuid']; - $task = RebootControl::reboot([ $uuid ]); + $task = Request::any('taskid', false, 'string'); if ($task === false) { - die('Taskmanager unreachable'); + $this->assertPermission($server); + if (!Module::isAvailable('rebootcontrol')) { + die('No rebootcontrol'); + } + $task = RebootControl::reboot([$uuid]); + if ($task === false) { + die('Taskmanager unreachable'); + } } - $task = Taskmanager::waitComplete($task, 2000); - if (is_array($task) && isset($task['data']) && isset($task['data']['clientStatus']) && isset($task['data']['clientStatus'][$uuid])) { - $status = $task['data']['clientStatus'][$uuid]; + $task = Taskmanager::waitComplete($task, 1000); + if (is_array($task) && isset($task['data']['clientStatus'][$uuid])) { + $status = [ + 'rebootStatus' => $task['data']['clientStatus'][$uuid], + 'taskStatus' => $task['statusCode'], + 'taskId' => $task['id'], + ]; if (!empty($task['data']['error'])) { - $status .= "\n --- \n" . $task['data']['error']; + $status['error'] = $task['data']['error']; } - die($status); + } else { + $status = [ + 'rebootStatus' => 'FAILURE', + 'taskStatus' => 'FAILURE', + 'taskId' => $task['id'], + ]; } - die('Unknown :-('); + Header('Content-Type: application/json; charset=utf-8'); + die(json_encode($status)); } } diff --git a/modules-available/dnbd3/templates/page-serverlist.html b/modules-available/dnbd3/templates/page-serverlist.html index a51e9723..65e4d6ea 100644 --- a/modules-available/dnbd3/templates/page-serverlist.html +++ b/modules-available/dnbd3/templates/page-serverlist.html @@ -389,20 +389,32 @@ document.addEventListener('DOMContentLoaded', function () { } $t.html(''); var sid = rebootServerId; + var taskId = false; + var lastText; var query = function() { + data = {"token": TOKEN, "action": "reboot", "server": sid}; + if (taskId !== false) data['taskid'] = taskId; $.ajax({ - "data": {"token": TOKEN, "action": "reboot", "server": sid}, + "data": data, "method": "POST", - "dataType": "text", + "dataType": "json", "url": "?do=dnbd3" }).done(function (data) { - $t.text(data); - if (data.indexOf('REBOOTING') !== -1 || data.indexOf('CONNECTING') !== -1) { + if (!data || !data.taskId) return; + if (taskId === false) taskId = data.taskId; + if (data.error) data.rebootStatus += ' (' + data.error + ')'; + if (data.rebootStatus !== lastText) { + $t.empty().text(data.rebootStatus); + } + if (data.taskStatus === 'TASK_PROCESSING' || data.taskStatus === 'TASK_WAITING') { setTimeout(query, 5000); - $t.append($('')); + if (data.rebootStatus !== lastText) { + $t.append($('')); + } } + lastText = data.rebootStatus; }).fail(function () { - $.text('Failed'); + $t.text('Failed'); }); }; query(); -- cgit v1.2.3-55-g7522