From a8b0095b335780ae0bb950bc44021215d43a6b2d Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 12 Feb 2018 14:17:07 +0100 Subject: [permissionmanager] Introduce "location-aware" flag for permissions This flag tells wether the permission can be restricted to certain locations in a meaningful way. This flag has to be set in the permissions.json of the according module. For example, the permission to reboot the server cannot be limited to certain locations in a meaningful way, while the view of the client log can be filtered to only show log entries for clients in specific locations. --- .../serversetup-bwlp/permissions/permissions.json | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'modules-available/serversetup-bwlp') diff --git a/modules-available/serversetup-bwlp/permissions/permissions.json b/modules-available/serversetup-bwlp/permissions/permissions.json index 2166cf8e..6bae5422 100644 --- a/modules-available/serversetup-bwlp/permissions/permissions.json +++ b/modules-available/serversetup-bwlp/permissions/permissions.json @@ -1,5 +1,11 @@ -[ - "edit.address", - "edit.menu", - "download" -] \ No newline at end of file +{ + "download": { + "location-aware": false + }, + "edit.address": { + "location-aware": false + }, + "edit.menu": { + "location-aware": false + } +} \ No newline at end of file -- cgit v1.2.3-55-g7522 From 77d5885827f123745a0d304019bb6bd0952b45cd Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 15 Feb 2018 15:06:40 +0100 Subject: [serversetup-bwlp] Make use of new permission helpers --- modules-available/serversetup-bwlp/page.inc.php | 18 +++++++++++++----- modules-available/serversetup-bwlp/style.css | 12 ------------ .../serversetup-bwlp/templates/ipaddress.html | 7 +++++-- modules-available/serversetup-bwlp/templates/ipxe.html | 18 +++++++++--------- 4 files changed, 27 insertions(+), 28 deletions(-) delete mode 100644 modules-available/serversetup-bwlp/style.css (limited to 'modules-available/serversetup-bwlp') diff --git a/modules-available/serversetup-bwlp/page.inc.php b/modules-available/serversetup-bwlp/page.inc.php index 16d3f8e2..ae709da7 100644 --- a/modules-available/serversetup-bwlp/page.inc.php +++ b/modules-available/serversetup-bwlp/page.inc.php @@ -17,7 +17,8 @@ class Page_ServerSetup extends Page Util::redirect('?do=Main'); } - if (Request::any('action') === 'getimage' && User::hasPermission("download")) { + if (Request::any('action') === 'getimage') { + User::assertPermission("download"); $this->handleGetImage(); } @@ -30,13 +31,15 @@ class Page_ServerSetup extends Page $this->getLocalAddresses(); } - if ($action === 'ip' && User::hasPermission("edit.address")) { + if ($action === 'ip') { + User::assertPermission("edit.address"); // New address is to be set $this->getLocalAddresses(); $this->updateLocalAddress(); } - if ($action === 'ipxe' && User::hasPermission("edit.menu")) { + if ($action === 'ipxe') { + User::assertPermission("edit.menu"); // iPXE stuff changes $this->updatePxeMenu(); } @@ -50,12 +53,18 @@ class Page_ServerSetup extends Page Render::addTemplate('ipxe_update', array('taskid' => $taskid)); } + Permission::addGlobalTags($perms, null, ['edit.menu', 'edit.address', 'download']); + Render::addTemplate('ipaddress', array( 'ips' => $this->taskStatus['data']['addresses'], 'chooseHintClass' => $this->hasIpSet ? '' : 'alert alert-danger', 'editAllowed' => User::hasPermission("edit.address"), + 'perms' => $perms, )); $data = $this->currentMenu; + if (!User::hasPermission('edit.menu')) { + unset($data['masterpasswordclear']); + } if (!isset($data['defaultentry'])) { $data['defaultentry'] = 'net'; } @@ -68,8 +77,7 @@ class Page_ServerSetup extends Page if ($data['defaultentry'] === 'custom') { $data['active-custom'] = 'checked'; } - $data['editAllowed'] = User::hasPermission("edit.menu"); - $data['downloadAllowed'] = User::hasPermission("download"); + $data['perms'] = $perms; Render::addTemplate('ipxe', $data); } diff --git a/modules-available/serversetup-bwlp/style.css b/modules-available/serversetup-bwlp/style.css deleted file mode 100644 index 3aea98af..00000000 --- a/modules-available/serversetup-bwlp/style.css +++ /dev/null @@ -1,12 +0,0 @@ -.disabledPanel { - cursor: not-allowed; -} - -.disabledPanel > .panel-body { - pointer-events: none; - opacity: 0.8; -} - -.panel-footer .btn-group { - cursor: not-allowed; -} \ No newline at end of file diff --git a/modules-available/serversetup-bwlp/templates/ipaddress.html b/modules-available/serversetup-bwlp/templates/ipaddress.html index e82253f5..8d73dfac 100644 --- a/modules-available/serversetup-bwlp/templates/ipaddress.html +++ b/modules-available/serversetup-bwlp/templates/ipaddress.html @@ -1,4 +1,4 @@ -
{{lang_usbImgHelp}}
+
+ Linux
+
+ {{lang_usbImgHelpLinux}}
+
+ Windows
+
+ {{lang_usbImgHelpWindows}}
+
LABEL custom - MENU LABEL ^My Boot Entry - KERNEL http://1.2.3.4/kernel - INITRD http://1.2.3.4/initramfs-stage31 - APPEND custom=option - IPAPPEND 3- {{lang_menuCustomHint2}} LABEL custom - {{lang_menuCustomHint3}} -
{{lang_usbImgHelp}}
-
- Linux
-
- {{lang_usbImgHelpLinux}}
-
- Windows
-
- {{lang_usbImgHelpWindows}}
-
{{lang_menuTitle}} | +{{lang_locationCount}} | +{{lang_isDefault}} | +{{lang_edit}} | +
---|---|---|---|
+ {{title}} + | ++ {{locationCount}} + | ++ {{#isdefault}} + + {{/isdefault}} + | ++ {{#allowEdit}} + + + + {{/allowEdit}} + | +
{{lang_bootentryTitle}} | +Hotkey | +{{lang_edit}} | +{{lang_delete}} | +
---|---|---|---|
+ {{title}} + | ++ {{hotkey}} + | ++ {{#allowEdit}} + + + + {{/allowEdit}} + | ++ {{#allowDelete}} + + {{/allowDelete}} + | +
- | - | {{lang_entryId}} | ++ | + | {{lang_entryId}} | {{lang_title}} | -{{lang_hotkey}} | -{{lang_password}} | -- | + | {{lang_hotkey}} | +{{lang_password}} | ++ |
---|
{{name}} | +{{size}} | +{{modified}} | +({{features}}) | +
+ + + {{lang_usbImgHelpBtn}} + +
++ {{lang_additionalInfoLink}} {{lang_ipxeWikiUrl}} +
- {{lang_downloadRufus}} + {{lang_downloadRufus}}
-- cgit v1.2.3-55-g7522 From 63aa220d849dca2384773bf755358557a1d711c5 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 18 Jan 2019 16:37:17 +0100 Subject: [serversetup-bwlp] Make localboot method configurable --- modules-available/serversetup-bwlp/api.inc.php | 23 ++----- .../serversetup-bwlp/inc/localboot.inc.php | 17 +++++ .../serversetup-bwlp/lang/de/messages.json | 2 + .../serversetup-bwlp/lang/de/module.json | 1 + .../serversetup-bwlp/lang/de/template-tags.json | 6 ++ modules-available/serversetup-bwlp/page.inc.php | 78 ++++++++++++++++++++++ .../serversetup-bwlp/templates/localboot.html | 59 ++++++++++++++++ 7 files changed, 169 insertions(+), 17 deletions(-) create mode 100644 modules-available/serversetup-bwlp/inc/localboot.inc.php create mode 100644 modules-available/serversetup-bwlp/templates/localboot.html (limited to 'modules-available/serversetup-bwlp') diff --git a/modules-available/serversetup-bwlp/api.inc.php b/modules-available/serversetup-bwlp/api.inc.php index 4ed316a7..d089584e 100644 --- a/modules-available/serversetup-bwlp/api.inc.php +++ b/modules-available/serversetup-bwlp/api.inc.php @@ -13,10 +13,9 @@ $product = Request::any('product', false, 'string'); $slxExtensions = Request::any('slx-extensions', false, 'int'); if ($platform === false || ($uuid === false && $product === false) || $slxExtensions === false) { - error_log(print_r($_SERVER, true)); - sleep(1); + // Redirect to self with added parameters $url = parse_url($_SERVER['REQUEST_URI']); - if (isset($_SERVER['SCRIPT_URI']) && preg_match('#(\w+://[^/]+)#', $_SERVER['SCRIPT_URI'], $out)) { + if (isset($_SERVER['SCRIPT_URI']) && preg_match('#^(\w+://[^/]+)#', $_SERVER['SCRIPT_URI'], $out)) { $urlbase = $out[1]; } elseif (isset($_SERVER['REQUEST_SCHEME']) && isset($_SERVER['SERVER_NAME'])) { $urlbase = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['SERVER_NAME']; @@ -62,11 +61,7 @@ HERE; } $platform = strtoupper($platform); -$BOOT_METHODS = [ - 'EXIT' => 'exit 1', - 'COMBOOT' => 'chain /tftp/chain.c32 hd0', - 'SANBOOT' => 'sanboot --no-describe', -]; +$BOOT_METHODS = Localboot::BOOT_METHODS; $ip = $_SERVER['REMOTE_ADDR']; if (substr($ip, 0, 7) === '::ffff:') { @@ -111,15 +106,9 @@ if ($model !== false) { } } if ($localboot === false || !isset($BOOT_METHODS[$localboot])) { - $localboot = Property::get('serversetup.localboot', false); - if ($localboot === false) { - if ($platform === 'EFI') { - // It seems most (all) EFI platforms won't enumerate any drives in ipxe. - // No idea if this can be fixed in ipxe code in the future. - $localboot = 'EXIT'; - } else { - $localboot = 'SANBOOT'; - } + $localboot = Property::get('serversetup.localboot', 'AUTO'); + if (!isset($BOOT_METHODS[$localboot])) { + $localboot = 'AUTO'; } } if (isset($BOOT_METHODS[$localboot])) { diff --git a/modules-available/serversetup-bwlp/inc/localboot.inc.php b/modules-available/serversetup-bwlp/inc/localboot.inc.php new file mode 100644 index 00000000..a91d0547 --- /dev/null +++ b/modules-available/serversetup-bwlp/inc/localboot.inc.php @@ -0,0 +1,17 @@ + 'iseq EFI ${platform} && exit 1 || sanboot --no-describe', + 'EXIT' => 'exit 1', + 'COMBOOT' => 'chain /tftp/chain.c32 hd0', + 'SANBOOT' => 'sanboot --no-describe', + ]; + + + +} \ No newline at end of file diff --git a/modules-available/serversetup-bwlp/lang/de/messages.json b/modules-available/serversetup-bwlp/lang/de/messages.json index 2bcaa391..de48ef0b 100644 --- a/modules-available/serversetup-bwlp/lang/de/messages.json +++ b/modules-available/serversetup-bwlp/lang/de/messages.json @@ -7,6 +7,8 @@ "invalid-boot-entry": "Ung\u00fcltiger Booteintrag: {{0}}", "invalid-ip": "Kein Interface ist auf die Adresse {{0}} konfiguriert", "invalid-menu-id": "Ung\u00fcltige Men\u00fc-ID: {{0}}", + "localboot-invalid-method": "Ung\u00fcltige localboot-Methode: {{0}}", + "localboot-saved": "Einstellungen gespeichert", "location-menu-assigned": "{{0}} wurde ein Men\u00fc zugewiesen", "location-use-default": "{{0}} verwendet jetzt das Standardmen\u00fc", "menu-deleted": "Men\u00fc gel\u00f6scht", diff --git a/modules-available/serversetup-bwlp/lang/de/module.json b/modules-available/serversetup-bwlp/lang/de/module.json index e4c1ff4e..31d563f0 100644 --- a/modules-available/serversetup-bwlp/lang/de/module.json +++ b/modules-available/serversetup-bwlp/lang/de/module.json @@ -14,5 +14,6 @@ "submenu_address": "Server-Adresse", "submenu_bootentry": "Booteintr\u00e4ge verwalten", "submenu_download": "Downloads", + "submenu_localboot": "HDD-Boot", "submenu_menu": "Men\u00fcs verwalten" } \ No newline at end of file diff --git a/modules-available/serversetup-bwlp/lang/de/template-tags.json b/modules-available/serversetup-bwlp/lang/de/template-tags.json index 9d64ebd9..2b68b3fb 100644 --- a/modules-available/serversetup-bwlp/lang/de/template-tags.json +++ b/modules-available/serversetup-bwlp/lang/de/template-tags.json @@ -19,6 +19,7 @@ "lang_bootentryTitle": "Booteintrag", "lang_chooseIP": "Bitte w\u00e4hlen Sie die IP-Adresse, \u00fcber die der Server von den Clients zum Booten angesprochen werden soll.", "lang_commandLine": "Command line", + "lang_count": "Anzahl", "lang_customEntry": "Eigener Eintrag", "lang_downloadBootImage": "Boot-Image herunterladen", "lang_downloadRufus": "Rufus herunterladen", @@ -41,6 +42,10 @@ "lang_initRd": "Zu ladendes initramfs", "lang_isDefault": "Standard", "lang_listOfMenus": "Men\u00fcliste", + "lang_localBootDefault": "Standardm\u00e4\u00dfig verwendete Methode, um von Festplatte zu booten", + "lang_localBootExceptions": "Ausnahmen, pro Rechnermodell definierbar", + "lang_localBootHead": "Boot von Festplatte", + "lang_localBootIntro": "Aus dem iPXE Bootmen\u00fc kann auf verschiedene Arten ein Boot von der prim\u00e4ren Festplatte ausgel\u00f6st werden. In den allermeisten F\u00e4llen ist die Einstellung \"AUTO\" ausreichend, bei bestimmten Rechnermodellen kann es allerdings erforderlich sein, eine der alternativen Methoden zu erzwingen. Falls Sie einem solchen Modell begegnen, k\u00f6nnen Sie im unteren Teil dieser Seite eine solche Ausnahme festlegen. In einigen F\u00e4llen l\u00e4sst sich das Problem auch durch ein BIOS-Update auf den entsprechenden Ger\u00e4ten beheben.", "lang_localHDD": "Lokale HDD", "lang_locationCount": "Anzahl Orte", "lang_masterPassword": "Master-Passwort", @@ -60,6 +65,7 @@ "lang_newBootEntryHead": "Neuer Booteintrag", "lang_newMenu": "Neues Men\u00fc", "lang_none": "(keine)", + "lang_override": "\u00dcberschreiben", "lang_pxeBuilt": "PXE-Binary gebaut", "lang_recompileHint": "iPXE-Binaries jetzt neu kompilieren. Normalerweise wird dieser Vorgang bei \u00c4nderungen automatisch ausgef\u00fchrt. Sollten Bootprobleme auftreten, k\u00f6nnen Sie hier den Vorgang manuell ansto\u00dfen.", "lang_scriptContent": "Script", diff --git a/modules-available/serversetup-bwlp/page.inc.php b/modules-available/serversetup-bwlp/page.inc.php index a71e56ef..7766050b 100644 --- a/modules-available/serversetup-bwlp/page.inc.php +++ b/modules-available/serversetup-bwlp/page.inc.php @@ -88,6 +88,11 @@ class Page_ServerSetup extends Page Util::redirect('?do=locations'); } + if ($action === 'savelocalboot') { + User::assertPermission('ipxe.localboot.edit'); + $this->saveLocalboot(); + } + if ($action === 'deleteMenu') { // Permcheck in function $this->deleteMenu(); @@ -114,6 +119,9 @@ class Page_ServerSetup extends Page if (User::hasPermission('download')) { Dashboard::addSubmenu('?do=serversetup&show=download', Dictionary::translate('submenu_download', true)); } + if (User::hasPermission('ipxe.localboot.*')) { + Dashboard::addSubmenu('?do=serversetup&show=localboot', Dictionary::translate('submenu_localboot', true)); + } if (Request::get('show') === false) { $subs = Dashboard::getSubmenus(); if (empty($subs)) { @@ -168,6 +176,10 @@ class Page_ServerSetup extends Page // Permcheck in function $this->showEditLocation(); break; + case 'localboot': + User::assertPermission('ipxe.localboot.*'); + $this->showLocalbootConfig(); + break; default: Util::redirect('?do=serversetup'); break; @@ -218,6 +230,49 @@ class Page_ServerSetup extends Page Render::addTemplate('download', ['files' => $files]); } + private function makeSelectArray($list, $default) + { + $ret = []; + foreach (array_keys($list) as $k) { + $ret[] = [ + 'key' => $k, + 'selected' => ($k === $default ? 'selected' : ''), + ]; + } + return $ret; + } + + private function showLocalbootConfig() + { + // Default setting + $default = Property::get('serversetup.localboot', false); + if (!array_key_exists($default, Localboot::BOOT_METHODS)) { + $default = 'AUTO'; + } + $optionList = $this->makeSelectArray(Localboot::BOOT_METHODS, $default); + // Exceptions + $cutoff = strtotime('-90 days'); + $models = []; + $res = Database::simpleQuery('SELECT m.systemmodel, cnt, sl.bootmethod FROM ( + SELECT m2.systemmodel, Count(*) AS cnt FROM machine m2 + WHERE m2.lastseen > :cutoff + GROUP BY systemmodel + ) m + LEFT JOIN serversetup_localboot sl USING (systemmodel) + ORDER BY systemmodel', ['cutoff' => $cutoff]); + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $row['options'] = $this->makeSelectArray(Localboot::BOOT_METHODS, $row['bootmethod']); + $models[] = $row; + } + // Output + $data = [ + 'default' => $default, + 'options' => $optionList, + 'exceptions' => $models, + ]; + Render::addTemplate('localboot', $data); + } + private function showBootentryList() { $allowEdit = User::hasPermission('ipxe.bootentry.edit'); @@ -734,4 +789,27 @@ class Page_ServerSetup extends Page Message::addSuccess('location-menu-assigned', $loc['locationname']); } + private function saveLocalboot() + { + $default = Request::post('default', 'AUTO', 'string'); + if (!array_key_exists($default, Localboot::BOOT_METHODS)) { + Message::addError('localboot-invalid-method', $default); + return; + } + $overrides = Request::post('override', [], 'array'); + Database::exec('TRUNCATE TABLE serversetup_localboot'); + foreach ($overrides as $model => $mode) { + if (empty($mode)) // No override + continue; + if (!array_key_exists($mode, Localboot::BOOT_METHODS)) { + Message::addWarning('localboot-invalid-method', $mode); + continue; + } + Database::exec('INSERT INTO serversetup_localboot (systemmodel, bootmethod) + VALUES (:model, :mode)', compact('model', 'mode')); + } + Message::addSuccess('localboot-saved'); + Util::redirect('?do=serversetup&show=localboot'); + } + } diff --git a/modules-available/serversetup-bwlp/templates/localboot.html b/modules-available/serversetup-bwlp/templates/localboot.html new file mode 100644 index 00000000..7000be37 --- /dev/null +++ b/modules-available/serversetup-bwlp/templates/localboot.html @@ -0,0 +1,59 @@ +{{lang_localBootIntro}}
+ + -- cgit v1.2.3-55-g7522 From b0e0eddcfeb0f7d7cdde6caad21e3a0485797890 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 18 Jan 2019 16:49:46 +0100 Subject: [serversetup-bwlp] Link systemmodel to machine list --- modules-available/serversetup-bwlp/templates/localboot.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules-available/serversetup-bwlp') diff --git a/modules-available/serversetup-bwlp/templates/localboot.html b/modules-available/serversetup-bwlp/templates/localboot.html index 7000be37..960f463d 100644 --- a/modules-available/serversetup-bwlp/templates/localboot.html +++ b/modules-available/serversetup-bwlp/templates/localboot.html @@ -31,7 +31,7 @@ {{#exceptions}}