From: Marcin Haba Date: Sun, 27 Apr 2014 17:33:57 +0000 (+0200) Subject: Support for customized and restricted consoles X-Git-Tag: Release-7.0.3~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc8526e06cbc1fae3723708b428326beb764b9eb;p=thirdparty%2Fbacula.git Support for customized and restricted consoles --- diff --git a/gui/baculum/INSTALL b/gui/baculum/INSTALL index 7e48fbe53..c01a3e74d 100644 --- a/gui/baculum/INSTALL +++ b/gui/baculum/INSTALL @@ -17,6 +17,7 @@ functions such as: - Running backup and restore tasks - Monitoring Bacula services by getting status these services - Bacula console available via web interface +- Support for customized and restricted consoles (Console ACL functionality) - Multiple Directors support - Volumes managenment including labeling new volumes - Basic storage daemon operations on volumes (mount, umount, release actions) diff --git a/gui/baculum/README b/gui/baculum/README new file mode 100644 index 000000000..5ab2dd957 --- /dev/null +++ b/gui/baculum/README @@ -0,0 +1,138 @@ +Baculum - Bacula web interface + +Features description: + +=== Customized and restricted consoles === + +Baculum supports customized and restricted consoles for each logged in user. + +Before using customized and restricted consoles please check location for +bconsole configuration files for each user. For do it, there is need to run +on Baculum webGUI configuration wizard and there is need to go to "Console" +wizard step (fourth step). + +In "Console" wizard step there is field defined as: + +Bconsole custom config file path: __________________ + +In this field there is required to define location for restricted consoles. +In defined path exists one keyword {user}. It will be replaced into current +logged in username. + +For example, if logged is user named "john", keyword {user} will be replaced +into "john". + + +Example: + +"Bconsole custom config file path" is defined as: + +/usr/local/bacula/etc/bconsole-{user}.conf + +After log in user "john" to Baculum webGUI, for each bconsole request will be +used file: + +/usr/local/bacula/etc/bconsole-john.conf + +It makes available to define some specific console access (or restricted access) +for each Baculum user. + +For user named "willy" in above configured path according bconsole configuration +file will be: + +/usr/local/bacula/etc/bconsole-willy.conf + +etc... + + +NOTE! + +In configuration wizard step "Console" there is also field: + +"Bconsole admin config file path:": ___________________ + +Config file defined in this field will be used by administrator only. For this +reason the best parctice is define here console configuration file that gives +full access for administrator. + +Administrator user and password will be defined in next configuration wizard +step named "Authorization" (fifth step). + + +Baculum users are defined on web server level as described in instriction +in attached to Baculum INSTALL file. + +Example: + +For creating users "john" and "willy" as Baculum HTTP Basic authorization users +there is need to create this users for example by: + +# htpasswd /some/location/htpasswd/file john + +# htpasswd /some/location/htpasswd/file willy + +For case using other HTTP Basic authorization backends (for example LDAP) there +is need to define these users in this specific service. + + +Example of content custom consoles configuration file is below: + +Console { + Name = "BaculaRestrictedUser" + Password = "XXXXXXXXX" + CommandACL = show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update, +.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore + CatalogACL = *all* + ClientACL = user-fd + JobACL = somejob1,userjob + PoolACL = Full-Pool + StorageACL = VTL + FileSetACL = somejob1-fileset,userjobFileSet3 + WhereACL = *all* +} + +After defining these ACL there is also need to define the console access to +Director service in Bacula Director configuration file as Console{} resource. + + +NOTE! + +Please note that in above example in CommandACL are shown the most +essential commands necessary for proper working of Baculum webGUI and +possibility do to restore action (all .bvfs_* command and "restore" +command) + +Below are the same necessary commands broke one per line: + +show +.client +.jobs +.fileset +.pool +.storage +.jobs +.bvfs_update +.bvfs_lsdirs +.bvfs_lsfiles +.bvfs_versions +.bvfs_get_jobids +.bvfs_restore +restore + + +Catalog Database restriction + +Because Baculum in few parts of interface uses data from Bacula Catalog Database, +for each user who IS NOT administrator there has beed disabled EVERY write to +Bacula Catalog database by Baculum webGUI. Modification Bacula Catalog Database +tables is possible ONLY for Baculum administrator. + +Additionally because of Console ACL functionality does not support restriction +on media/volumes level, access to media/volumes has been disabled for all users +except administrator. + + +Configuration wizard restriction + +For security reason there has been disabled access to Configuration Wizard +function for all users except administrator. diff --git a/gui/baculum/protected/Class/API.php b/gui/baculum/protected/Class/API.php index 29b2f7aab..d5831b9de 100644 --- a/gui/baculum/protected/Class/API.php +++ b/gui/baculum/protected/Class/API.php @@ -23,6 +23,8 @@ class API extends TModule { const API_VERSION = '0.1'; + protected $appCfg; + private $allowedErrors = array( GenericError::ERROR_NO_ERRORS, BconsoleError::ERROR_INVALID_COMMAND @@ -41,16 +43,23 @@ class API extends TModule { } private function getURL() { - $cfg = $this->Application->getModule('configuration')->getApplicationConfig(); + $this->appCfg = $this->Application->getModule('configuration')->getApplicationConfig(); $protocol = !empty($_SERVER['HTTPS']) ? 'https' : 'http'; $host = $_SERVER['SERVER_NAME']; $port = $_SERVER['SERVER_PORT']; - $url = sprintf('%s://%s:%s@%s:%d/', $protocol, $cfg['baculum']['login'], $cfg['baculum']['password'], $host, $port); + $url = sprintf('%s://%s:%s@%s:%d/', $protocol, $this->appCfg['baculum']['login'], $this->appCfg['baculum']['password'], $host, $port); return $url; } - private function setDirectorToUrl(&$url) { + private function setParamsToUrl(&$url) { $url .= (preg_match('/\?/', $url) === 1 ? '&' : '?' ) . 'director=' . ((array_key_exists('director', $_SESSION)) ? $_SESSION['director'] : ''); + /** + * If user is not equal admin user then it is added to URL, + * then will be used custom console for this user. + */ + if($this->User->getIsAdmin() === false) { + $url .= '&user=' . $this->User->getName(); + } $this->Application->getModule('logging')->log(__FUNCTION__, PHP_EOL . PHP_EOL . 'EXECUTE URL ==> ' . $url . ' <==' . PHP_EOL . PHP_EOL, Logging::CATEGORY_APPLICATION, __FILE__, __LINE__); } @@ -60,7 +69,7 @@ class API extends TModule { public function get(array $params) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array($this->getAPIHeader(), 'Accept: application/json')); @@ -71,7 +80,7 @@ class API extends TModule { public function set(array $params, array $options) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $data = http_build_query(array('update' => $options)); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); @@ -86,7 +95,7 @@ class API extends TModule { public function create(array $params, array $options) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $data = http_build_query(array('create' => $options)); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); @@ -100,7 +109,7 @@ class API extends TModule { public function remove(array $params) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); diff --git a/gui/baculum/protected/Class/BaculumAPI.php b/gui/baculum/protected/Class/BaculumAPI.php index 0f924957b..4c9fb174e 100644 --- a/gui/baculum/protected/Class/BaculumAPI.php +++ b/gui/baculum/protected/Class/BaculumAPI.php @@ -27,6 +27,8 @@ abstract class BaculumAPI extends TPage protected $director; + protected $user; + /** * Actions methods. */ @@ -38,6 +40,13 @@ abstract class BaculumAPI extends TPage public function onInit($params) { parent::onInit($params); $this->director = isset($this->Request['director']) ? $this->Request['director'] : null; + $this->user = isset($this->Request['user']) ? $this->Request['user'] : null; + if(is_null($this->user) && $this->Application->getModule('configuration')->isApplicationConfig() === true) { + $appConfig = ConfigurationManager::getApplicationConfig(); + // @TOFIX: Baculum API layer should not use $_SERVER variables. + $this->user = isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != $appConfig['baculum']['login'] ? $_SERVER['PHP_AUTH_USER'] : null; + } + switch($_SERVER['REQUEST_METHOD']) { case self::PUT_METHOD: { try { diff --git a/gui/baculum/protected/Class/BaculumPage.php b/gui/baculum/protected/Class/BaculumPage.php index 275f2ea77..d3bbac812 100644 --- a/gui/baculum/protected/Class/BaculumPage.php +++ b/gui/baculum/protected/Class/BaculumPage.php @@ -19,6 +19,7 @@ class BaculumPage extends TPage { + public function onPreInit($param) { parent::onPreInit($param); $configuration = $this->getModule('configuration'); diff --git a/gui/baculum/protected/Class/BaculumUser.php b/gui/baculum/protected/Class/BaculumUser.php new file mode 100644 index 000000000..a83eb8a9e --- /dev/null +++ b/gui/baculum/protected/Class/BaculumUser.php @@ -0,0 +1,38 @@ +_id; + } + + public function setID($id) { + $this->_id = $id; + } + + public function getIsAdmin() { + return $this->isInRole('admin'); + } +} +?> \ No newline at end of file diff --git a/gui/baculum/protected/Class/BaculumUsersManager.php b/gui/baculum/protected/Class/BaculumUsersManager.php new file mode 100644 index 000000000..21aab8369 --- /dev/null +++ b/gui/baculum/protected/Class/BaculumUsersManager.php @@ -0,0 +1,61 @@ +config = $this->Application->getModule('configuration')->isApplicationConfig() ? $this->Application->getModule('configuration')->getApplicationConfig() : null; + } + + public function getGuestName() { + return 'guest'; + } + + public function validateUser($username, $password) { + return !empty($username); + } + + public function getUser($username = null) { + $user = new BaculumUser($this); + $id = sha1(time()); + $user->setID($id); + $user->setName($_SERVER['PHP_AUTH_USER']); + $user->setIsGuest(false); + if($this->config['baculum']['login'] == $_SERVER['PHP_AUTH_USER'] || is_null($this->config)) { + $user->setRoles('admin'); + } else { + $user->setRoles('user'); + } + return $user; + } + + public function getUserFromCookie($cookie) { + return; + } + + public function saveUserToCookie($cookie) { + return; + } +} +?> \ No newline at end of file diff --git a/gui/baculum/protected/Class/Bconsole.php b/gui/baculum/protected/Class/Bconsole.php index 93b6bac68..a81c75b19 100644 --- a/gui/baculum/protected/Class/Bconsole.php +++ b/gui/baculum/protected/Class/Bconsole.php @@ -29,7 +29,9 @@ class Bconsole extends TModule { const BCONSOLE_DIRECTORS_PATTERN = "%s%s -c %s -l"; - private $availableCommands = array('version', 'status', 'list', 'messages', 'show', 'mount', 'umount', 'release', 'prune', 'purge', 'update', 'estimate', 'run', '.bvfs_update', '.bvfs_lsdirs', '.bvfs_lsfiles', '.bvfs_versions', '.bvfs_get_jobids', '.bvfs_restore', '.bvfs_clear_cache', 'restore', 'cancel', 'delete', '.jobs', 'label', 'reload', '.fileset', '.storage'); + const BCONSOLE_CFG_USER_KEYWORD = '{user}'; + + private $availableCommands = array('version', 'status', 'list', 'messages', 'show', 'mount', 'umount', 'release', 'prune', 'purge', 'update', 'estimate', 'run', '.bvfs_update', '.bvfs_lsdirs', '.bvfs_lsfiles', '.bvfs_versions', '.bvfs_get_jobids', '.bvfs_restore', '.bvfs_clear_cache', 'restore', 'cancel', 'delete', '.jobs', 'label', 'reload', '.fileset', '.storage', '.client', '.pool'); private $useSudo = false; @@ -37,19 +39,23 @@ class Bconsole extends TModule { private $bconsoleCfgPath; + private $bconsoleCfgCustomPath; + public function init($config) { if($this->Application->getModule('configuration')->isApplicationConfig() === true) { $params = ConfigurationManager::getApplicationConfig(); $useSudo = ((integer)$params['bconsole']['use_sudo'] === 1); $bconsoleCmdPath = $params['bconsole']['bin_path']; $bconsoleCfgPath = $params['bconsole']['cfg_path']; - $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo); + $bconsoleCfgCustomPath = array_key_exists('cfg_custom_path', $params['bconsole']) ? $params['bconsole']['cfg_custom_path'] : null; + $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $bconsoleCfgCustomPath, $useSudo); } } - private function setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo) { + private function setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $bconsoleCfgCustomPath, $useSudo) { $this->bconsoleCmdPath = $bconsoleCmdPath; $this->bconsoleCfgPath = $bconsoleCfgPath; + $this->bconsoleCfgCustomPath = $bconsoleCfgCustomPath; $this->useSudo = $useSudo; } @@ -71,17 +77,17 @@ class Bconsole extends TModule { return (object)array('output' => $output, 'exitcode' => $exitcode); } - public function bconsoleCommand($director, array $command) { + public function bconsoleCommand($director, array $command, $user = null) { $baseCommand = count($command) > 0 ? $command[0] : null; if($this->isCommandValid($baseCommand) === true) { - $result = $this->execCommand($director, $command); + $result = $this->execCommand($director, $command, $user); } else { $result = $this->prepareResult(array(BconsoleError::MSG_ERROR_INVALID_COMMAND, ''), BconsoleError::ERROR_INVALID_COMMAND, ' '); } return $result; } - private function execCommand($director, array $command) { + private function execCommand($director, array $command, $user) { if(!is_null($director) && $this->isValidDirector($director) === false) { $output = array(BconsoleError::MSG_ERROR_INVALID_DIRECTOR, ''); $exitcode = BconsoleError::ERROR_INVALID_DIRECTOR; @@ -90,6 +96,9 @@ class Bconsole extends TModule { $dir = is_null($director) ? '': '-D ' . $director; $sudo = ($this->useSudo === true) ? self::SUDO . ' ' : ''; $bconsoleCommand = implode(' ', $command); + if(!is_null($this->bconsoleCfgCustomPath) && !is_null($user)) { + $this->bconsoleCfgPath = str_replace(self::BCONSOLE_CFG_USER_KEYWORD, $user, $this->bconsoleCfgCustomPath); + } $cmd = sprintf(self::BCONSOLE_COMMAND_PATTERN, $sudo, $this->bconsoleCmdPath, $this->bconsoleCfgPath, $dir, $bconsoleCommand); exec($cmd, $output, $exitcode); if($exitcode != 0) { @@ -123,7 +132,7 @@ class Bconsole extends TModule { } public function testBconsoleCommand(array $command, $bconsoleCmdPath, $bconsoleCfgPath, $useSudo) { - $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo); + $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo, null); $director = array_shift($this->getDirectors()->output); return $this->bconsoleCommand($director, $command); } diff --git a/gui/baculum/protected/Lang/en/messages.mo b/gui/baculum/protected/Lang/en/messages.mo index 78d20debe..49d141479 100755 Binary files a/gui/baculum/protected/Lang/en/messages.mo and b/gui/baculum/protected/Lang/en/messages.mo differ diff --git a/gui/baculum/protected/Lang/en/messages.po b/gui/baculum/protected/Lang/en/messages.po index 421089c17..e1a02b78a 100755 --- a/gui/baculum/protected/Lang/en/messages.po +++ b/gui/baculum/protected/Lang/en/messages.po @@ -1,9 +1,9 @@ msgid "" msgstr "" -"PO-Revision-Date: 2014-03-08 19:45+0100\n" +"PO-Revision-Date: 2014-04-26 21:10:10\n" "Project-Id-Version: \n" "POT-Creation-Date: \n" -"Last-Translator: Marcin Haba \n" +"Last-Translator: Marcin Haba \n" "Language-Team: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" @@ -148,9 +148,6 @@ msgstr "Bconsole binary file path:" msgid "Please enter bconsole path." msgstr "Please enter bconsole path." -msgid "Bconsole config file path:" -msgstr "Bconsole config file path:" - msgid "Please enter bconsole config file path." msgstr "Please enter bconsole config file path." @@ -472,24 +469,14 @@ msgstr "Step 3 - select files to restore" msgid "Files" msgstr "Files" -msgid "" -"For see a file versions please double click file on the left files browser." -msgstr "" -"For see a file versions please double click file on the left files browser." +msgid "For see a file versions please double click file on the left files browser." +msgstr "For see a file versions please double click file on the left files browser." -msgid "" -"For add a file to restore please drag a file from frame on left or from " -"above frame and drop it here" -msgstr "" -"For add a file to restore please drag a file from frame on left or from " -"above frame and drop it here" +msgid "For add a file to restore please drag a file from frame on left or from above frame and drop it here" +msgstr "For add a file to restore please drag a file from frame on left or from above frame and drop it here" -msgid "" -"It seems that there is no files for choosing or file records in database for " -"this job has been purged (file retention period expired)" -msgstr "" -"It seems that there is no files for choosing or file records in database for " -"this job has been purged (file retention period expired)" +msgid "It seems that there is no files for choosing or file records in database for this job has been purged (file retention period expired)" +msgstr "It seems that there is no files for choosing or file records in database for this job has been purged (file retention period expired)" msgid "Group most recent backups" msgstr "Group most recent backups" @@ -560,14 +547,8 @@ msgstr "Run" msgid "Cancel" msgstr "Cancel" -msgid "" -"There is no backup for restore. Please go to previous step and select " -"another client for restore or proceed backups for the client selected in " -"previous step." -msgstr "" -"There is no backup for restore. Please go to previous step and select " -"another client for restore or proceed backups for the client selected in " -"previous step." +msgid "There is no backup for restore. Please go to previous step and select another client for restore or proceed backups for the client selected in previous step." +msgstr "There is no backup for restore. Please go to previous step and select another client for restore or proceed backups for the client selected in previous step." msgid "Database file path (SQLite only):" msgstr "Database file path (SQLite only):" @@ -674,12 +655,8 @@ msgstr "Error 2 - problem with connection to database." msgid "Please check if Catalog database service is running." msgstr "Please check if Catalog database service is running." -msgid "" -"Please check if Web Server user is allowed for connection to Catalog " -"database." -msgstr "" -"Please check if Web Server user is allowed for connection to Catalog " -"database." +msgid "Please check if Web Server user is allowed for connection to Catalog database." +msgstr "Please check if Web Server user is allowed for connection to Catalog database." msgid "Please re-run" msgstr "Please re-run" @@ -699,24 +676,14 @@ msgstr "Error 4 - problem with connection to bconsole." msgid "Please check if Bacula Director service is running." msgstr "Please check if Bacula Director service is running." -msgid "" -"Please check in shell console if bconsole program is able to connect to " -"Bacula Director service." -msgstr "" -"Please check in shell console if bconsole program is able to connect to " -"Bacula Director service." +msgid "Please check in shell console if bconsole program is able to connect to Bacula Director service." +msgstr "Please check in shell console if bconsole program is able to connect to Bacula Director service." -msgid "" -"Please be sure if Web Server user is allowed for executing bconsole program." -msgstr "" -"Please be sure if Web Server user is allowed for executing bconsole program." +msgid "Please be sure if Web Server user is allowed for executing bconsole program." +msgstr "Please be sure if Web Server user is allowed for executing bconsole program." -msgid "" -"You can login to shell console as Web Server user and try to run bconsole " -"program." -msgstr "" -"You can login to shell console as Web Server user and try to run bconsole " -"program." +msgid "You can login to shell console as Web Server user and try to run bconsole program." +msgstr "You can login to shell console as Web Server user and try to run bconsole program." msgid "internal Baculum error." msgstr "internal Baculum error." @@ -724,14 +691,8 @@ msgstr "internal Baculum error." msgid "TRY AGAIN" msgstr "TRY AGAIN" -msgid "" -"Above administration login and administration password should be the same as " -"login params defined in Web Server authorization file. They are HTTP Basic " -"authorization params by using which you have logged in to this wizard." -msgstr "" -"Above administration login and administration password should be the same as " -"login params defined in Web Server authorization file. They are HTTP Basic " -"authorization params by using which you have logged in to this wizard." +msgid "Above administration login and administration password should be the same as login params defined in Web Server authorization file. They are HTTP Basic authorization params by using which you have logged in to this wizard." +msgstr "Above administration login and administration password should be the same as login params defined in Web Server authorization file. They are HTTP Basic authorization params by using which you have logged in to this wizard." msgid "authorization to Baculum error." msgstr "authorization to Baculum error." @@ -739,33 +700,17 @@ msgstr "authorization to Baculum error." msgid "Please check Web Server authorization file if it is correct." msgstr "Please check Web Server authorization file if it is correct." -msgid "" -"and retype authorization login and authorization password for that is used " -"to login to" -msgstr "" -"and retype authorization login and authorization password for that is used " -"to login to" +msgid "and retype authorization login and authorization password for that is used to login to" +msgstr "and retype authorization login and authorization password for that is used to login to" -msgid "" -"Please check Web Server authorization file if it is defined and it is " -"correct." -msgstr "" -"Please check Web Server authorization file if it is defined and it is " -"correct." +msgid "Please check Web Server authorization file if it is defined and it is correct." +msgstr "Please check Web Server authorization file if it is defined and it is correct." -msgid "" -"Please be sure if Web Server authorization is enabled (for Apache it is " -"option 'AllowOverride All') and if the authorization works properly." -msgstr "" -"Please be sure if Web Server authorization is enabled (for Apache it is " -"option 'AllowOverride All') and if the authorization works properly." +msgid "Please be sure if Web Server authorization is enabled (for Apache it is option 'AllowOverride All') and if the authorization works properly." +msgstr "Please be sure if Web Server authorization is enabled (for Apache it is option 'AllowOverride All') and if the authorization works properly." -msgid "" -"please retype authorization login and authorization password to according " -"Web Server authorization values." -msgstr "" -"please retype authorization login and authorization password to according " -"Web Server authorization values." +msgid "please retype authorization login and authorization password to according Web Server authorization values." +msgstr "please retype authorization login and authorization password to according Web Server authorization values." msgid "Enable logging" msgstr "Enable logging" @@ -773,19 +718,37 @@ msgstr "Enable logging" msgid "clear bvfs cache" msgstr "clear bvfs cache" -msgid "" -"Output for selected job is not available yet or you do not have enabled " -"logging job logs to catalog database.\n" +msgid "Output for selected job is not available yet or you do not have enabled logging job logs to catalog database.\n" "\n" -"For watching job log there is need to add to the job Messages resource next " -"directive:\n" +"For watching job log there is need to add to the job Messages resource next directive:\n" "\n" "console = all, !skipped, !saved\n" -msgstr "" -"Output for selected job is not available yet or you do not have enabled " -"logging job logs to catalog database.\n" +"" +msgstr "Output for selected job is not available yet or you do not have enabled logging job logs to catalog database.\n" "\n" -"For watching job log there is need to add to the job Messages resource next " -"directive:\n" +"For watching job log there is need to add to the job Messages resource next directive:\n" "\n" "console = all, !skipped, !saved\n" +"" + +msgid "Bconsole admin config file path:" +msgstr "Bconsole admin config file path:" + +msgid "Bconsole custom config file path:" +msgstr "Bconsole custom config file path:" + +msgid "Please enter bconsole custom config file path." +msgstr "Please enter bconsole custom config file path." + +msgid "For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user." +msgstr "For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user." + +msgid "If there is used only one Baculum user then below field value will be ignored" +msgstr "If there is used only one Baculum user then below field value will be ignored" + +msgid "{user} keyword will be replaced for each logged user into according username." +msgstr "{user} keyword will be replaced for each logged user into according username." + +msgid "If there is used only one Baculum user then below field value will be ignored." +msgstr "If there is used only one Baculum user then below field value will be ignored." + diff --git a/gui/baculum/protected/Lang/pl/messages.po b/gui/baculum/protected/Lang/pl/messages.po index 11b96c5dd..fa221bbd6 100755 --- a/gui/baculum/protected/Lang/pl/messages.po +++ b/gui/baculum/protected/Lang/pl/messages.po @@ -148,9 +148,6 @@ msgstr "Lokalizacja bconsole:" msgid "Please enter bconsole path." msgstr "Proszę wprowadzić lokalizację bconsole." -msgid "Bconsole config file path:" -msgstr "Lokalizacja konfiguracji:" - msgid "Please enter bconsole config file path." msgstr "Proszę wprowadzić położenie pliku .conf." diff --git a/gui/baculum/protected/Pages/API/BVFGetJobids.php b/gui/baculum/protected/Pages/API/BVFGetJobids.php index 3d9a31ed3..4eadfff99 100644 --- a/gui/baculum/protected/Pages/API/BVFGetJobids.php +++ b/gui/baculum/protected/Pages/API/BVFGetJobids.php @@ -24,7 +24,7 @@ class BVFSGetJobids extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_get_jobids', 'jobid="' . $job->jobid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSClearCache.php b/gui/baculum/protected/Pages/API/BVFSClearCache.php index 279efe0c5..2232818e8 100644 --- a/gui/baculum/protected/Pages/API/BVFSClearCache.php +++ b/gui/baculum/protected/Pages/API/BVFSClearCache.php @@ -22,7 +22,7 @@ class BVFSClearCache extends BaculumAPI { public function get() {} public function set($ids, $params) { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_clear_cache', 'yes')); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_clear_cache', 'yes'), $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } diff --git a/gui/baculum/protected/Pages/API/BVFSGetJobids.php b/gui/baculum/protected/Pages/API/BVFSGetJobids.php index bdfc39cf8..e324c9b3a 100644 --- a/gui/baculum/protected/Pages/API/BVFSGetJobids.php +++ b/gui/baculum/protected/Pages/API/BVFSGetJobids.php @@ -24,7 +24,7 @@ class BVFSGetJobids extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_get_jobids', 'jobid="' . $job->jobid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSLsDirs.php b/gui/baculum/protected/Pages/API/BVFSLsDirs.php index 192ccfb20..1e07d847b 100644 --- a/gui/baculum/protected/Pages/API/BVFSLsDirs.php +++ b/gui/baculum/protected/Pages/API/BVFSLsDirs.php @@ -43,7 +43,7 @@ class BVFSLsDirs extends BaculumAPI { if($limit > 0) { array_push($cmd, 'limit="' . $limit . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSLsFiles.php b/gui/baculum/protected/Pages/API/BVFSLsFiles.php index ab474ccc0..2d87ee7c4 100644 --- a/gui/baculum/protected/Pages/API/BVFSLsFiles.php +++ b/gui/baculum/protected/Pages/API/BVFSLsFiles.php @@ -42,7 +42,7 @@ class BVFSLsFiles extends BaculumAPI { if($limit > 0) { array_push($cmd, 'limit="' . $limit . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSRestore.php b/gui/baculum/protected/Pages/API/BVFSRestore.php index 6e37b8f14..5c641e8db 100644 --- a/gui/baculum/protected/Pages/API/BVFSRestore.php +++ b/gui/baculum/protected/Pages/API/BVFSRestore.php @@ -50,7 +50,7 @@ class BVFSRestore extends BaculumAPI { array_push($cmd, 'dirid="' . $dirids . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSUpdate.php b/gui/baculum/protected/Pages/API/BVFSUpdate.php index 0bd8e0bb2..707fdeb10 100644 --- a/gui/baculum/protected/Pages/API/BVFSUpdate.php +++ b/gui/baculum/protected/Pages/API/BVFSUpdate.php @@ -33,7 +33,7 @@ class BVFSUpdate extends BaculumAPI { } if($isValid === true) { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_update', 'jobid="' . $ids . '"')); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_update', 'jobid="' . $ids . '"'), $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSVersions.php b/gui/baculum/protected/Pages/API/BVFSVersions.php index 20fb13c14..a6c24be2c 100644 --- a/gui/baculum/protected/Pages/API/BVFSVersions.php +++ b/gui/baculum/protected/Pages/API/BVFSVersions.php @@ -27,7 +27,7 @@ class BVFSVersions extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_versions', 'client="' . $client . '"', 'jobid="' . $job->jobid . '"', 'pathid="' . $pathid . '"', 'fnid="' . $filenameid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Client.php b/gui/baculum/protected/Pages/API/Client.php index 6318662cf..ae8fd2498 100644 --- a/gui/baculum/protected/Pages/API/Client.php +++ b/gui/baculum/protected/Pages/API/Client.php @@ -32,7 +32,7 @@ class Client extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('client')->setClient($id, $params); + $result = ($this->user === null) ? $this->getModule('client')->setClient($id, $params) : true; if($result === true) { $this->output = null; $this->error = ClientError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/ClientShow.php b/gui/baculum/protected/Pages/API/ClientShow.php index 480351a5d..0903fd88b 100644 --- a/gui/baculum/protected/Pages/API/ClientShow.php +++ b/gui/baculum/protected/Pages/API/ClientShow.php @@ -22,7 +22,7 @@ class ClientShow extends BaculumAPI { $clientid = intval($this->Request['id']); $client = $this->getModule('client')->getClientById($clientid); if(!is_null($client)) { - $clientShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'client="' . $client->name . '"')); + $clientShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'client="' . $client->name . '"'), $this->user); $this->output = $clientShow->output; $this->error = (integer)$clientShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/ClientStatus.php b/gui/baculum/protected/Pages/API/ClientStatus.php index 13535f47e..edadfffce 100644 --- a/gui/baculum/protected/Pages/API/ClientStatus.php +++ b/gui/baculum/protected/Pages/API/ClientStatus.php @@ -22,7 +22,7 @@ class ClientStatus extends BaculumAPI { $clientid = intval($this->Request['id']); $client = $this->getModule('client')->getClientById($clientid); if(!is_null($client)) { - $clientStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'client="' . $client->name . '"')); + $clientStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'client="' . $client->name . '"'), $this->user); $this->output = $clientStatus->output; $this->error = (integer)$clientStatus->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Clients.php b/gui/baculum/protected/Pages/API/Clients.php index 495c5d64c..7801b442f 100644 --- a/gui/baculum/protected/Pages/API/Clients.php +++ b/gui/baculum/protected/Pages/API/Clients.php @@ -50,7 +50,14 @@ class Clients extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $clients = $this->getModule('client')->getClients($limit); - $this->output = $clients; + $allowedClients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.client'), $this->user)->output; + $clientsOutput = array(); + foreach($clients as $client) { + if(in_array($client->name, $allowedClients)) { + $clientsOutput[] = $client; + } + } + $this->output = $clientsOutput; $this->error = ClientError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/ClientsShow.php b/gui/baculum/protected/Pages/API/ClientsShow.php index cebab8204..5b1f6610d 100644 --- a/gui/baculum/protected/Pages/API/ClientsShow.php +++ b/gui/baculum/protected/Pages/API/ClientsShow.php @@ -20,7 +20,7 @@ class ClientsShow extends BaculumAPI { public function get() { - $clients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'clients')); + $clients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'clients'), $this->user); $this->output = $clients->output; $this->error = (integer)$clients->exitcode; } diff --git a/gui/baculum/protected/Pages/API/ConsoleCommand.php b/gui/baculum/protected/Pages/API/ConsoleCommand.php index cff6ef05e..55ed3a4cc 100644 --- a/gui/baculum/protected/Pages/API/ConsoleCommand.php +++ b/gui/baculum/protected/Pages/API/ConsoleCommand.php @@ -23,7 +23,7 @@ class ConsoleCommand extends BaculumAPI { public function set($id, $params) { $params = (array)$params; - $console = $this->getModule('bconsole')->bconsoleCommand($this->director, $params); + $console = $this->getModule('bconsole')->bconsoleCommand($this->director, $params, $this->user); $this->output = $console->output; $this->error = (integer)$console->exitcode; } diff --git a/gui/baculum/protected/Pages/API/FileSets.php b/gui/baculum/protected/Pages/API/FileSets.php index ea5ac4b4e..96e572aa7 100644 --- a/gui/baculum/protected/Pages/API/FileSets.php +++ b/gui/baculum/protected/Pages/API/FileSets.php @@ -23,7 +23,7 @@ class FileSets extends BaculumAPI { if($directors->exitcode === 0) { $filesets = array(); for($i = 0; $i < count($directors->output); $i++) { - $filesetsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'fileset'))->output; + $filesetsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'fileset'), $this->user)->output; $filesets[$directors->output[$i]] = array(); for($j = 0; $j < count($filesetsshow); $j++) { diff --git a/gui/baculum/protected/Pages/API/Job.php b/gui/baculum/protected/Pages/API/Job.php index 9736629e2..3aa7a18f9 100644 --- a/gui/baculum/protected/Pages/API/Job.php +++ b/gui/baculum/protected/Pages/API/Job.php @@ -34,7 +34,7 @@ class Job extends BaculumAPI { $jobid = intval($id); $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { - $delete = $this->getModule('bconsole')->bconsoleCommand($this->director, array('delete', 'jobid="' . $job->jobid . '"')); + $delete = $this->getModule('bconsole')->bconsoleCommand($this->director, array('delete', 'jobid="' . $job->jobid . '"'), $this->user); $this->output = $delete->output; $this->error = (integer)$delete->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobCancel.php b/gui/baculum/protected/Pages/API/JobCancel.php index 51d483b9a..d5397dfed 100644 --- a/gui/baculum/protected/Pages/API/JobCancel.php +++ b/gui/baculum/protected/Pages/API/JobCancel.php @@ -26,7 +26,7 @@ class JobCancel extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { - $cancel = $this->getModule('bconsole')->bconsoleCommand($this->director, array('cancel', 'jobid="' . $job->jobid . '"')); + $cancel = $this->getModule('bconsole')->bconsoleCommand($this->director, array('cancel', 'jobid="' . $job->jobid . '"'), $this->user); $this->output = $cancel->output; $this->error = (integer)$cancel->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobEstimate.php b/gui/baculum/protected/Pages/API/JobEstimate.php index 9933539da..4f18570dd 100644 --- a/gui/baculum/protected/Pages/API/JobEstimate.php +++ b/gui/baculum/protected/Pages/API/JobEstimate.php @@ -37,7 +37,7 @@ class JobEstimate extends BaculumAPI { if(!is_null($fileset)) { if(!is_null($client)) { $joblevels = $this->getModule('misc')->getJobLevels(); - $estimation = $this->getModule('bconsole')->bconsoleCommand($this->director, array('estimate', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset. '"', 'client="' . $client->name . '"', 'accurate="' . $accurate . '"')); + $estimation = $this->getModule('bconsole')->bconsoleCommand($this->director, array('estimate', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset. '"', 'client="' . $client->name . '"', 'accurate="' . $accurate . '"'), $this->user); $this->output = $estimation->output; $this->error = (integer)$estimation->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobRun.php b/gui/baculum/protected/Pages/API/JobRun.php index 9e96e7183..30b430969 100644 --- a/gui/baculum/protected/Pages/API/JobRun.php +++ b/gui/baculum/protected/Pages/API/JobRun.php @@ -42,7 +42,7 @@ class JobRun extends BaculumAPI { if(!is_null($storage)) { if(!is_null($pool)) { $joblevels = $this->getModule('misc')->getJobLevels(); - $run = $this->getModule('bconsole')->bconsoleCommand($this->director, array('run', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset . '"', 'client="' . $client->name . '"', 'storage="' . $storage->name . '"', 'pool="' . $pool->name . '"' , 'priority="' . $priority . '"', 'yes')); + $run = $this->getModule('bconsole')->bconsoleCommand($this->director, array('run', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset . '"', 'client="' . $client->name . '"', 'storage="' . $storage->name . '"', 'pool="' . $pool->name . '"' , 'priority="' . $priority . '"', 'yes'), $this->user); $this->output = $run->output; $this->error = (integer)$run->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobTasks.php b/gui/baculum/protected/Pages/API/JobTasks.php index cce31c8a5..22dbee24f 100644 --- a/gui/baculum/protected/Pages/API/JobTasks.php +++ b/gui/baculum/protected/Pages/API/JobTasks.php @@ -24,8 +24,8 @@ class JobTasks extends BaculumAPI { if($directors->exitcode === 0) { $jobs = array(); for($i = 0; $i < count($directors->output); $i++) { - $jobsList = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('.jobs'))->output; - $jobsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'jobs'))->output; + $jobsList = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('.jobs'), $this->user)->output; + $jobsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'jobs'), $this->user)->output; $jobs[$directors->output[$i]] = array(); for($j = 0; $j < count($jobsList); $j++) { /** diff --git a/gui/baculum/protected/Pages/API/Jobs.php b/gui/baculum/protected/Pages/API/Jobs.php index d4fb5f248..e829bc161 100644 --- a/gui/baculum/protected/Pages/API/Jobs.php +++ b/gui/baculum/protected/Pages/API/Jobs.php @@ -21,7 +21,14 @@ class Jobs extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $jobs = $this->getModule('job')->getJobs($limit); - $this->output = $jobs; + $allowedJobs = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs'), $this->user)->output; + $jobsOutput = array(); + foreach($jobs as $job) { + if(in_array($job->name, $allowedJobs)) { + $jobsOutput[] = $job; + } + } + $this->output = $jobsOutput; $this->error = JobError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/Pool.php b/gui/baculum/protected/Pages/API/Pool.php index 274b3662a..bc0b6ab4e 100644 --- a/gui/baculum/protected/Pages/API/Pool.php +++ b/gui/baculum/protected/Pages/API/Pool.php @@ -31,7 +31,7 @@ class Pool extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('pool')->setPool($id, $params); + $result = ($this->user === null) ? $this->getModule('pool')->setPool($id, $params) : true; if($result === true) { $this->output = null; $this->error = PoolError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/PoolShow.php b/gui/baculum/protected/Pages/API/PoolShow.php index b3bd4e4fe..f21571f3b 100644 --- a/gui/baculum/protected/Pages/API/PoolShow.php +++ b/gui/baculum/protected/Pages/API/PoolShow.php @@ -22,7 +22,7 @@ class PoolShow extends BaculumAPI { $poolid = intval($this->Request['id']); $pool = $this->getModule('pool')->getPoolById($poolid); if(!is_null($pool)) { - $poolShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pool="' . $pool->name . '"')); + $poolShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pool="' . $pool->name . '"'), $this->user); $this->output = $poolShow->output; $this->error = (integer)$poolShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/PoolUpdate.php b/gui/baculum/protected/Pages/API/PoolUpdate.php index 56f542d85..84538651f 100644 --- a/gui/baculum/protected/Pages/API/PoolUpdate.php +++ b/gui/baculum/protected/Pages/API/PoolUpdate.php @@ -23,7 +23,7 @@ class PoolUpdate extends BaculumAPI { public function set($id, $params) { $pool = $this->getModule('pool')->getPoolById($id); if(!is_null($pool)) { - $poolUpdate = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'pool="' . $pool->name . '"')); + $poolUpdate = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'pool="' . $pool->name . '"'), $this->user); $this->output = $poolUpdate->output; $this->error = (integer)$poolUpdate->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php b/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php index 1e065da42..770922fb8 100644 --- a/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php +++ b/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php @@ -26,7 +26,7 @@ class PoolUpdateVolumes extends BaculumAPI { if(!is_null($pool)) { $voldata = $this->getModule('volume')->getVolumesByPoolId($pool->poolid); if(!is_null($voldata)) { - $poolUpdateVolumes = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'volume="' . $voldata->volumename . '"', 'allfrompool="' . $pool->name . '"')); + $poolUpdateVolumes = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'volume="' . $voldata->volumename . '"', 'allfrompool="' . $pool->name . '"'), $this->user); $this->output = $poolUpdateVolumes->output; $this->error = (integer)$poolUpdateVolumes->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Pools.php b/gui/baculum/protected/Pages/API/Pools.php index c93bbea15..c847d5daa 100644 --- a/gui/baculum/protected/Pages/API/Pools.php +++ b/gui/baculum/protected/Pages/API/Pools.php @@ -21,7 +21,14 @@ class Pools extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $pools = $this->getModule('pool')->getPools($limit); - $this->output = $pools; + $allowedPools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.pool'), $this->user)->output; + $poolsOutput = array(); + foreach($pools as $pool) { + if(in_array($pool->name, $allowedPools)) { + $poolsOutput[] = $pool; + } + } + $this->output = $poolsOutput; $this->error = PoolError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/PoolsShow.php b/gui/baculum/protected/Pages/API/PoolsShow.php index 3a425decc..dc28112e2 100644 --- a/gui/baculum/protected/Pages/API/PoolsShow.php +++ b/gui/baculum/protected/Pages/API/PoolsShow.php @@ -20,7 +20,7 @@ class PoolsShow extends BaculumAPI { public function get() { - $pools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pools')); + $pools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pools'), $this->user); $this->output = $pools->output; $this->error = (integer)$pools->exitcode; } diff --git a/gui/baculum/protected/Pages/API/RestoreRun.php b/gui/baculum/protected/Pages/API/RestoreRun.php index bca51994a..3978ed07c 100644 --- a/gui/baculum/protected/Pages/API/RestoreRun.php +++ b/gui/baculum/protected/Pages/API/RestoreRun.php @@ -36,7 +36,7 @@ class RestoreRun extends BaculumAPI { if(preg_match('/^b2[\d]+$/', $rfile) === 1) { if(!is_null($where)) { if(!is_null($replace)) { - $restore = $this->getModule('bconsole')->bconsoleCommand($this->director, array('restore', 'file="?' . $rfile . '"', 'client="' . $client->name . '"', 'where="' . $where . '"', 'replace="' . $replace . '"', 'fileset="' . $fileset . '"', 'priority="' . $priority . '"', 'yes')); + $restore = $this->getModule('bconsole')->bconsoleCommand($this->director, array('restore', 'file="?' . $rfile . '"', 'client="' . $client->name . '"', 'where="' . $where . '"', 'replace="' . $replace . '"', 'fileset="' . $fileset . '"', 'priority="' . $priority . '"', 'yes'), $this->user); $this->output = $restore->output; $this->error = (integer)$restore->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageMount.php b/gui/baculum/protected/Pages/API/StorageMount.php index 535c837ac..8fb8ae197 100644 --- a/gui/baculum/protected/Pages/API/StorageMount.php +++ b/gui/baculum/protected/Pages/API/StorageMount.php @@ -24,7 +24,7 @@ class StorageMount extends BaculumAPI { $slot = intval($this->Request['slot']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageMount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('mount', 'storage="' . $storage->name . '"', 'drive=' . $drive, 'slot=' . $slot)); + $storageMount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('mount', 'storage="' . $storage->name . '"', 'drive=' . $drive, 'slot=' . $slot), $this->user); $this->output = $storageMount->output; $this->error = (integer)$storageMount->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageRelease.php b/gui/baculum/protected/Pages/API/StorageRelease.php index a1e10868d..824771263 100644 --- a/gui/baculum/protected/Pages/API/StorageRelease.php +++ b/gui/baculum/protected/Pages/API/StorageRelease.php @@ -22,7 +22,7 @@ class StorageRelease extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageRelease = $this->getModule('bconsole')->bconsoleCommand($this->director, array('release', 'storage="' . $storage->name . '"')); + $storageRelease = $this->getModule('bconsole')->bconsoleCommand($this->director, array('release', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageRelease->output; $this->error = (integer)$storageRelease->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageShow.php b/gui/baculum/protected/Pages/API/StorageShow.php index 587a18d4a..c84bc34b5 100644 --- a/gui/baculum/protected/Pages/API/StorageShow.php +++ b/gui/baculum/protected/Pages/API/StorageShow.php @@ -22,7 +22,7 @@ class StorageShow extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storage="' . $storage->name . '"')); + $storageShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageShow->output; $this->error = (integer)$storageShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageStatus.php b/gui/baculum/protected/Pages/API/StorageStatus.php index c10b89d85..baaf4a27d 100644 --- a/gui/baculum/protected/Pages/API/StorageStatus.php +++ b/gui/baculum/protected/Pages/API/StorageStatus.php @@ -22,7 +22,7 @@ class StorageStatus extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'storage="' . $storage->name . '"')); + $storageStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageStatus->output; $this->error = (integer)$storageStatus->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageUmount.php b/gui/baculum/protected/Pages/API/StorageUmount.php index 9b4776909..b8c6c7bd8 100644 --- a/gui/baculum/protected/Pages/API/StorageUmount.php +++ b/gui/baculum/protected/Pages/API/StorageUmount.php @@ -23,7 +23,7 @@ class StorageUmount extends BaculumAPI { $drive = intval($this->Request['drive']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageUmount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('umount', 'storage="' . $storage->name . '"', 'drive=' . $drive)); + $storageUmount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('umount', 'storage="' . $storage->name . '"', 'drive=' . $drive), $this->user); $this->output = $storageUmount->output; $this->error = (integer)$storageUmount->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Storages.php b/gui/baculum/protected/Pages/API/Storages.php index bddfa7b64..9d4df64a7 100644 --- a/gui/baculum/protected/Pages/API/Storages.php +++ b/gui/baculum/protected/Pages/API/Storages.php @@ -22,7 +22,14 @@ class Storages extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $storages = $this->getModule('storage')->getStorages($limit); - $this->output = $storages; + $allowedStorages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.storage'), $this->user)->output; + $storagesOutput = array(); + foreach($storages as $storage) { + if(in_array($storage->name, $allowedStorages)) { + $storagesOutput[] = $storage; + } + } + $this->output = $storagesOutput; $this->error = StorageError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/StoragesShow.php b/gui/baculum/protected/Pages/API/StoragesShow.php index 297099759..368767a4c 100644 --- a/gui/baculum/protected/Pages/API/StoragesShow.php +++ b/gui/baculum/protected/Pages/API/StoragesShow.php @@ -20,7 +20,7 @@ class StoragesShow extends BaculumAPI { public function get() { - $storages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storages')); + $storages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storages'), $this->user); $this->output = $storages->output; $this->error = (integer)$storages->exitcode; } diff --git a/gui/baculum/protected/Pages/API/Volume.php b/gui/baculum/protected/Pages/API/Volume.php index c4432b290..411e34073 100644 --- a/gui/baculum/protected/Pages/API/Volume.php +++ b/gui/baculum/protected/Pages/API/Volume.php @@ -31,7 +31,7 @@ class Volume extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('volume')->setVolume($id, $params); + $result = ($this->user === null) ? $this->getModule('volume')->setVolume($id, $params) : true; if($result === true) { $this->output = null; $this->error = VolumeError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/VolumePrune.php b/gui/baculum/protected/Pages/API/VolumePrune.php index 19a037690..4beb26607 100644 --- a/gui/baculum/protected/Pages/API/VolumePrune.php +++ b/gui/baculum/protected/Pages/API/VolumePrune.php @@ -22,7 +22,7 @@ class VolumePrune extends BaculumAPI { $mediaid = intval($this->Request['id']); $volume = $this->getModule('volume')->getVolumeById($mediaid); if(!is_null($volume)) { - $prune = $this->getModule('bconsole')->bconsoleCommand($this->director, array('prune', 'volume="' . $volume->volumename . '"', 'yes')); + $prune = $this->getModule('bconsole')->bconsoleCommand($this->director, array('prune', 'volume="' . $volume->volumename . '"', 'yes'), $this->user); $this->output = $prune->output; $this->error = (integer)$prune->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/VolumePurge.php b/gui/baculum/protected/Pages/API/VolumePurge.php index 1aba55ba7..0f7453307 100644 --- a/gui/baculum/protected/Pages/API/VolumePurge.php +++ b/gui/baculum/protected/Pages/API/VolumePurge.php @@ -22,7 +22,7 @@ class VolumePurge extends BaculumAPI { $mediaid = intval($this->Request['id']); $volume = $this->getModule('volume')->getVolumeById($mediaid); if(!is_null($volume)) { - $purge = $this->getModule('bconsole')->bconsoleCommand($this->director, array('purge', 'volume="' . $volume->volumename . '"', 'yes')); + $purge = $this->getModule('bconsole')->bconsoleCommand($this->director, array('purge', 'volume="' . $volume->volumename . '"', 'yes'), $this->user); $this->output = $purge->output; $this->error = (integer)$purge->exitcode; } else { diff --git a/gui/baculum/protected/Pages/ConfigurationWizard.page b/gui/baculum/protected/Pages/ConfigurationWizard.page index 74086ce95..7cda83b63 100644 --- a/gui/baculum/protected/Pages/ConfigurationWizard.page +++ b/gui/baculum/protected/Pages/ConfigurationWizard.page @@ -166,7 +166,7 @@
-
+
@@ -207,6 +207,23 @@

<%[ NOTE! ]%>
<%[ Baculum needs access to bconsole by the web server. ]%>

+
+
+

<%[ For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user. ]%>

+
+
+

<%[ If there is used only one Baculum user then below field value will be ignored. ]%>

+
+
+
+
+ + +
+
+
+

<%[ NOTE! ]%>
<%[ {user} keyword will be replaced for each logged user into according username. ]%>

+
@@ -277,9 +294,13 @@
<%=$this->BconsolePath->Text%>
-
<%[ Bconsole config file path: ]%>
+
<%[ Bconsole admin config file path: ]%>
<%=$this->BconsoleConfigPath->Text%>
+
+
<%[ Bconsole custom config file path: ]%>
+
<%=$this->BconsoleConfigCustomPath->Text%>
+
<%[ Use sudo for bconsole requests: ]%>
<%=($this->UseSudo->Checked === true) ? 'yes' : 'no'%>
diff --git a/gui/baculum/protected/Pages/ConfigurationWizard.php b/gui/baculum/protected/Pages/ConfigurationWizard.php index 2a6214872..c818af0c4 100644 --- a/gui/baculum/protected/Pages/ConfigurationWizard.php +++ b/gui/baculum/protected/Pages/ConfigurationWizard.php @@ -34,12 +34,16 @@ class ConfigurationWizard extends BaculumPage const DEFAULT_DB_LOGIN = 'bacula'; const DEFAULT_BCONSOLE_BIN = '/usr/sbin/bconsole'; const DEFAULT_BCONSOLE_CONF = '/etc/bacula/bconsole.conf'; + const DEFAULT_BCONSOLE_CONF_CUSTOM = '/etc/bacula/bconsole-{user}.conf'; public function onInit($param) { parent::onInit($param); $this->Lang->SelectedValue = $this->Session['language']; $this->firstRun = !$this->getModule('configuration')->isApplicationConfig(); $this->applicationConfig = $this->getModule('configuration')->getApplicationConfig(); + if($this->firstRun === false && $this->User->getIsAdmin() === false) { + die('Access denied.'); + } } public function onLoad($param) { @@ -52,6 +56,7 @@ class ConfigurationWizard extends BaculumPage $this->Login->Text = self::DEFAULT_DB_LOGIN; $this->BconsolePath->Text = self::DEFAULT_BCONSOLE_BIN; $this->BconsoleConfigPath->Text = self::DEFAULT_BCONSOLE_CONF; + $this->BconsoleConfigCustomPath->Text = self::DEFAULT_BCONSOLE_CONF_CUSTOM; } else { $this->DBType->SelectedValue = $this->getPage()->applicationConfig['db']['type']; $this->DBName->Text = $this->applicationConfig['db']['name']; @@ -63,6 +68,7 @@ class ConfigurationWizard extends BaculumPage $this->DBPath->Text = $this->applicationConfig['db']['path']; $this->BconsolePath->Text = $this->applicationConfig['bconsole']['bin_path']; $this->BconsoleConfigPath->Text = $this->applicationConfig['bconsole']['cfg_path']; + $this->BconsoleConfigCustomPath->Text = array_key_exists('cfg_custom_path', $this->applicationConfig['bconsole']) ? $this->applicationConfig['bconsole']['cfg_custom_path'] : self::DEFAULT_BCONSOLE_CONF_CUSTOM; $this->UseSudo->Checked = $this->getPage()->applicationConfig['bconsole']['use_sudo'] == 1; $this->PanelLogin->Text = $this->applicationConfig['baculum']['login']; $this->PanelPassword->Text = $this->applicationConfig['baculum']['password']; @@ -92,6 +98,7 @@ class ConfigurationWizard extends BaculumPage $cfgData['db']['path'] = $this->Application->getModule('configuration')->isSQLiteType($cfgData['db']['type']) ? $this->DBPath->Text : ''; $cfgData['bconsole']['bin_path'] = $this->BconsolePath->Text; $cfgData['bconsole']['cfg_path'] = $this->BconsoleConfigPath->Text; + $cfgData['bconsole']['cfg_custom_path'] = $this->BconsoleConfigCustomPath->Text; $cfgData['bconsole']['use_sudo'] = (integer)($this->UseSudo->Checked === true); $cfgData['baculum']['login'] = $this->PanelLogin->Text; $cfgData['baculum']['password'] = $this->PanelPassword->Text; diff --git a/gui/baculum/protected/Pages/Home.page b/gui/baculum/protected/Pages/Home.page index 178095a8f..29a41b401 100644 --- a/gui/baculum/protected/Pages/Home.page +++ b/gui/baculum/protected/Pages/Home.page @@ -13,7 +13,7 @@ - +
diff --git a/gui/baculum/protected/Pages/Home.php b/gui/baculum/protected/Pages/Home.php index 29c21eae2..854fd7b35 100644 --- a/gui/baculum/protected/Pages/Home.php +++ b/gui/baculum/protected/Pages/Home.php @@ -31,6 +31,11 @@ class Home extends BaculumPage $this->goToPage('ConfigurationWizard'); } + $appConfig = $this->getModule('configuration')->getApplicationConfig(); + + $this->SettingsWizardBtn->Visible = $this->User->getIsAdmin(); + $this->MediaBtn->Visible = $this->User->getIsAdmin(); + if(!$this->IsPostBack && !$this->IsCallBack) { $this->Logging->Checked = $this->getModule('logging')->isDebugOn(); } diff --git a/gui/baculum/protected/Pages/config.xml b/gui/baculum/protected/Pages/config.xml new file mode 100644 index 000000000..18bd4b30e --- /dev/null +++ b/gui/baculum/protected/Pages/config.xml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/gui/baculum/protected/application.xml b/gui/baculum/protected/application.xml index fa4232622..11bd376c5 100644 --- a/gui/baculum/protected/application.xml +++ b/gui/baculum/protected/application.xml @@ -96,6 +96,8 @@ + +