From: Marcin Haba <marcin.haba@bacula.pl>
Date: Sun, 6 Aug 2017 07:19:32 +0000 (+0200)
Subject: baculum: Add ability to assign host to specific user
X-Git-Tag: Release-9.0.3~5
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=defcf9a3eb3c2655fef28380b34b1d2bded8a947;p=bacula%2Fbacula

baculum: Add ability to assign host to specific user

- Define api host for user
- Fix users working in BWeb
- Drop using user manager
- Separate users code to new portlet
---

diff --git a/gui/baculum/protected/API/Pages/API/Jobs.php b/gui/baculum/protected/API/Pages/API/Jobs.php
index 942e70e53d..e7a7bb6b82 100644
--- a/gui/baculum/protected/API/Pages/API/Jobs.php
+++ b/gui/baculum/protected/API/Pages/API/Jobs.php
@@ -24,23 +24,16 @@ class Jobs extends BaculumAPIServer {
 	public function get() {
 		$limit = intval($this->Request['limit']);
 		$allowed = array();
-		$error = false;
-		if (!is_null($this->user)) {
-			$allowedJobs = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs'), $this->user);
-			if ($allowedJobs->exitcode === 0) {
-				array_shift($allowedJobs->output);
-				$allowed = $allowedJobs->output;
-			} else {
-				$error = true;
-				$this->output = $allowedJobs->output;
-				$this->error = $allowedJobs->exitcode;
-			}
-		}
-
-		if ($error === false) {
+		$allowedJobs = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs'), $this->user);
+		if ($allowedJobs->exitcode === 0) {
+			array_shift($allowedJobs->output);
+			$allowed = $allowedJobs->output;
 			$jobs = $this->getModule('job')->getJobs($limit, $allowed);
 			$this->output = $jobs;
 			$this->error = JobError::ERROR_NO_ERRORS;
+		} else {
+			$this->output = $allowedJobs->output;
+			$this->error = $allowedJobs->exitcode;
 		}
 	}
 }
diff --git a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
index c676fb68f4..5429682e6d 100644
--- a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
+++ b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
@@ -59,7 +59,7 @@ class APIInstallWizard extends BaculumAPIPage {
 		$config = $this->getModule('api_config');
 		$this->config = $config->getConfig();
 		$this->first_run = (count($this->config) === 0);
-		if ($this->first_run === false && $this->User->getIsAdmin() === false) {
+		if ($this->first_run === false) {
 			die('Access denied.');
 		}
 	}
diff --git a/gui/baculum/protected/API/Pages/config.xml b/gui/baculum/protected/API/Pages/config.xml
index 3013ffcca8..60e712cc00 100644
--- a/gui/baculum/protected/API/Pages/config.xml
+++ b/gui/baculum/protected/API/Pages/config.xml
@@ -4,9 +4,6 @@
 		<using namespace="Application.API.Class.BaculumAPIServer" />
 	</paths>
 	<modules>
-		<!-- API auth modules (@TODO: change auth method for API to more secure) -->
-		<module id="api_users" class="Application.Common.Class.BaculumUsersManager" />
-		<module id="api_auth" class="System.Security.TAuthManager" UserManager="api_users" AllowAutoLogin="true" AuthExpire="864000" />
 		<!-- database modules -->
 		<module id="db" class="Application.API.Class.Database" />
 		<module id="client" class="Application.API.Class.ClientManager" />
diff --git a/gui/baculum/protected/Common/Class/BaculumUser.php b/gui/baculum/protected/Common/Class/BaculumUser.php
deleted file mode 100644
index 320cbaf9e2..0000000000
--- a/gui/baculum/protected/Common/Class/BaculumUser.php
+++ /dev/null
@@ -1,45 +0,0 @@
-<?php
-/*
- * Bacula(R) - The Network Backup Solution
- * Baculum   - Bacula web interface
- *
- * Copyright (C) 2013-2016 Kern Sibbald
- *
- * The main author of Baculum is Marcin Haba.
- * The original author of Bacula is Kern Sibbald, with contributions
- * from many others, a complete list can be found in the file AUTHORS.
- *
- * You may use this file and others of this release according to the
- * license defined in the LICENSE file, which includes the Affero General
- * Public License, v3.0 ("AGPLv3") and some additional permissions and
- * terms pursuant to its AGPLv3 Section 7.
- *
- * This notice must be preserved when any source code is
- * conveyed and/or propagated.
- *
- * Bacula(R) is a registered trademark of Kern Sibbald.
- */
-
-Prado::using('System.Security.TUser');
-
-class BaculumUser extends TUser implements IUser {
-
-	private $_id;
-
-	public function getID() {
-		return $this->_id;
-	}
-
-	public function setID($id) {
-		$this->_id = $id;
-	}
-
-	public function getIsAdmin() {
-		return $this->isInRole('admin');
-	}
-
-	public function getIsUser() {
-		return $this->isInRole('user');
-	}
-}
-?>
diff --git a/gui/baculum/protected/Common/Class/BaculumUsersManager.php b/gui/baculum/protected/Common/Class/BaculumUsersManager.php
deleted file mode 100644
index 7e5f655a99..0000000000
--- a/gui/baculum/protected/Common/Class/BaculumUsersManager.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php
-/*
- * Bacula(R) - The Network Backup Solution
- * Baculum   - Bacula web interface
- *
- * Copyright (C) 2013-2016 Kern Sibbald
- *
- * The main author of Baculum is Marcin Haba.
- * The original author of Bacula is Kern Sibbald, with contributions
- * from many others, a complete list can be found in the file AUTHORS.
- *
- * You may use this file and others of this release according to the
- * license defined in the LICENSE file, which includes the Affero General
- * Public License, v3.0 ("AGPLv3") and some additional permissions and
- * terms pursuant to its AGPLv3 Section 7.
- *
- * This notice must be preserved when any source code is
- * conveyed and/or propagated.
- *
- * Bacula(R) is a registered trademark of Kern Sibbald.
- */
-
-Prado::using('System.Security.IUserManager');
-Prado::using('Application.Common.Class.CommonModule');
-Prado::using('Application.Common.Class.BaculumUser');
-
-class BaculumUsersManager extends CommonModule implements IUserManager {
-
-
-	// @TODO: Do auth managers transparent for application without using 'web' and 'api' modules.
-	private $auth_managers = array(
-		'web_users' => 'web_auth',
-		'api_users' => 'api_auth'
-	);
-
-	public function getGuestName() {
-		return 'guest';
-	}
-
-	public function validateUser($username, $password) {
-		/*
-		 * In Basic auth web server cares about access.
-		 * For OAuth2 there will be separate module.
-		 */
-		$valid = true;
-		// @TOREMOVE
-		/*if(!empty($username) && !empty($password)) {
-			$users = $this->configMod->getAllUsers();
-			$valid = (array_key_exists($username, $users) && $password === $users[$username]);
-		}*/
-		return $valid;
-	}
-
-	public function getUser($username = null) {
-		$user = new BaculumUser($this);
-		$user->setIsGuest(false);
-		$id = sha1(time());
-		$user->setID($id);
-		$user->setName($username);
-		// @TOFIX: Don't use web config values here
-		/*if(is_null($this->config) || $this->config['baculum']['login'] === $username) {
-			$user->setRoles('admin');
-		} else {
-			$user->setRoles('user');
-		}*/
-		// @TODO: Set roles in Web part only for webGUI users. API will have own new auth method.
-		// Temporary set user to admin.
-		$user->setRoles('admin');
-		return $user;
-	}
-
-	public function getUserFromCookie($cookie) {
-		$data = $cookie->Value;
-		if (!empty($data)) {
-			$data = $this->Application->SecurityManager->validateData($data);
-			if ($data != false) {
-				$data = unserialize($data);
-				if (is_array($data) && count($data) === 3) {
-					list($username, $address, $token) = $data;
-					return $this->getUser($username);
-				}
-			}
-		}
-	}
-
-	public function saveUserToCookie($cookie) {
-		$address = $this->Application->Request->UserHostAddress;
-		$username = $this->User->getName();
-		$token = $this->User->getID();
-		$data = array($username, $address, $token);
-		$data = serialize($data);
-		$data = $this->Application->SecurityManager->hashData($data);
-		$cookie->setValue($data);
-	}
-
-	public function loginUser($user = null, $pwd = null) {
-		if (is_null($user) && is_null($pwd) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
-			$user = $_SERVER['PHP_AUTH_USER'];
-			$pwd = $_SERVER['PHP_AUTH_PW'];
-		}
-		$auth = $this->auth_managers[$this->getID()];
-		$logged = $this->Application->getModule($auth)->login($user, $pwd, 86400);
-		return $logged;
-	}
-}
-?>
diff --git a/gui/baculum/protected/Web/Class/BaculumAPIClient.php b/gui/baculum/protected/Web/Class/BaculumAPIClient.php
index d918aa1af1..6e7ce35bb3 100644
--- a/gui/baculum/protected/Web/Class/BaculumAPIClient.php
+++ b/gui/baculum/protected/Web/Class/BaculumAPIClient.php
@@ -259,7 +259,11 @@ class BaculumAPIClient extends WebModule {
 		$cached = null;
 		$ret = null;
 		if (is_null($host)) {
-			$host = HostConfig::MAIN_CATALOG_HOST;
+			if (isset($_SESSION['api_host'])) {
+				$host = $_SESSION['api_host'];
+			} else {
+				$host = HostConfig::MAIN_CATALOG_HOST;
+			}
 		}
 		if ($use_cache === true) {
 			$cached = $this->getSessionCache($host, $params);
@@ -296,7 +300,11 @@ class BaculumAPIClient extends WebModule {
 	 */
 	public function set(array $params, array $options, $host = null, $show_error = true) {
 		if (is_null($host)) {
-			$host = HostConfig::MAIN_CATALOG_HOST;
+			if (isset($_SESSION['api_host'])) {
+				$host = $_SESSION['api_host'];
+			} else {
+				$host = HostConfig::MAIN_CATALOG_HOST;
+			}
 		}
 		$host_cfg = $this->getHostParams($host);
 		$uri = $this->getURIResource($host, $params);
@@ -329,7 +337,11 @@ class BaculumAPIClient extends WebModule {
 	 */
 	public function create(array $params, array $options, $host = null, $show_error = true) {
 		if (is_null($host)) {
-			$host = HostConfig::MAIN_CATALOG_HOST;
+			if (isset($_SESSION['api_host'])) {
+				$host = $_SESSION['api_host'];
+			} else {
+				$host = HostConfig::MAIN_CATALOG_HOST;
+			}
 		}
 		$host_cfg = $this->getHostParams($host);
 		$uri = $this->getURIResource($host, $params);
@@ -357,7 +369,11 @@ class BaculumAPIClient extends WebModule {
 	 */
 	public function remove(array $params, $host = null, $show_error = true) {
 		if (is_null($host)) {
-			$host = HostConfig::MAIN_CATALOG_HOST;
+			if (isset($_SESSION['api_host'])) {
+				$host = $_SESSION['api_host'];
+			} else {
+				$host = HostConfig::MAIN_CATALOG_HOST;
+			}
 		}
 		$host_cfg = $this->getHostParams($host);
 		$uri = $this->getURIResource($host, $params);
diff --git a/gui/baculum/protected/Web/Class/BaculumWebPage.php b/gui/baculum/protected/Web/Class/BaculumWebPage.php
index e98a7bf34f..ae2fdba191 100644
--- a/gui/baculum/protected/Web/Class/BaculumWebPage.php
+++ b/gui/baculum/protected/Web/Class/BaculumWebPage.php
@@ -20,6 +20,8 @@
  * Bacula(R) is a registered trademark of Kern Sibbald.
  */
 
+session_start();
+
 Prado::using('Application.Common.Class.BaculumPage');
 Prado::using('Application.Web.Class.WebConfig');
 
diff --git a/gui/baculum/protected/Web/JavaScript/misc.js b/gui/baculum/protected/Web/JavaScript/misc.js
index b9b0db81f8..1327080579 100644
--- a/gui/baculum/protected/Web/JavaScript/misc.js
+++ b/gui/baculum/protected/Web/JavaScript/misc.js
@@ -233,8 +233,10 @@ var Dashboard = {
 		document.getElementById(this.ids.jobtotals.total_files).textContent = this.stats.jobtotals.files || 0;
 	},
 	update_database: function() {
-		document.getElementById(this.ids.database.type).textContent = this.dbtype[this.stats.dbsize.dbtype];
-		document.getElementById(this.ids.database.size).textContent = Units.get_decimal_size(this.stats.dbsize.dbsize);
+		if (this.stats.dbsize.dbsize) {
+			document.getElementById(this.ids.database.type).textContent = this.dbtype[this.stats.dbsize.dbtype];
+			document.getElementById(this.ids.database.size).textContent = Units.get_decimal_size(this.stats.dbsize.dbsize);
+		}
 	},
 	update_pools: function() {
 		var pools = this.stats.pools_occupancy;
@@ -277,11 +279,15 @@ var Users = {
 		change_pwd: {
 			rel_chpwd: 'chpwd',
 			rel_chpwd_btn: 'chpwd_btn'
+		},
+		set_host: {
+			rel_user_host: 'user_host_img'
 		}
 	},
 	validators: {
 		user_pattern: null
 	},
+	current_action: null,
 	init: function() {
 		this.setEvents();
 	},
@@ -365,6 +371,16 @@ var Users = {
 		this.action_callback('chpwd', user, pwd);
 		return true;
 	},
+	set_host: function(user, select) {
+		select.nextElementSibling.style.visibility = 'visible';
+		this.action_callback('set_host', user, select.value);
+	},
+	hide_loader: function() {
+		if (this.current_action === 'set_host') {
+			$('img[rel=\'' + this.ids.set_host.rel_user_host + '\']').css({visibility: 'hidden'});
+		}
+
+	},
 	cancelAddUser: function() {
 		$('#' + this.ids.create_user.add_user).hide();
 	},
diff --git a/gui/baculum/protected/Web/JavaScript/slide-window.js b/gui/baculum/protected/Web/JavaScript/slide-window.js
index c8dd15f208..ce24cf7fd0 100644
--- a/gui/baculum/protected/Web/JavaScript/slide-window.js
+++ b/gui/baculum/protected/Web/JavaScript/slide-window.js
@@ -292,7 +292,7 @@ var SlideWindowClass = jQuery.klass({
 					return;
 				}
 				set_callback_parameter(tr);
-			}.bind(tr));
+			});
 		}.bind(this));
 		Formatters.set_formatters();
 		this.revertSortingFromCookie();
diff --git a/gui/baculum/protected/Web/Lang/en/messages.mo b/gui/baculum/protected/Web/Lang/en/messages.mo
index 07248f9c71..639fe1df70 100644
Binary files a/gui/baculum/protected/Web/Lang/en/messages.mo and b/gui/baculum/protected/Web/Lang/en/messages.mo differ
diff --git a/gui/baculum/protected/Web/Lang/en/messages.po b/gui/baculum/protected/Web/Lang/en/messages.po
index 3e88541eb0..6eaba610f5 100644
--- a/gui/baculum/protected/Web/Lang/en/messages.po
+++ b/gui/baculum/protected/Web/Lang/en/messages.po
@@ -1408,3 +1408,12 @@ msgstr "OAuth2 Scope:"
 
 msgid "Restore job:"
 msgstr "Restore job:"
+
+msgid "API host"
+msgstr "API host"
+
+msgid "API host:"
+msgstr "API host:"
+
+msgid "Select host"
+msgstr "Select host"
diff --git a/gui/baculum/protected/Web/Lang/ja/messages.mo b/gui/baculum/protected/Web/Lang/ja/messages.mo
index d1bf720ba3..db593bd790 100644
Binary files a/gui/baculum/protected/Web/Lang/ja/messages.mo and b/gui/baculum/protected/Web/Lang/ja/messages.mo differ
diff --git a/gui/baculum/protected/Web/Lang/ja/messages.po b/gui/baculum/protected/Web/Lang/ja/messages.po
index ed84f3abd9..b10f5213b5 100644
--- a/gui/baculum/protected/Web/Lang/ja/messages.po
+++ b/gui/baculum/protected/Web/Lang/ja/messages.po
@@ -1153,3 +1153,12 @@ msgstr "No jobs for the client."
 
 msgid "Restore job:"
 msgstr "Restore job:"
+
+msgid "API host"
+msgstr "API host"
+
+msgid "API host:"
+msgstr "API host:"
+
+msgid "Select host"
+msgstr "Select host"
diff --git a/gui/baculum/protected/Web/Lang/pl/messages.mo b/gui/baculum/protected/Web/Lang/pl/messages.mo
index 2224193e68..1d429a4693 100644
Binary files a/gui/baculum/protected/Web/Lang/pl/messages.mo and b/gui/baculum/protected/Web/Lang/pl/messages.mo differ
diff --git a/gui/baculum/protected/Web/Lang/pl/messages.po b/gui/baculum/protected/Web/Lang/pl/messages.po
index 602a85d865..14934474c6 100644
--- a/gui/baculum/protected/Web/Lang/pl/messages.po
+++ b/gui/baculum/protected/Web/Lang/pl/messages.po
@@ -1409,3 +1409,12 @@ msgstr "Zakresy OAuth2:"
 
 msgid "Restore job:"
 msgstr "Zadanie przywracania:"
+
+msgid "API host"
+msgstr "API host"
+
+msgid "API host:"
+msgstr "API host:"
+
+msgid "Select host"
+msgstr "Wybierz host"
diff --git a/gui/baculum/protected/Web/Lang/pt/messages.mo b/gui/baculum/protected/Web/Lang/pt/messages.mo
index 52783a3f0f..682a3dca96 100644
Binary files a/gui/baculum/protected/Web/Lang/pt/messages.mo and b/gui/baculum/protected/Web/Lang/pt/messages.mo differ
diff --git a/gui/baculum/protected/Web/Lang/pt/messages.po b/gui/baculum/protected/Web/Lang/pt/messages.po
index a20c093b02..32450403ac 100644
--- a/gui/baculum/protected/Web/Lang/pt/messages.po
+++ b/gui/baculum/protected/Web/Lang/pt/messages.po
@@ -1408,3 +1408,12 @@ msgstr "OAuth2 Scope:"
 
 msgid "Restore job:"
 msgstr "Restore job:"
+
+msgid "API host"
+msgstr "API host"
+
+msgid "API host:"
+msgstr "API host:"
+
+msgid "Select host"
+msgstr "Select host"
diff --git a/gui/baculum/protected/Web/Pages/Monitor.php b/gui/baculum/protected/Web/Pages/Monitor.php
index 6f1b7ba6f6..15852b55f0 100644
--- a/gui/baculum/protected/Web/Pages/Monitor.php
+++ b/gui/baculum/protected/Web/Pages/Monitor.php
@@ -25,7 +25,6 @@ Prado::using('Application.Web.Class.BaculumWebPage');
 class Monitor extends BaculumWebPage {
 	public function onInit($param) {
 		parent::onInit($param);
-		$this->Application->getModule('web_users')->loginUser();
 
 		$_SESSION['monitor_data'] = array(
 			'jobs' => array(),
@@ -40,7 +39,7 @@ class Monitor extends BaculumWebPage {
 		$_SESSION['monitor_data']['clients'] = $this->getModule('api')->get(array('clients'))->output;
 		$_SESSION['monitor_data']['pools'] = $this->getModule('api')->get(array('pools'))->output;
 		$_SESSION['monitor_data']['jobtotals'] = $this->getModule('api')->get(array('jobs', 'totals'))->output;
-		if ($this->User->getIsAdmin() === true) {
+		if ($_SESSION['admin']) {
 			$_SESSION['monitor_data']['dbsize'] = $this->getModule('api')->get(array('dbsize'))->output;
 		}
 
diff --git a/gui/baculum/protected/Web/Pages/RestoreWizard.php b/gui/baculum/protected/Web/Pages/RestoreWizard.php
index b9c8637b7f..f395a7812b 100644
--- a/gui/baculum/protected/Web/Pages/RestoreWizard.php
+++ b/gui/baculum/protected/Web/Pages/RestoreWizard.php
@@ -47,11 +47,6 @@ class RestoreWizard extends BaculumWebPage
 
 	const BVFS_PATH_PREFIX = 'b2';
 
-	public function onPreInit($param) {
-		parent::onPreInit($param);
-		$this->Application->getModule('web_users')->loginUser();
-	}
-
 	public function onInit($param) {
 		parent::onInit($param);
 		if(!$this->IsPostBack && !$this->IsCallBack) {
diff --git a/gui/baculum/protected/Web/Pages/WebConfigWizard.php b/gui/baculum/protected/Web/Pages/WebConfigWizard.php
index e1c042ee0b..2450e99670 100644
--- a/gui/baculum/protected/Web/Pages/WebConfigWizard.php
+++ b/gui/baculum/protected/Web/Pages/WebConfigWizard.php
@@ -40,7 +40,7 @@ class WebConfigWizard extends BaculumWebPage
 		$this->web_config = $config->getConfig();
 		$this->host_config = $this->getModule('host_config')->getConfig();
 		$this->first_run = (count($this->host_config) == 0);
-		if($this->first_run === false && $this->User->getIsAdmin() === false) {
+		if($this->first_run === false && !$_SESSION['admin']) {
 			die('Access denied.');
 		}
 	}
@@ -119,11 +119,19 @@ class WebConfigWizard extends BaculumWebPage
 		$host_config[$host] = $cfg_host;
 		$ret = $this->getModule('host_config')->setConfig($host_config);
 		if($ret === true) {
-			$cfg_web = array('baculum' => array());
+			$web_config = $this->getModule('web_config')->getConfig();
+			$cfg_web = array('baculum' => array(), 'users' => array());
+			if (count($web_config) > 0) {
+				$cfg_web = $web_config;
+			}
 			$cfg_web['baculum']['login'] = $this->WebLogin->Text;
 			$cfg_web['baculum']['password'] = $this->WebPassword->Text;
 			$cfg_web['baculum']['debug'] = 0;
 			$cfg_web['baculum']['lang'] = 'en';
+			if (array_key_exists('users', $cfg_web) && array_key_exists($this->WebLogin->Text, $cfg_web)) {
+				// Admin shoudn't be added to users section, only regular users
+				unset($cfg_web['users'][$this->WebLogin->Text]);
+			}
 			$ret = $this->getModule('web_config')->setConfig($cfg_web);
 			if($ret && $this->getModule('basic_webuser')->isUsersConfig() === true) {
 				$previous_user = !$this->first_run ? $this->web_config['baculum']['login'] : null;
diff --git a/gui/baculum/protected/Web/Pages/WebHome.page b/gui/baculum/protected/Web/Pages/WebHome.page
index d2b8c60fb3..59200bd757 100644
--- a/gui/baculum/protected/Web/Pages/WebHome.page
+++ b/gui/baculum/protected/Web/Pages/WebHome.page
@@ -12,9 +12,9 @@
 				<com:TActiveLinkButton ID="Workspace" Text="<%[ Workspace ]%>" Attributes.onclick="PanelWindow.show('container'); return false;" />
 				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/graphs.png" alt="" onclick="$('#<%=$this->Graphs->ClientID%>').click()" />
 				<com:TActiveLinkButton ID="Graphs" Text="<%[ Graphs ]%>" Attributes.onclick="PanelWindow.show('graphs'); return false;" />
-				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/users.png" alt="" onclick="$('#<%=$this->Users->ClientID%>').click()" <%=$this->User->getIsAdmin() === false ? ' style="display: none;"' : ''%>/>
+				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/users.png" alt="" onclick="$('#<%=$this->Users->ClientID%>').click()" <%=!$_SESSION['admin'] ? ' style="display: none;"' : ''%>/>
 				<com:TActiveLinkButton ID="Users" Text="<%[ Users ]%>" Attributes.onclick="PanelWindow.show('users'); return false;" />
-				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/config.png" alt="" onclick="$('#<%=$this->Config->ClientID%>').click()" />
+				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/config.png" alt="" onclick="$('#<%=$this->Config->ClientID%>').click()" <%=!$_SESSION['admin'] ? ' style="display: none;"' : ''%> />
 				<com:TActiveLinkButton ID="Config" Text="<%[ Configuration ]%>" Attributes.onclick="PanelWindow.show('config'); return false;" />
 				<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/logout.png" alt="" onclick="$('#<%=$this->Logout->ClientID%>').click()" />
 				<com:TActiveLinkButton ID="Logout" Text="<%[ Logout ]%>" OnCommand="Page.logout" />
@@ -52,7 +52,7 @@
 					<p><span><%[ Most often used: ]%></span><span id="jobs_most"></span></p>
 					<p><span><%[ Execution count most used: ]%></span><span id="jobs_most_count"></span> <%[ times ]%></p>
 				</fieldset>
-				<fieldset class="dashboard_field"<%=$this->User->getIsAdmin() === false ? ' style="display: none;"' : ''%>>
+				<fieldset class="dashboard_field"<%=!$_SESSION['admin'] ? ' style="display: none;"' : ''%>>
 					<legend><%[ Database ]%></legend>
 					<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/database.png" alt="" />
 					<p><span><%[ Database type: ]%></span><span id="database_type"></span></p>
@@ -75,7 +75,7 @@
 					<legend><%[ Restore Wizard ]%></legend>
 					<a class="big" href="<%=$this->Service->constructUrl('RestoreWizard')%>" style="line-height: 73px; display: block; text-align: center;"><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/restore.png" alt="" /><%[ Perform Restore ]%></a>
 				</fieldset>
-				<fieldset class="dashboard_field"<%=$this->User->getIsAdmin() === false ? ' style="display: none;"' : ''%>>
+				<fieldset class="dashboard_field"<%=!$_SESSION['admin'] ? ' style="display: none;"' : ''%>>
 					<legend><%[ Configuration Wizard ]%></legend>
 					<a class="big" href="<%=$this->Service->constructUrl('WebConfigWizard')%>" style="line-height: 73px; display: block; text-align: center;"><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/setting.png" alt="" /><%[ Baculum Settings ]%></a>
 				</fieldset>
@@ -293,78 +293,12 @@
 		<div><com:Application.Web.Portlets.BaculaHosts ID="BaculaConfig" /></div>
 	</div>
 	<div id="users" style="display: none">
-		<div>
-			<a href="javascript:void(0)" id="add_user_btn"><strong><%[ Add new user ]%></strong></a>
-			<div id="add_user" style="display: none">
-				<p><%[ Username: ]%><input id="newuser" type="text" /><%[ Password: ]%><input id="newpwd" type="password" />
-				<a href="javascript:void(0)" onclick="Users.addUser()">
-					<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_ok.png" alt="<%[ Save ]%>" title="<%[ Save ]%>"/>
-				</a>
-				<a href="javascript:void(0)" onclick="Users.cancelAddUser()">
-					<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_err.png" alt="<%[ Close ]%>" title="<%[ Close ]%>" />
-				</a></p>
-			</div>
-			<com:TActiveRepeater ID="UsersList">
-				<prop:HeaderTemplate>
-				<table id="users_list" class="window-section-detail-smallrow">
-					<tr>
-						<th><%[ User name ]%></th>
-						<th><%[ Role ]%></th>
-						<th><%[ Actions ]%></th>
-					</tr>
-				</prop:HeaderTemplate>
-				<prop:ItemTemplate>
-					<tr class="slide-window-element">
-						<td><%=$this->DataItem%></td>
-						<td><%=$this->User->getName() == $this->DataItem ? Prado::localize('Administrator') :  Prado::localize('Normal user')%></td>
-						<td>
-							<a href="javascript:void(0)" <%=$this->User->getName() == $this->DataItem ? 'style="visibility: hidden"' : ''%> onclick="Users.rmUser('<%=$this->DataItem%>')"><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/user-del.png"> <%[ Remove user ]%></a>
-							<a href="javascript:void(0)" onclick="Users.showChangePwd(this)" rel="chpwd_btn">
-								<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/key.png" alt="" />
-								<%[ Change password ]%>
-							</a>
-							<span style="display: none;" rel="chpwd">
-								<input type="password" onkeydown="event.keyCode == 13 ? Users.changePwd(this, '<%=$this->DataItem%>') : (event.keyCode == 27 ? Users.cancelChangePwd(this.nextElementSibling.nextElementSibling) : '');" />
-								<a href="javascript:void(0)" onclick="Users.changePwd(this.prevousElementSibling, '<%=$this->DataItem%>')">
-									<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_ok.png" alt="<%[ Save ]%>" title="<%[ Save ]%>"/>
-								</a>
-								<a href="javascript:void(0)" onclick="Users.cancelChangePwd(this)">
-									<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_err.png" alt="<%[ Close ]%>" title="<%[ Close ]%>" />
-								</a>
-							</span>
-						</td>
-					</tr>
-				</prop:ItemTemplate>
-				<prop:FooterTemplate>
-					</table>
-				</prop:FooterTemplate>
-			</com:TActiveRepeater>
-			<p><em><%[ Please note that for each user (excluding administrator) there should exist separate Bconsole config file in form: ]%> <strong><com:TLabel ID="BconsoleCustomPath" /></strong></em></p>
-			<com:TCallback ID="UserAction" OnCallback="userAction" />
-			<script type="text/javascript">
-				var send_user_action = function(action, param, value) {
-					if (!value) {
-						value = '';
-					}
-					var user_action_callback = <%=$this->UserAction->ActiveControl->Javascript%>;
-					user_action_callback.setCallbackParameter([action, param, value].join(';'));
-					user_action_callback.dispatch();
-				};
-				Users.txt = {
-					enter_login: '<%[ Please enter login. ]%>',
-					invalid_login: '<%[ Invalid login value. Login may contain a-z A-Z 0-9 characters. ]%>',
-					invalid_pwd: '<%[ Password must be longer than 4 chars. ]%>'
-				};
-				Users.action_callback = send_user_action;
-				Users.validators = { user_pattern: new RegExp('^<%=BasicUserConfig::USER_PATTERN%>$') };
-				Users.init();
-			</script>
-		</div>
+		<div><com:Application.Web.Portlets.Users ID="WebUsers" /></div>
 	</div>
 	<div id="console">
 		<a id="clear_bvfs_cache" href="javascript: void(0)"><com:TActiveImageButton ID="ClearBvfsCache" OnCallback="clearBvfsCache" Attributes.onclick="return (confirm('<%=Prado::localize('This action will clear bvfs cache that was created during preparing restore files. There is not recommended use this action during restore job working. Are you sure?')%>'));" ImageUrl="<%=$this->getPage()->getTheme()->getBaseUrl()%>/trash_icon.png" AlternateText="<%[ clear bvfs cache ]%>" /><com:TLabel ForControl="ClearBvfsCache"><%[ clear bvfs cache ]%></com:TLabel></a>
 		<a id="logging" href="javascript:void(0)"><com:TActiveCheckBox ID="Logging" OnCallback="setDebug" Attributes.onclick="return (this.checked === false || confirm('<%=Prado::localize('Debug files enable possibility to save most of actions executed on Baculum WebGUI. Debug functionality should be enabled if is happening shomething wrong with Baculum or something that looks like a bug. Logs can be useful for detecting a problems in Baculum working. After confirmation this message Baculum debug files will be continuously saving in /protected/Web/Logs/ directory. Are you sure?')%>'));" /><com:TLabel ForControl="Logging"><%[ Enable debug ]%></com:TLabel></a>
-		<a id="volumes_tools_launcher" href="javascript:void(0)" <%=$this->User->getIsAdmin() === false ? ' style="display: none;"' : ''%>><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/tape_tools_icon.png" alt="<%[ volumes tools ]%>" /><span><%[ volumes tools ]%></span></a>
+		<a id="volumes_tools_launcher" href="javascript:void(0)" <%=!$_SESSION['admin'] ? ' style="display: none;"' : ''%>><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/tape_tools_icon.png" alt="<%[ volumes tools ]%>" /><span><%[ volumes tools ]%></span></a>
 		<a id="console_launcher" href="javascript:void(0)"><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/console_icon.png" alt="<%[ Bacula console ]%>" /><span><%[ show console ]%></span></a>
 		<com:Application.Web.Portlets.VolumesTools ID="VolumesTools" />
 		<com:Application.Web.Portlets.Console ID="Console" />
@@ -373,12 +307,12 @@
 	<script type="text/javascript">
 		var oMonitor;
 		$(function() {
-			<%=(!is_null($this->initWindowId) && !is_null($this->initElementId) ?
-				'SlideWindow.getObj("' . $this->initWindowId . 'Window").setInitElementId("' . $this->initElementId . '");'
+			<%=(!is_null($this->init_window_id) && !is_null($this->init_element_id) ?
+				'SlideWindow.getObj("' . $this->init_window_id . 'Window").setInitElementId("' . $this->init_element_id . '");'
 			: '')%>
-			<%=(!is_null($this->openWindow) ?
+			<%=(!is_null($this->open_window) ?
 				'PanelWindow.show("container");
-				$("#' . $this->openWindow . '").trigger(\'click\');
+				$("#' . $this->open_window . '").trigger(\'click\');
 				window.history.pushState("", "", "/");'
 			: '')%>
 		});
diff --git a/gui/baculum/protected/Web/Pages/WebHome.php b/gui/baculum/protected/Web/Pages/WebHome.php
index 4e2936516b..2842bc3f9c 100644
--- a/gui/baculum/protected/Web/Pages/WebHome.php
+++ b/gui/baculum/protected/Web/Pages/WebHome.php
@@ -32,43 +32,47 @@ Prado::using('System.Web.UI.ActiveControls.TActiveLinkButton');
 
 class WebHome extends BaculumWebPage
 {
-	protected $app_config;
-
 	public $jobs;
 
-	public $openWindow = null;
+	public $open_window = null;
 
-	public $initWindowId = null;
+	public $init_window_id = null;
 
-	public $initElementId = null;
+	public $init_element_id = null;
 
 	public $jobs_states = null;
 
-	public $dbtype = '';
-
-	public $windowIds = array('Storage', 'Client', 'Volume', 'Pool', 'Job', 'JobRun');
+	public $window_ids = array('Storage', 'Client', 'Volume', 'Pool', 'Job', 'JobRun');
 
+	private $web_config = array();
 
-	public function onInit($param) {
-		parent::onInit($param);
-		$this->Application->getModule('web_users')->loginUser();
+	private $api_hosts = array();
 
+	public function onPreInit($param) {
+		parent::onPreInit($param);
+		$this->web_config = $this->getModule('web_config')->getConfig();
 		if (!$this->IsPostBack && !$this->IsCallBack) {
-			$this->getModule('api')->initSessionCache(true);
+			$this->setSessionUserVars($this->web_config);
 		}
+	}
 
-		$config = $this->getModule('web_config')->getConfig();
-		if(count($config) === 0) {
+	public function onInit($param) {
+		parent::onInit($param);
+		if(count($this->web_config) === 0) {
 			// Config doesn't exist
 			$this->goToPage('WebConfigWizard');
 		}
+		if (!$this->IsPostBack && !$this->IsCallBack) {
+			$this->getModule('api')->initSessionCache(true);
+		}
 
-		$this->Users->Visible = $this->User->getIsAdmin();
-		$this->SettingsWizardBtn->Visible = $this->User->getIsAdmin();
-		$this->PoolBtn->Visible = $this->User->getIsAdmin();
-		$this->VolumeBtn->Visible = $this->User->getIsAdmin();
-		$this->ClearBvfsCache->Visible = $this->User->getIsAdmin();
-		$this->Logging->Visible = $this->User->getIsAdmin();
+		$this->Users->Visible = $_SESSION['admin'];
+		$this->Config->Visible = $_SESSION['admin'];
+		$this->SettingsWizardBtn->Visible = $_SESSION['admin'];
+		$this->PoolBtn->Visible = $_SESSION['admin'];
+		$this->VolumeBtn->Visible = $_SESSION['admin'];
+		$this->ClearBvfsCache->Visible = $_SESSION['admin'];
+		$this->Logging->Visible = $_SESSION['admin'];
 
 		if(!$this->IsPostBack && !$this->IsCallBack) {
 			$this->Logging->Checked = Logging::$debug_enabled;
@@ -82,25 +86,31 @@ class WebHome extends BaculumWebPage
 			$this->Director->dataSource = array_combine($directors, $directors);
 			$this->Director->SelectedValue = $_SESSION['director'];
 			$this->Director->dataBind();
-			// Web doesn't store any info about db and it is OK
-			/*if ($this->User->getIsAdmin() === true) {
-				$this->dbtype = $this->app_config['db']['type'];
-			}*/
 			$this->setJobsStates();
 			$this->setJobs();
 			$this->setClients();
-			$this->setUsers();
 			$this->setWindowOpen();
 			$this->BaculaConfig->loadConfig(null, null);
 		}
 	}
 
+	private function setSessionUserVars($cfg) {
+		// Set administrator role
+		$_SESSION['admin'] = ($_SERVER['PHP_AUTH_USER'] === $cfg['baculum']['login']);
+		// Set api host for normal user
+		if (!$_SESSION['admin'] && array_key_exists('users', $cfg) && array_key_exists($_SERVER['PHP_AUTH_USER'], $cfg['users'])) {
+			$_SESSION['api_host'] = $cfg['users'][$_SERVER['PHP_AUTH_USER']];
+		} elseif (isset($_SESSION['api_host'])) {
+			unset($_SESSION['api_hosts']);
+		}
+	}
+
 	public function director($sender, $param) {
 		$_SESSION['director'] = $this->Director->SelectedValue;
 	}
 
 	public function setDebug($sender, $param) {
-		if($this->User->getIsAdmin() === true) {
+		if($_SESSION['admin']) {
 			$this->enableDebug($this->Logging->Checked);
 			$this->goToDefaultPage();
 		}
@@ -108,16 +118,15 @@ class WebHome extends BaculumWebPage
 
 	public function enableDebug($enable) {
 		$result = false;
-		$config = $this->getModule('web_config')->getConfig();
-		if(count($config) > 0) {
-			$config['baculum']['debug'] = ($enable === true) ? "1" : "0";
-			$result = $this->getModule('web_config')->setConfig($config);
+		if(count($this->web_config) > 0) {
+			$this->web_config['baculum']['debug'] = ($enable === true) ? "1" : "0";
+			$result = $this->getModule('web_config')->setConfig($this->web_config);
 		}
 		return $result;
 	}
 
 	public function clearBvfsCache($sender, $param) {
-		if($this->User->getIsAdmin() === true) {
+		if($_SESSION['admin']) {
 			$this->getModule('api')->set(array('bvfs', 'clear'), array());
 		}
 	}
@@ -135,7 +144,7 @@ class WebHome extends BaculumWebPage
 			'running' => array()
 		);
 		$job_types = $jobs_summary;
-		$job_states = array();
+		$jobs_states = array();
 
 		$misc = $this->getModule('misc');
 		foreach($job_types as $type => $arr) {
@@ -169,71 +178,20 @@ class WebHome extends BaculumWebPage
 		$this->Clients->dataBind();
 	}
 
-	public function setUsers() {
-		if($this->User->getIsAdmin() === true) {
-			$allUsers = $this->getModule('basic_webuser')->getAllUsers();
-			$users = array_keys($allUsers);
-			sort($users);
-			$this->UsersList->dataSource = $users;
-			$this->UsersList->dataBind();
-		}
-	}
-
-	public function userAction($sender, $param) {
-		$config = $this->getModule('web_config');
-		$cfg = $config->getConfig();
-
-		if($this->User->getIsAdmin() === true) {
-			list($action, $user, $value) = explode(';', $param->CallbackParameter, 3);
-			switch($action) {
-				case 'newuser':
-				case 'chpwd': {
-						$admin = false;
-						$valid = true;
-						if ($user === $cfg['baculum']['login']) {
-							$cfg['baculum']['password'] = $value;
-							$valid = $config->setConfig($cfg);
-							$admin = true;
-						}
-						if ($valid === true) {
-							$this->getModule('basic_webuser')->setUsersConfig($user, $value);
-						}
-						if ($admin === true) {
-							// if admin password changed then try to auto-login by async request
-							$http_protocol = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ? 'https' : 'http';
-							$this->switchToUser($user, $value);
-							exit();
-						} else {
-							// if normal user's password changed then update users grid
-							$this->setUsers();
-						}
-					}
-					break;
-				case 'rmuser': {
-						if ($user != $this->User->getName()) {
-							$this->getModule('basic_webuser')->removeUser($user);
-							$this->setUsers();
-						}
-					break;
-					}
-			}
-		}
-	}
-
 	public function setWindowOpen() {
-		if (isset($this->Request['open']) && in_array($this->Request['open'], $this->windowIds) && $this->Request['open'] != 'JobRun') {
+		if (isset($this->Request['open']) && in_array($this->Request['open'], $this->window_ids) && $this->Request['open'] != 'JobRun') {
 			$btn = $this->Request['open'] . 'Btn';
-			$this->openWindow = $this->{$btn}->ClientID;
+			$this->open_window = $this->{$btn}->ClientID;
 			if (isset($this->Request['id']) && (is_numeric($this->Request['id']))) {
-				$this->initWindowId = $this->Request['open'];
-				$this->initElementId = $this->Request['id'];
+				$this->init_window_id = $this->Request['open'];
+				$this->init_element_id = $this->Request['id'];
 			}
 		}
 	}
 
 	public function logout($sender, $param) {
 		$fake_pwd = $this->getModule('misc')->getRandomString();
-		$this->switchToUser($this->User->getName(), $fake_pwd);
+		$this->switchToUser($_SERVER['PHP_AUTH_USER'], $fake_pwd);
 		exit();
 	}
 }
diff --git a/gui/baculum/protected/Web/Pages/config.xml b/gui/baculum/protected/Web/Pages/config.xml
index 4b18f4a391..dbd439b9fe 100644
--- a/gui/baculum/protected/Web/Pages/config.xml
+++ b/gui/baculum/protected/Web/Pages/config.xml
@@ -3,9 +3,6 @@
 		<using namespace="System.I18N.*" />
 	</paths>
 	<modules>
-		<!-- web auth modules -->
-		<module id="web_users" class="Application.Common.Class.BaculumUsersManager" />
-		<module id="web_auth" class="System.Security.TAuthManager" UserManager="web_users" AllowAutoLogin="true" AuthExpire="864000" />
 		<!-- config modules -->
 		<module id="web_config" class="Application.Web.Class.WebConfig" />
 		<module id="host_config" class="Application.Web.Class.HostConfig" />
diff --git a/gui/baculum/protected/Web/Portlets/BaculaHosts.php b/gui/baculum/protected/Web/Portlets/BaculaHosts.php
index cf5de56086..8d3a38a220 100644
--- a/gui/baculum/protected/Web/Portlets/BaculaHosts.php
+++ b/gui/baculum/protected/Web/Portlets/BaculaHosts.php
@@ -32,6 +32,9 @@ class BaculaHosts extends HostListTemplate {
 	public $config;
 
 	public function loadConfig($sender, $param) {
+		if(!$_SESSION['admin']) {
+			return;
+		}
 		$this->config = $this->getModule('host_config')->getConfig();
 		$hosts = array_keys($this->config);
 		$this->RepeaterHosts->DataSource = $hosts;
@@ -63,6 +66,9 @@ class BaculaHosts extends HostListTemplate {
 	}
 
 	public function removeHost($sender, $param) {
+		if(!$_SESSION['admin']) {
+			return;
+		}
 		$host = $param->getCommandParameter();
 		if (!empty($host)) {
 			$host_config = $this->getModule('host_config');
diff --git a/gui/baculum/protected/Web/Portlets/Users.php b/gui/baculum/protected/Web/Portlets/Users.php
new file mode 100644
index 0000000000..265ae88096
--- /dev/null
+++ b/gui/baculum/protected/Web/Portlets/Users.php
@@ -0,0 +1,114 @@
+<?php
+/*
+ * Bacula(R) - The Network Backup Solution
+ * Baculum   - Bacula web interface
+ *
+ * Copyright (C) 2013-2017 Kern Sibbald
+ *
+ * The main author of Baculum is Marcin Haba.
+ * The original author of Bacula is Kern Sibbald, with contributions
+ * from many others, a complete list can be found in the file AUTHORS.
+ *
+ * You may use this file and others of this release according to the
+ * license defined in the LICENSE file, which includes the Affero General
+ * Public License, v3.0 ("AGPLv3") and some additional permissions and
+ * terms pursuant to its AGPLv3 Section 7.
+ *
+ * This notice must be preserved when any source code is
+ * conveyed and/or propagated.
+ *
+ * Bacula(R) is a registered trademark of Kern Sibbald.
+ */
+
+
+Prado::using('System.Web.UI.WebControls.TConditional');
+Prado::using('Application.Web.Portlets.Portlets');
+
+class Users extends Portlets {
+
+	public $web_config;
+
+	public function onInit($param) {
+		parent::onInit($param);
+		$this->web_config = $this->getModule('web_config')->getConfig();
+		$this->setUsers();
+	}
+
+	public function setUsers() {
+		if(!$_SESSION['admin']) {
+			return;
+		}
+		$all_users = $this->getModule('basic_webuser')->getAllUsers();
+		$users = array_keys($all_users);
+		sort($users);
+		$users_list = array();
+		$users_feature = (array_key_exists('users', $this->web_config) && is_array($this->web_config['users']));
+		for ($i = 0; $i < count($users); $i++) {
+			$host = null;
+			if ($users_feature && array_key_exists($users[$i], $this->web_config['users'])) {
+				$host = $this->web_config['users'][$users[$i]];
+			}
+			$users_list[] = array(
+				'user' => $users[$i],
+				'host' => $host,
+				'admin' => ($users[$i] === $this->web_config['baculum']['login'])
+			);
+		}
+		$this->UsersList->dataSource = $users_list;
+		$this->UsersList->dataBind();
+	}
+
+	public function initHosts($sender, $param) {
+		$api_hosts = array_keys($this->getModule('host_config')->getConfig());
+		$sender->DataSource = array_combine($api_hosts, $api_hosts);
+		$sender->dataBind();
+	}
+
+	public function userAction($sender, $param) {
+		if(!$_SESSION['admin']) {
+			return;
+		}
+		list($action, $user, $value) = explode(';', $param->CallbackParameter, 3);
+		switch($action) {
+			case 'newuser':
+			case 'chpwd': {
+					$admin = false;
+					$valid = true;
+					if ($user === $this->web_config['baculum']['login']) {
+						$this->web_config['baculum']['password'] = $value;
+						$valid = $this->getModule('web_config')->setConfig($this->web_config);
+						$admin = true;
+					}
+					if ($valid === true) {
+						$this->getModule('basic_webuser')->setUsersConfig($user, $value);
+					}
+					if ($admin === true) {
+						// if admin password changed then try to auto-login by async request
+						$http_protocol = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ? 'https' : 'http';
+						$this->switchToUser($user, $value);
+						exit();
+					} else {
+						// if normal user's password changed then update users grid
+						$this->setUsers();
+					}
+				}
+				break;
+			case 'rmuser': {
+					if ($user != $_SERVER['PHP_AUTH_USER']) {
+						$this->getModule('basic_webuser')->removeUser($user);
+						$this->setUsers();
+					}
+				break;
+				}
+			case 'set_host': {
+					if (empty($value) && array_key_exists($user, $this->web_config['users'])) {
+						unset($this->web_config['users'][$user]);
+					} else {
+						$this->web_config['users'][$user] = $value;
+					}
+					$this->getModule('web_config')->setConfig($this->web_config);
+				break;
+				}
+		}
+	}
+}
diff --git a/gui/baculum/protected/Web/Portlets/Users.tpl b/gui/baculum/protected/Web/Portlets/Users.tpl
new file mode 100644
index 0000000000..393b08c213
--- /dev/null
+++ b/gui/baculum/protected/Web/Portlets/Users.tpl
@@ -0,0 +1,85 @@
+<a class="big" href="javascript:void(0)" id="add_user_btn"><img src="/themes/Baculum-v1/add.png" alt="Add"><%[ Add new user ]%></a>
+<div id="add_user" style="display: none">
+	<p><%[ Username: ]%><input id="newuser" type="text" /><%[ Password: ]%><input id="newpwd" type="password" /><%[ API host: ]%><com:TDropDownList ID="HostsList" OnInit="SourceTemplateControl.initHosts" />
+	<a href="javascript:void(0)" onclick="Users.addUser()">
+		<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_ok.png" alt="<%[ Save ]%>" title="<%[ Save ]%>"/>
+	</a>
+	<a href="javascript:void(0)" onclick="Users.cancelAddUser()">
+		<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_err.png" alt="<%[ Close ]%>" title="<%[ Close ]%>" />
+	</a></p>
+</div>
+<com:TRepeater ID="UsersList">
+	<prop:HeaderTemplate>
+	<table id="users_list" class="window-section-detail-smallrow">
+		<tr>
+			<th><%[ User name ]%></th>
+			<th><%[ Role ]%></th>
+			<th><%[ API host ]%></th>
+			<th><%[ Actions ]%></th>
+		</tr>
+	</prop:HeaderTemplate>
+	<prop:ItemTemplate>
+		<tr class="slide-window-element">
+			<td><%=$this->DataItem['user']%></td>
+			<td><%=$this->DataItem['admin'] ? Prado::localize('Administrator') :  Prado::localize('Normal user')%></td>
+			<td>
+				<com:TPanel Visible="<%=$this->DataItem['admin']%>" Style="line-height: 29px">
+					Main
+				</com:TPanel>
+				<com:TPanel Visible="<%=!$this->DataItem['admin']%>">
+						<select rel="user_host" onchange="Users.set_host('<%=$this->DataItem['user']%>', this);">
+							<com:TRepeater OnInit="SourceTemplateControl.initHosts">
+								<prop:HeaderTemplate>
+							<option value=""><%[ Select host ]%></option>
+								</prop:HeaderTemplate>
+								<prop:ItemTemplate>
+							<option value="<%=$this->DataItem%>" <%=(array_key_exists('users', $this->SourceTemplateControl->web_config) && array_key_exists($this->Parent->Parent->Parent->DataItem['user'], $this->SourceTemplateControl->web_config['users']) && $this->SourceTemplateControl->web_config['users'][$this->Parent->Parent->Parent->DataItem['user']] === $this->DataItem) ? 'selected' : ''%>><%=$this->DataItem%></option>
+								</prop:ItemTemplate>
+							</com:TRepeater>
+						</select>
+						<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/ajax-loader-arrows.gif" rel="user_host_img" alt="" style="visibility: hidden" />
+				</com:TPanel>
+			</td>
+			<td>
+				<a href="javascript:void(0)" <%=$this->DataItem['admin'] ? 'style="visibility: hidden"' : ''%> onclick="Users.rmUser('<%=$this->DataItem['user']%>')"><img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/user-del.png"> <%[ Remove user ]%></a>
+				<a href="javascript:void(0)" onclick="Users.showChangePwd(this)" rel="chpwd_btn">
+					<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/key.png" alt="" />
+					<%[ Change password ]%>
+				</a>
+				<span style="display: none;" rel="chpwd">
+					<input type="password" onkeydown="event.keyCode == 13 ? Users.changePwd(this, '<%=$this->DataItem['user']%>') : (event.keyCode == 27 ? Users.cancelChangePwd(this.nextElementSibling.nextElementSibling) : '');" />
+					<a href="javascript:void(0)" onclick="Users.changePwd(this.prevousElementSibling, '<%=$this->DataItem['user']%>')">
+						<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_ok.png" alt="<%[ Save ]%>" title="<%[ Save ]%>"/>
+					</a>
+					<a href="javascript:void(0)" onclick="Users.cancelChangePwd(this)">
+						<img src="<%=$this->getPage()->getTheme()->getBaseUrl()%>/icon_err.png" alt="<%[ Close ]%>" title="<%[ Close ]%>" />
+					</a>
+				</span>
+			</td>
+		</tr>
+	</prop:ItemTemplate>
+	<prop:FooterTemplate>
+		</table>
+	</prop:FooterTemplate>
+</com:TRepeater>
+<p><em><%[ Please note that for each user (excluding administrator) there should exist separate Bconsole config file in form: ]%> <strong><com:TLabel ID="BconsoleCustomPath" /></strong></em></p>
+<com:TCallback ID="UserAction" OnCallback="TemplateControl.userAction" ClientSide.OnComplete="Users.hide_loader();" />
+<script type="text/javascript">
+	var send_user_action = function(action, param, value) {
+		Users.current_action = action;
+		if (!value) {
+			value = '';
+		}
+		var user_action_callback = <%=$this->UserAction->ActiveControl->Javascript%>;
+		user_action_callback.setCallbackParameter([action, param, value].join(';'));
+		user_action_callback.dispatch();
+	};
+	Users.txt = {
+		enter_login: '<%[ Please enter login. ]%>',
+		invalid_login: '<%[ Invalid login value. Login may contain a-z A-Z 0-9 characters. ]%>',
+		invalid_pwd: '<%[ Password must be longer than 4 chars. ]%>'
+	};
+	Users.action_callback = send_user_action;
+	Users.validators = { user_pattern: new RegExp('^<%=BasicUserConfig::USER_PATTERN%>$') };
+	Users.init();
+</script>
diff --git a/gui/baculum/themes/Baculum-v1/style.css b/gui/baculum/themes/Baculum-v1/style.css
index d31c15b6cd..49badceabc 100644
--- a/gui/baculum/themes/Baculum-v1/style.css
+++ b/gui/baculum/themes/Baculum-v1/style.css
@@ -968,6 +968,7 @@ span.tab_active {
 	height: 9px;
 	margin: 0 4px;
 	font-size: 10px;
+	vertical-align: super;
 }
 
 #graphs span {
@@ -1104,7 +1105,7 @@ span.config_test_loader, span.config_test_result {
 }
 
 #users_list {
-	width: 720px;
+	width: 890px;
 	font-size: 13px;
 }
 
@@ -1123,14 +1124,15 @@ span.config_test_loader, span.config_test_result {
 
 #users_list td:nth-of-type(1) {
 	width: 200px;
+	text-align: center;
 }
 
-i#users_list td:nth-of-type(1) {
-	width: 120px;
+#users_list td:nth-of-type(3) {
+	text-align: center;
 }
 
-#users_list td:nth-of-type(3) {
-	width: 400px;
+#users_list td:nth-of-type(4) {
+	width: 340px;
 }
 
 #users_list img {