From: Marcin Haba Date: Sun, 27 Apr 2014 17:33:57 +0000 (+0200) Subject: Support for customized and restricted consoles X-Git-Tag: Release-7.0.3~23 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=fc8526e06cbc1fae3723708b428326beb764b9eb;p=bacula%2Fbacula Support for customized and restricted consoles --- diff --git a/gui/baculum/INSTALL b/gui/baculum/INSTALL index 7e48fbe53d..c01a3e74d4 100644 --- a/gui/baculum/INSTALL +++ b/gui/baculum/INSTALL @@ -17,6 +17,7 @@ functions such as: - Running backup and restore tasks - Monitoring Bacula services by getting status these services - Bacula console available via web interface +- Support for customized and restricted consoles (Console ACL functionality) - Multiple Directors support - Volumes managenment including labeling new volumes - Basic storage daemon operations on volumes (mount, umount, release actions) diff --git a/gui/baculum/README b/gui/baculum/README new file mode 100644 index 0000000000..5ab2dd9577 --- /dev/null +++ b/gui/baculum/README @@ -0,0 +1,138 @@ +Baculum - Bacula web interface + +Features description: + +=== Customized and restricted consoles === + +Baculum supports customized and restricted consoles for each logged in user. + +Before using customized and restricted consoles please check location for +bconsole configuration files for each user. For do it, there is need to run +on Baculum webGUI configuration wizard and there is need to go to "Console" +wizard step (fourth step). + +In "Console" wizard step there is field defined as: + +Bconsole custom config file path: __________________ + +In this field there is required to define location for restricted consoles. +In defined path exists one keyword {user}. It will be replaced into current +logged in username. + +For example, if logged is user named "john", keyword {user} will be replaced +into "john". + + +Example: + +"Bconsole custom config file path" is defined as: + +/usr/local/bacula/etc/bconsole-{user}.conf + +After log in user "john" to Baculum webGUI, for each bconsole request will be +used file: + +/usr/local/bacula/etc/bconsole-john.conf + +It makes available to define some specific console access (or restricted access) +for each Baculum user. + +For user named "willy" in above configured path according bconsole configuration +file will be: + +/usr/local/bacula/etc/bconsole-willy.conf + +etc... + + +NOTE! + +In configuration wizard step "Console" there is also field: + +"Bconsole admin config file path:": ___________________ + +Config file defined in this field will be used by administrator only. For this +reason the best parctice is define here console configuration file that gives +full access for administrator. + +Administrator user and password will be defined in next configuration wizard +step named "Authorization" (fifth step). + + +Baculum users are defined on web server level as described in instriction +in attached to Baculum INSTALL file. + +Example: + +For creating users "john" and "willy" as Baculum HTTP Basic authorization users +there is need to create this users for example by: + +# htpasswd /some/location/htpasswd/file john + +# htpasswd /some/location/htpasswd/file willy + +For case using other HTTP Basic authorization backends (for example LDAP) there +is need to define these users in this specific service. + + +Example of content custom consoles configuration file is below: + +Console { + Name = "BaculaRestrictedUser" + Password = "XXXXXXXXX" + CommandACL = show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update, +.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore + CatalogACL = *all* + ClientACL = user-fd + JobACL = somejob1,userjob + PoolACL = Full-Pool + StorageACL = VTL + FileSetACL = somejob1-fileset,userjobFileSet3 + WhereACL = *all* +} + +After defining these ACL there is also need to define the console access to +Director service in Bacula Director configuration file as Console{} resource. + + +NOTE! + +Please note that in above example in CommandACL are shown the most +essential commands necessary for proper working of Baculum webGUI and +possibility do to restore action (all .bvfs_* command and "restore" +command) + +Below are the same necessary commands broke one per line: + +show +.client +.jobs +.fileset +.pool +.storage +.jobs +.bvfs_update +.bvfs_lsdirs +.bvfs_lsfiles +.bvfs_versions +.bvfs_get_jobids +.bvfs_restore +restore + + +Catalog Database restriction + +Because Baculum in few parts of interface uses data from Bacula Catalog Database, +for each user who IS NOT administrator there has beed disabled EVERY write to +Bacula Catalog database by Baculum webGUI. Modification Bacula Catalog Database +tables is possible ONLY for Baculum administrator. + +Additionally because of Console ACL functionality does not support restriction +on media/volumes level, access to media/volumes has been disabled for all users +except administrator. + + +Configuration wizard restriction + +For security reason there has been disabled access to Configuration Wizard +function for all users except administrator. diff --git a/gui/baculum/protected/Class/API.php b/gui/baculum/protected/Class/API.php index 29b2f7aabf..d5831b9de3 100644 --- a/gui/baculum/protected/Class/API.php +++ b/gui/baculum/protected/Class/API.php @@ -23,6 +23,8 @@ class API extends TModule { const API_VERSION = '0.1'; + protected $appCfg; + private $allowedErrors = array( GenericError::ERROR_NO_ERRORS, BconsoleError::ERROR_INVALID_COMMAND @@ -41,16 +43,23 @@ class API extends TModule { } private function getURL() { - $cfg = $this->Application->getModule('configuration')->getApplicationConfig(); + $this->appCfg = $this->Application->getModule('configuration')->getApplicationConfig(); $protocol = !empty($_SERVER['HTTPS']) ? 'https' : 'http'; $host = $_SERVER['SERVER_NAME']; $port = $_SERVER['SERVER_PORT']; - $url = sprintf('%s://%s:%s@%s:%d/', $protocol, $cfg['baculum']['login'], $cfg['baculum']['password'], $host, $port); + $url = sprintf('%s://%s:%s@%s:%d/', $protocol, $this->appCfg['baculum']['login'], $this->appCfg['baculum']['password'], $host, $port); return $url; } - private function setDirectorToUrl(&$url) { + private function setParamsToUrl(&$url) { $url .= (preg_match('/\?/', $url) === 1 ? '&' : '?' ) . 'director=' . ((array_key_exists('director', $_SESSION)) ? $_SESSION['director'] : ''); + /** + * If user is not equal admin user then it is added to URL, + * then will be used custom console for this user. + */ + if($this->User->getIsAdmin() === false) { + $url .= '&user=' . $this->User->getName(); + } $this->Application->getModule('logging')->log(__FUNCTION__, PHP_EOL . PHP_EOL . 'EXECUTE URL ==> ' . $url . ' <==' . PHP_EOL . PHP_EOL, Logging::CATEGORY_APPLICATION, __FILE__, __LINE__); } @@ -60,7 +69,7 @@ class API extends TModule { public function get(array $params) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array($this->getAPIHeader(), 'Accept: application/json')); @@ -71,7 +80,7 @@ class API extends TModule { public function set(array $params, array $options) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $data = http_build_query(array('update' => $options)); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); @@ -86,7 +95,7 @@ class API extends TModule { public function create(array $params, array $options) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $data = http_build_query(array('create' => $options)); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); @@ -100,7 +109,7 @@ class API extends TModule { public function remove(array $params) { $url = $this->getURL() . implode('/', $params); - $this->setDirectorToUrl($url); + $this->setParamsToUrl($url); $ch = $this->getConnection(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE'); diff --git a/gui/baculum/protected/Class/BaculumAPI.php b/gui/baculum/protected/Class/BaculumAPI.php index 0f924957bb..4c9fb174e3 100644 --- a/gui/baculum/protected/Class/BaculumAPI.php +++ b/gui/baculum/protected/Class/BaculumAPI.php @@ -27,6 +27,8 @@ abstract class BaculumAPI extends TPage protected $director; + protected $user; + /** * Actions methods. */ @@ -38,6 +40,13 @@ abstract class BaculumAPI extends TPage public function onInit($params) { parent::onInit($params); $this->director = isset($this->Request['director']) ? $this->Request['director'] : null; + $this->user = isset($this->Request['user']) ? $this->Request['user'] : null; + if(is_null($this->user) && $this->Application->getModule('configuration')->isApplicationConfig() === true) { + $appConfig = ConfigurationManager::getApplicationConfig(); + // @TOFIX: Baculum API layer should not use $_SERVER variables. + $this->user = isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != $appConfig['baculum']['login'] ? $_SERVER['PHP_AUTH_USER'] : null; + } + switch($_SERVER['REQUEST_METHOD']) { case self::PUT_METHOD: { try { diff --git a/gui/baculum/protected/Class/BaculumPage.php b/gui/baculum/protected/Class/BaculumPage.php index 275f2ea77a..d3bbac8128 100644 --- a/gui/baculum/protected/Class/BaculumPage.php +++ b/gui/baculum/protected/Class/BaculumPage.php @@ -19,6 +19,7 @@ class BaculumPage extends TPage { + public function onPreInit($param) { parent::onPreInit($param); $configuration = $this->getModule('configuration'); diff --git a/gui/baculum/protected/Class/BaculumUser.php b/gui/baculum/protected/Class/BaculumUser.php new file mode 100644 index 0000000000..a83eb8a9e0 --- /dev/null +++ b/gui/baculum/protected/Class/BaculumUser.php @@ -0,0 +1,38 @@ +_id; + } + + public function setID($id) { + $this->_id = $id; + } + + public function getIsAdmin() { + return $this->isInRole('admin'); + } +} +?> \ No newline at end of file diff --git a/gui/baculum/protected/Class/BaculumUsersManager.php b/gui/baculum/protected/Class/BaculumUsersManager.php new file mode 100644 index 0000000000..21aab8369d --- /dev/null +++ b/gui/baculum/protected/Class/BaculumUsersManager.php @@ -0,0 +1,61 @@ +config = $this->Application->getModule('configuration')->isApplicationConfig() ? $this->Application->getModule('configuration')->getApplicationConfig() : null; + } + + public function getGuestName() { + return 'guest'; + } + + public function validateUser($username, $password) { + return !empty($username); + } + + public function getUser($username = null) { + $user = new BaculumUser($this); + $id = sha1(time()); + $user->setID($id); + $user->setName($_SERVER['PHP_AUTH_USER']); + $user->setIsGuest(false); + if($this->config['baculum']['login'] == $_SERVER['PHP_AUTH_USER'] || is_null($this->config)) { + $user->setRoles('admin'); + } else { + $user->setRoles('user'); + } + return $user; + } + + public function getUserFromCookie($cookie) { + return; + } + + public function saveUserToCookie($cookie) { + return; + } +} +?> \ No newline at end of file diff --git a/gui/baculum/protected/Class/Bconsole.php b/gui/baculum/protected/Class/Bconsole.php index 93b6bac68f..a81c75b195 100644 --- a/gui/baculum/protected/Class/Bconsole.php +++ b/gui/baculum/protected/Class/Bconsole.php @@ -29,7 +29,9 @@ class Bconsole extends TModule { const BCONSOLE_DIRECTORS_PATTERN = "%s%s -c %s -l"; - private $availableCommands = array('version', 'status', 'list', 'messages', 'show', 'mount', 'umount', 'release', 'prune', 'purge', 'update', 'estimate', 'run', '.bvfs_update', '.bvfs_lsdirs', '.bvfs_lsfiles', '.bvfs_versions', '.bvfs_get_jobids', '.bvfs_restore', '.bvfs_clear_cache', 'restore', 'cancel', 'delete', '.jobs', 'label', 'reload', '.fileset', '.storage'); + const BCONSOLE_CFG_USER_KEYWORD = '{user}'; + + private $availableCommands = array('version', 'status', 'list', 'messages', 'show', 'mount', 'umount', 'release', 'prune', 'purge', 'update', 'estimate', 'run', '.bvfs_update', '.bvfs_lsdirs', '.bvfs_lsfiles', '.bvfs_versions', '.bvfs_get_jobids', '.bvfs_restore', '.bvfs_clear_cache', 'restore', 'cancel', 'delete', '.jobs', 'label', 'reload', '.fileset', '.storage', '.client', '.pool'); private $useSudo = false; @@ -37,19 +39,23 @@ class Bconsole extends TModule { private $bconsoleCfgPath; + private $bconsoleCfgCustomPath; + public function init($config) { if($this->Application->getModule('configuration')->isApplicationConfig() === true) { $params = ConfigurationManager::getApplicationConfig(); $useSudo = ((integer)$params['bconsole']['use_sudo'] === 1); $bconsoleCmdPath = $params['bconsole']['bin_path']; $bconsoleCfgPath = $params['bconsole']['cfg_path']; - $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo); + $bconsoleCfgCustomPath = array_key_exists('cfg_custom_path', $params['bconsole']) ? $params['bconsole']['cfg_custom_path'] : null; + $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $bconsoleCfgCustomPath, $useSudo); } } - private function setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo) { + private function setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $bconsoleCfgCustomPath, $useSudo) { $this->bconsoleCmdPath = $bconsoleCmdPath; $this->bconsoleCfgPath = $bconsoleCfgPath; + $this->bconsoleCfgCustomPath = $bconsoleCfgCustomPath; $this->useSudo = $useSudo; } @@ -71,17 +77,17 @@ class Bconsole extends TModule { return (object)array('output' => $output, 'exitcode' => $exitcode); } - public function bconsoleCommand($director, array $command) { + public function bconsoleCommand($director, array $command, $user = null) { $baseCommand = count($command) > 0 ? $command[0] : null; if($this->isCommandValid($baseCommand) === true) { - $result = $this->execCommand($director, $command); + $result = $this->execCommand($director, $command, $user); } else { $result = $this->prepareResult(array(BconsoleError::MSG_ERROR_INVALID_COMMAND, ''), BconsoleError::ERROR_INVALID_COMMAND, ' '); } return $result; } - private function execCommand($director, array $command) { + private function execCommand($director, array $command, $user) { if(!is_null($director) && $this->isValidDirector($director) === false) { $output = array(BconsoleError::MSG_ERROR_INVALID_DIRECTOR, ''); $exitcode = BconsoleError::ERROR_INVALID_DIRECTOR; @@ -90,6 +96,9 @@ class Bconsole extends TModule { $dir = is_null($director) ? '': '-D ' . $director; $sudo = ($this->useSudo === true) ? self::SUDO . ' ' : ''; $bconsoleCommand = implode(' ', $command); + if(!is_null($this->bconsoleCfgCustomPath) && !is_null($user)) { + $this->bconsoleCfgPath = str_replace(self::BCONSOLE_CFG_USER_KEYWORD, $user, $this->bconsoleCfgCustomPath); + } $cmd = sprintf(self::BCONSOLE_COMMAND_PATTERN, $sudo, $this->bconsoleCmdPath, $this->bconsoleCfgPath, $dir, $bconsoleCommand); exec($cmd, $output, $exitcode); if($exitcode != 0) { @@ -123,7 +132,7 @@ class Bconsole extends TModule { } public function testBconsoleCommand(array $command, $bconsoleCmdPath, $bconsoleCfgPath, $useSudo) { - $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo); + $this->setEnvironmentParams($bconsoleCmdPath, $bconsoleCfgPath, $useSudo, null); $director = array_shift($this->getDirectors()->output); return $this->bconsoleCommand($director, $command); } diff --git a/gui/baculum/protected/Lang/en/messages.mo b/gui/baculum/protected/Lang/en/messages.mo index 78d20debe7..49d1414799 100755 Binary files a/gui/baculum/protected/Lang/en/messages.mo and b/gui/baculum/protected/Lang/en/messages.mo differ diff --git a/gui/baculum/protected/Lang/en/messages.po b/gui/baculum/protected/Lang/en/messages.po index 421089c17e..e1a02b78ad 100755 --- a/gui/baculum/protected/Lang/en/messages.po +++ b/gui/baculum/protected/Lang/en/messages.po @@ -1,9 +1,9 @@ msgid "" msgstr "" -"PO-Revision-Date: 2014-03-08 19:45+0100\n" +"PO-Revision-Date: 2014-04-26 21:10:10\n" "Project-Id-Version: \n" "POT-Creation-Date: \n" -"Last-Translator: Marcin Haba \n" +"Last-Translator: Marcin Haba \n" "Language-Team: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" @@ -148,9 +148,6 @@ msgstr "Bconsole binary file path:" msgid "Please enter bconsole path." msgstr "Please enter bconsole path." -msgid "Bconsole config file path:" -msgstr "Bconsole config file path:" - msgid "Please enter bconsole config file path." msgstr "Please enter bconsole config file path." @@ -472,24 +469,14 @@ msgstr "Step 3 - select files to restore" msgid "Files" msgstr "Files" -msgid "" -"For see a file versions please double click file on the left files browser." -msgstr "" -"For see a file versions please double click file on the left files browser." +msgid "For see a file versions please double click file on the left files browser." +msgstr "For see a file versions please double click file on the left files browser." -msgid "" -"For add a file to restore please drag a file from frame on left or from " -"above frame and drop it here" -msgstr "" -"For add a file to restore please drag a file from frame on left or from " -"above frame and drop it here" +msgid "For add a file to restore please drag a file from frame on left or from above frame and drop it here" +msgstr "For add a file to restore please drag a file from frame on left or from above frame and drop it here" -msgid "" -"It seems that there is no files for choosing or file records in database for " -"this job has been purged (file retention period expired)" -msgstr "" -"It seems that there is no files for choosing or file records in database for " -"this job has been purged (file retention period expired)" +msgid "It seems that there is no files for choosing or file records in database for this job has been purged (file retention period expired)" +msgstr "It seems that there is no files for choosing or file records in database for this job has been purged (file retention period expired)" msgid "Group most recent backups" msgstr "Group most recent backups" @@ -560,14 +547,8 @@ msgstr "Run" msgid "Cancel" msgstr "Cancel" -msgid "" -"There is no backup for restore. Please go to previous step and select " -"another client for restore or proceed backups for the client selected in " -"previous step." -msgstr "" -"There is no backup for restore. Please go to previous step and select " -"another client for restore or proceed backups for the client selected in " -"previous step." +msgid "There is no backup for restore. Please go to previous step and select another client for restore or proceed backups for the client selected in previous step." +msgstr "There is no backup for restore. Please go to previous step and select another client for restore or proceed backups for the client selected in previous step." msgid "Database file path (SQLite only):" msgstr "Database file path (SQLite only):" @@ -674,12 +655,8 @@ msgstr "Error 2 - problem with connection to database." msgid "Please check if Catalog database service is running." msgstr "Please check if Catalog database service is running." -msgid "" -"Please check if Web Server user is allowed for connection to Catalog " -"database." -msgstr "" -"Please check if Web Server user is allowed for connection to Catalog " -"database." +msgid "Please check if Web Server user is allowed for connection to Catalog database." +msgstr "Please check if Web Server user is allowed for connection to Catalog database." msgid "Please re-run" msgstr "Please re-run" @@ -699,24 +676,14 @@ msgstr "Error 4 - problem with connection to bconsole." msgid "Please check if Bacula Director service is running." msgstr "Please check if Bacula Director service is running." -msgid "" -"Please check in shell console if bconsole program is able to connect to " -"Bacula Director service." -msgstr "" -"Please check in shell console if bconsole program is able to connect to " -"Bacula Director service." +msgid "Please check in shell console if bconsole program is able to connect to Bacula Director service." +msgstr "Please check in shell console if bconsole program is able to connect to Bacula Director service." -msgid "" -"Please be sure if Web Server user is allowed for executing bconsole program." -msgstr "" -"Please be sure if Web Server user is allowed for executing bconsole program." +msgid "Please be sure if Web Server user is allowed for executing bconsole program." +msgstr "Please be sure if Web Server user is allowed for executing bconsole program." -msgid "" -"You can login to shell console as Web Server user and try to run bconsole " -"program." -msgstr "" -"You can login to shell console as Web Server user and try to run bconsole " -"program." +msgid "You can login to shell console as Web Server user and try to run bconsole program." +msgstr "You can login to shell console as Web Server user and try to run bconsole program." msgid "internal Baculum error." msgstr "internal Baculum error." @@ -724,14 +691,8 @@ msgstr "internal Baculum error." msgid "TRY AGAIN" msgstr "TRY AGAIN" -msgid "" -"Above administration login and administration password should be the same as " -"login params defined in Web Server authorization file. They are HTTP Basic " -"authorization params by using which you have logged in to this wizard." -msgstr "" -"Above administration login and administration password should be the same as " -"login params defined in Web Server authorization file. They are HTTP Basic " -"authorization params by using which you have logged in to this wizard." +msgid "Above administration login and administration password should be the same as login params defined in Web Server authorization file. They are HTTP Basic authorization params by using which you have logged in to this wizard." +msgstr "Above administration login and administration password should be the same as login params defined in Web Server authorization file. They are HTTP Basic authorization params by using which you have logged in to this wizard." msgid "authorization to Baculum error." msgstr "authorization to Baculum error." @@ -739,33 +700,17 @@ msgstr "authorization to Baculum error." msgid "Please check Web Server authorization file if it is correct." msgstr "Please check Web Server authorization file if it is correct." -msgid "" -"and retype authorization login and authorization password for that is used " -"to login to" -msgstr "" -"and retype authorization login and authorization password for that is used " -"to login to" +msgid "and retype authorization login and authorization password for that is used to login to" +msgstr "and retype authorization login and authorization password for that is used to login to" -msgid "" -"Please check Web Server authorization file if it is defined and it is " -"correct." -msgstr "" -"Please check Web Server authorization file if it is defined and it is " -"correct." +msgid "Please check Web Server authorization file if it is defined and it is correct." +msgstr "Please check Web Server authorization file if it is defined and it is correct." -msgid "" -"Please be sure if Web Server authorization is enabled (for Apache it is " -"option 'AllowOverride All') and if the authorization works properly." -msgstr "" -"Please be sure if Web Server authorization is enabled (for Apache it is " -"option 'AllowOverride All') and if the authorization works properly." +msgid "Please be sure if Web Server authorization is enabled (for Apache it is option 'AllowOverride All') and if the authorization works properly." +msgstr "Please be sure if Web Server authorization is enabled (for Apache it is option 'AllowOverride All') and if the authorization works properly." -msgid "" -"please retype authorization login and authorization password to according " -"Web Server authorization values." -msgstr "" -"please retype authorization login and authorization password to according " -"Web Server authorization values." +msgid "please retype authorization login and authorization password to according Web Server authorization values." +msgstr "please retype authorization login and authorization password to according Web Server authorization values." msgid "Enable logging" msgstr "Enable logging" @@ -773,19 +718,37 @@ msgstr "Enable logging" msgid "clear bvfs cache" msgstr "clear bvfs cache" -msgid "" -"Output for selected job is not available yet or you do not have enabled " -"logging job logs to catalog database.\n" +msgid "Output for selected job is not available yet or you do not have enabled logging job logs to catalog database.\n" "\n" -"For watching job log there is need to add to the job Messages resource next " -"directive:\n" +"For watching job log there is need to add to the job Messages resource next directive:\n" "\n" "console = all, !skipped, !saved\n" -msgstr "" -"Output for selected job is not available yet or you do not have enabled " -"logging job logs to catalog database.\n" +"" +msgstr "Output for selected job is not available yet or you do not have enabled logging job logs to catalog database.\n" "\n" -"For watching job log there is need to add to the job Messages resource next " -"directive:\n" +"For watching job log there is need to add to the job Messages resource next directive:\n" "\n" "console = all, !skipped, !saved\n" +"" + +msgid "Bconsole admin config file path:" +msgstr "Bconsole admin config file path:" + +msgid "Bconsole custom config file path:" +msgstr "Bconsole custom config file path:" + +msgid "Please enter bconsole custom config file path." +msgstr "Please enter bconsole custom config file path." + +msgid "For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user." +msgstr "For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user." + +msgid "If there is used only one Baculum user then below field value will be ignored" +msgstr "If there is used only one Baculum user then below field value will be ignored" + +msgid "{user} keyword will be replaced for each logged user into according username." +msgstr "{user} keyword will be replaced for each logged user into according username." + +msgid "If there is used only one Baculum user then below field value will be ignored." +msgstr "If there is used only one Baculum user then below field value will be ignored." + diff --git a/gui/baculum/protected/Lang/pl/messages.po b/gui/baculum/protected/Lang/pl/messages.po index 11b96c5ddd..fa221bbd6b 100755 --- a/gui/baculum/protected/Lang/pl/messages.po +++ b/gui/baculum/protected/Lang/pl/messages.po @@ -148,9 +148,6 @@ msgstr "Lokalizacja bconsole:" msgid "Please enter bconsole path." msgstr "Proszę wprowadzić lokalizację bconsole." -msgid "Bconsole config file path:" -msgstr "Lokalizacja konfiguracji:" - msgid "Please enter bconsole config file path." msgstr "Proszę wprowadzić położenie pliku .conf." diff --git a/gui/baculum/protected/Pages/API/BVFGetJobids.php b/gui/baculum/protected/Pages/API/BVFGetJobids.php index 3d9a31ed39..4eadfff99e 100644 --- a/gui/baculum/protected/Pages/API/BVFGetJobids.php +++ b/gui/baculum/protected/Pages/API/BVFGetJobids.php @@ -24,7 +24,7 @@ class BVFSGetJobids extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_get_jobids', 'jobid="' . $job->jobid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSClearCache.php b/gui/baculum/protected/Pages/API/BVFSClearCache.php index 279efe0c57..2232818e89 100644 --- a/gui/baculum/protected/Pages/API/BVFSClearCache.php +++ b/gui/baculum/protected/Pages/API/BVFSClearCache.php @@ -22,7 +22,7 @@ class BVFSClearCache extends BaculumAPI { public function get() {} public function set($ids, $params) { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_clear_cache', 'yes')); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_clear_cache', 'yes'), $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } diff --git a/gui/baculum/protected/Pages/API/BVFSGetJobids.php b/gui/baculum/protected/Pages/API/BVFSGetJobids.php index bdfc39cf82..e324c9b3a6 100644 --- a/gui/baculum/protected/Pages/API/BVFSGetJobids.php +++ b/gui/baculum/protected/Pages/API/BVFSGetJobids.php @@ -24,7 +24,7 @@ class BVFSGetJobids extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_get_jobids', 'jobid="' . $job->jobid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSLsDirs.php b/gui/baculum/protected/Pages/API/BVFSLsDirs.php index 192ccfb201..1e07d847b0 100644 --- a/gui/baculum/protected/Pages/API/BVFSLsDirs.php +++ b/gui/baculum/protected/Pages/API/BVFSLsDirs.php @@ -43,7 +43,7 @@ class BVFSLsDirs extends BaculumAPI { if($limit > 0) { array_push($cmd, 'limit="' . $limit . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSLsFiles.php b/gui/baculum/protected/Pages/API/BVFSLsFiles.php index ab474ccc09..2d87ee7c4e 100644 --- a/gui/baculum/protected/Pages/API/BVFSLsFiles.php +++ b/gui/baculum/protected/Pages/API/BVFSLsFiles.php @@ -42,7 +42,7 @@ class BVFSLsFiles extends BaculumAPI { if($limit > 0) { array_push($cmd, 'limit="' . $limit . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSRestore.php b/gui/baculum/protected/Pages/API/BVFSRestore.php index 6e37b8f14a..5c641e8dbd 100644 --- a/gui/baculum/protected/Pages/API/BVFSRestore.php +++ b/gui/baculum/protected/Pages/API/BVFSRestore.php @@ -50,7 +50,7 @@ class BVFSRestore extends BaculumAPI { array_push($cmd, 'dirid="' . $dirids . '"'); } - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSUpdate.php b/gui/baculum/protected/Pages/API/BVFSUpdate.php index 0bd8e0bb2d..707fdeb10a 100644 --- a/gui/baculum/protected/Pages/API/BVFSUpdate.php +++ b/gui/baculum/protected/Pages/API/BVFSUpdate.php @@ -33,7 +33,7 @@ class BVFSUpdate extends BaculumAPI { } if($isValid === true) { - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_update', 'jobid="' . $ids . '"')); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.bvfs_update', 'jobid="' . $ids . '"'), $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/BVFSVersions.php b/gui/baculum/protected/Pages/API/BVFSVersions.php index 20fb13c145..a6c24be2c5 100644 --- a/gui/baculum/protected/Pages/API/BVFSVersions.php +++ b/gui/baculum/protected/Pages/API/BVFSVersions.php @@ -27,7 +27,7 @@ class BVFSVersions extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { $cmd = array('.bvfs_versions', 'client="' . $client . '"', 'jobid="' . $job->jobid . '"', 'pathid="' . $pathid . '"', 'fnid="' . $filenameid . '"'); - $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd); + $result = $this->getModule('bconsole')->bconsoleCommand($this->director, $cmd, $this->user); $this->output = $result->output; $this->error = (integer)$result->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Client.php b/gui/baculum/protected/Pages/API/Client.php index 6318662cff..ae8fd24985 100644 --- a/gui/baculum/protected/Pages/API/Client.php +++ b/gui/baculum/protected/Pages/API/Client.php @@ -32,7 +32,7 @@ class Client extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('client')->setClient($id, $params); + $result = ($this->user === null) ? $this->getModule('client')->setClient($id, $params) : true; if($result === true) { $this->output = null; $this->error = ClientError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/ClientShow.php b/gui/baculum/protected/Pages/API/ClientShow.php index 480351a5d0..0903fd88bb 100644 --- a/gui/baculum/protected/Pages/API/ClientShow.php +++ b/gui/baculum/protected/Pages/API/ClientShow.php @@ -22,7 +22,7 @@ class ClientShow extends BaculumAPI { $clientid = intval($this->Request['id']); $client = $this->getModule('client')->getClientById($clientid); if(!is_null($client)) { - $clientShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'client="' . $client->name . '"')); + $clientShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'client="' . $client->name . '"'), $this->user); $this->output = $clientShow->output; $this->error = (integer)$clientShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/ClientStatus.php b/gui/baculum/protected/Pages/API/ClientStatus.php index 13535f47ed..edadfffced 100644 --- a/gui/baculum/protected/Pages/API/ClientStatus.php +++ b/gui/baculum/protected/Pages/API/ClientStatus.php @@ -22,7 +22,7 @@ class ClientStatus extends BaculumAPI { $clientid = intval($this->Request['id']); $client = $this->getModule('client')->getClientById($clientid); if(!is_null($client)) { - $clientStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'client="' . $client->name . '"')); + $clientStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'client="' . $client->name . '"'), $this->user); $this->output = $clientStatus->output; $this->error = (integer)$clientStatus->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Clients.php b/gui/baculum/protected/Pages/API/Clients.php index 495c5d64c8..7801b442f8 100644 --- a/gui/baculum/protected/Pages/API/Clients.php +++ b/gui/baculum/protected/Pages/API/Clients.php @@ -50,7 +50,14 @@ class Clients extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $clients = $this->getModule('client')->getClients($limit); - $this->output = $clients; + $allowedClients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.client'), $this->user)->output; + $clientsOutput = array(); + foreach($clients as $client) { + if(in_array($client->name, $allowedClients)) { + $clientsOutput[] = $client; + } + } + $this->output = $clientsOutput; $this->error = ClientError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/ClientsShow.php b/gui/baculum/protected/Pages/API/ClientsShow.php index cebab82041..5b1f6610d5 100644 --- a/gui/baculum/protected/Pages/API/ClientsShow.php +++ b/gui/baculum/protected/Pages/API/ClientsShow.php @@ -20,7 +20,7 @@ class ClientsShow extends BaculumAPI { public function get() { - $clients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'clients')); + $clients = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'clients'), $this->user); $this->output = $clients->output; $this->error = (integer)$clients->exitcode; } diff --git a/gui/baculum/protected/Pages/API/ConsoleCommand.php b/gui/baculum/protected/Pages/API/ConsoleCommand.php index cff6ef05e8..55ed3a4ccb 100644 --- a/gui/baculum/protected/Pages/API/ConsoleCommand.php +++ b/gui/baculum/protected/Pages/API/ConsoleCommand.php @@ -23,7 +23,7 @@ class ConsoleCommand extends BaculumAPI { public function set($id, $params) { $params = (array)$params; - $console = $this->getModule('bconsole')->bconsoleCommand($this->director, $params); + $console = $this->getModule('bconsole')->bconsoleCommand($this->director, $params, $this->user); $this->output = $console->output; $this->error = (integer)$console->exitcode; } diff --git a/gui/baculum/protected/Pages/API/FileSets.php b/gui/baculum/protected/Pages/API/FileSets.php index ea5ac4b4e8..96e572aa71 100644 --- a/gui/baculum/protected/Pages/API/FileSets.php +++ b/gui/baculum/protected/Pages/API/FileSets.php @@ -23,7 +23,7 @@ class FileSets extends BaculumAPI { if($directors->exitcode === 0) { $filesets = array(); for($i = 0; $i < count($directors->output); $i++) { - $filesetsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'fileset'))->output; + $filesetsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'fileset'), $this->user)->output; $filesets[$directors->output[$i]] = array(); for($j = 0; $j < count($filesetsshow); $j++) { diff --git a/gui/baculum/protected/Pages/API/Job.php b/gui/baculum/protected/Pages/API/Job.php index 9736629e29..3aa7a18f9e 100644 --- a/gui/baculum/protected/Pages/API/Job.php +++ b/gui/baculum/protected/Pages/API/Job.php @@ -34,7 +34,7 @@ class Job extends BaculumAPI { $jobid = intval($id); $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { - $delete = $this->getModule('bconsole')->bconsoleCommand($this->director, array('delete', 'jobid="' . $job->jobid . '"')); + $delete = $this->getModule('bconsole')->bconsoleCommand($this->director, array('delete', 'jobid="' . $job->jobid . '"'), $this->user); $this->output = $delete->output; $this->error = (integer)$delete->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobCancel.php b/gui/baculum/protected/Pages/API/JobCancel.php index 51d483b9ac..d5397dfed5 100644 --- a/gui/baculum/protected/Pages/API/JobCancel.php +++ b/gui/baculum/protected/Pages/API/JobCancel.php @@ -26,7 +26,7 @@ class JobCancel extends BaculumAPI { $job = $this->getModule('job')->getJobById($jobid); if(!is_null($job)) { - $cancel = $this->getModule('bconsole')->bconsoleCommand($this->director, array('cancel', 'jobid="' . $job->jobid . '"')); + $cancel = $this->getModule('bconsole')->bconsoleCommand($this->director, array('cancel', 'jobid="' . $job->jobid . '"'), $this->user); $this->output = $cancel->output; $this->error = (integer)$cancel->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobEstimate.php b/gui/baculum/protected/Pages/API/JobEstimate.php index 9933539da5..4f18570dd5 100644 --- a/gui/baculum/protected/Pages/API/JobEstimate.php +++ b/gui/baculum/protected/Pages/API/JobEstimate.php @@ -37,7 +37,7 @@ class JobEstimate extends BaculumAPI { if(!is_null($fileset)) { if(!is_null($client)) { $joblevels = $this->getModule('misc')->getJobLevels(); - $estimation = $this->getModule('bconsole')->bconsoleCommand($this->director, array('estimate', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset. '"', 'client="' . $client->name . '"', 'accurate="' . $accurate . '"')); + $estimation = $this->getModule('bconsole')->bconsoleCommand($this->director, array('estimate', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset. '"', 'client="' . $client->name . '"', 'accurate="' . $accurate . '"'), $this->user); $this->output = $estimation->output; $this->error = (integer)$estimation->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobRun.php b/gui/baculum/protected/Pages/API/JobRun.php index 9e96e71838..30b4309693 100644 --- a/gui/baculum/protected/Pages/API/JobRun.php +++ b/gui/baculum/protected/Pages/API/JobRun.php @@ -42,7 +42,7 @@ class JobRun extends BaculumAPI { if(!is_null($storage)) { if(!is_null($pool)) { $joblevels = $this->getModule('misc')->getJobLevels(); - $run = $this->getModule('bconsole')->bconsoleCommand($this->director, array('run', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset . '"', 'client="' . $client->name . '"', 'storage="' . $storage->name . '"', 'pool="' . $pool->name . '"' , 'priority="' . $priority . '"', 'yes')); + $run = $this->getModule('bconsole')->bconsoleCommand($this->director, array('run', 'job="' . $job . '"', 'level="' . $joblevels[$level] . '"', 'fileset="' . $fileset . '"', 'client="' . $client->name . '"', 'storage="' . $storage->name . '"', 'pool="' . $pool->name . '"' , 'priority="' . $priority . '"', 'yes'), $this->user); $this->output = $run->output; $this->error = (integer)$run->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/JobTasks.php b/gui/baculum/protected/Pages/API/JobTasks.php index cce31c8a52..22dbee24f4 100644 --- a/gui/baculum/protected/Pages/API/JobTasks.php +++ b/gui/baculum/protected/Pages/API/JobTasks.php @@ -24,8 +24,8 @@ class JobTasks extends BaculumAPI { if($directors->exitcode === 0) { $jobs = array(); for($i = 0; $i < count($directors->output); $i++) { - $jobsList = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('.jobs'))->output; - $jobsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'jobs'))->output; + $jobsList = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('.jobs'), $this->user)->output; + $jobsshow = $this->getModule('bconsole')->bconsoleCommand($directors->output[$i], array('show', 'jobs'), $this->user)->output; $jobs[$directors->output[$i]] = array(); for($j = 0; $j < count($jobsList); $j++) { /** diff --git a/gui/baculum/protected/Pages/API/Jobs.php b/gui/baculum/protected/Pages/API/Jobs.php index d4fb5f2489..e829bc1618 100644 --- a/gui/baculum/protected/Pages/API/Jobs.php +++ b/gui/baculum/protected/Pages/API/Jobs.php @@ -21,7 +21,14 @@ class Jobs extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $jobs = $this->getModule('job')->getJobs($limit); - $this->output = $jobs; + $allowedJobs = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.jobs'), $this->user)->output; + $jobsOutput = array(); + foreach($jobs as $job) { + if(in_array($job->name, $allowedJobs)) { + $jobsOutput[] = $job; + } + } + $this->output = $jobsOutput; $this->error = JobError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/Pool.php b/gui/baculum/protected/Pages/API/Pool.php index 274b3662ac..bc0b6ab4e0 100644 --- a/gui/baculum/protected/Pages/API/Pool.php +++ b/gui/baculum/protected/Pages/API/Pool.php @@ -31,7 +31,7 @@ class Pool extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('pool')->setPool($id, $params); + $result = ($this->user === null) ? $this->getModule('pool')->setPool($id, $params) : true; if($result === true) { $this->output = null; $this->error = PoolError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/PoolShow.php b/gui/baculum/protected/Pages/API/PoolShow.php index b3bd4e4fe8..f21571f3b8 100644 --- a/gui/baculum/protected/Pages/API/PoolShow.php +++ b/gui/baculum/protected/Pages/API/PoolShow.php @@ -22,7 +22,7 @@ class PoolShow extends BaculumAPI { $poolid = intval($this->Request['id']); $pool = $this->getModule('pool')->getPoolById($poolid); if(!is_null($pool)) { - $poolShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pool="' . $pool->name . '"')); + $poolShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pool="' . $pool->name . '"'), $this->user); $this->output = $poolShow->output; $this->error = (integer)$poolShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/PoolUpdate.php b/gui/baculum/protected/Pages/API/PoolUpdate.php index 56f542d857..84538651f2 100644 --- a/gui/baculum/protected/Pages/API/PoolUpdate.php +++ b/gui/baculum/protected/Pages/API/PoolUpdate.php @@ -23,7 +23,7 @@ class PoolUpdate extends BaculumAPI { public function set($id, $params) { $pool = $this->getModule('pool')->getPoolById($id); if(!is_null($pool)) { - $poolUpdate = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'pool="' . $pool->name . '"')); + $poolUpdate = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'pool="' . $pool->name . '"'), $this->user); $this->output = $poolUpdate->output; $this->error = (integer)$poolUpdate->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php b/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php index 1e065da42e..770922fb8b 100644 --- a/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php +++ b/gui/baculum/protected/Pages/API/PoolUpdateVolumes.php @@ -26,7 +26,7 @@ class PoolUpdateVolumes extends BaculumAPI { if(!is_null($pool)) { $voldata = $this->getModule('volume')->getVolumesByPoolId($pool->poolid); if(!is_null($voldata)) { - $poolUpdateVolumes = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'volume="' . $voldata->volumename . '"', 'allfrompool="' . $pool->name . '"')); + $poolUpdateVolumes = $this->getModule('bconsole')->bconsoleCommand($this->director, array('update', 'volume="' . $voldata->volumename . '"', 'allfrompool="' . $pool->name . '"'), $this->user); $this->output = $poolUpdateVolumes->output; $this->error = (integer)$poolUpdateVolumes->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Pools.php b/gui/baculum/protected/Pages/API/Pools.php index c93bbea156..c847d5daa1 100644 --- a/gui/baculum/protected/Pages/API/Pools.php +++ b/gui/baculum/protected/Pages/API/Pools.php @@ -21,7 +21,14 @@ class Pools extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $pools = $this->getModule('pool')->getPools($limit); - $this->output = $pools; + $allowedPools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.pool'), $this->user)->output; + $poolsOutput = array(); + foreach($pools as $pool) { + if(in_array($pool->name, $allowedPools)) { + $poolsOutput[] = $pool; + } + } + $this->output = $poolsOutput; $this->error = PoolError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/PoolsShow.php b/gui/baculum/protected/Pages/API/PoolsShow.php index 3a425deccd..dc28112e2a 100644 --- a/gui/baculum/protected/Pages/API/PoolsShow.php +++ b/gui/baculum/protected/Pages/API/PoolsShow.php @@ -20,7 +20,7 @@ class PoolsShow extends BaculumAPI { public function get() { - $pools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pools')); + $pools = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'pools'), $this->user); $this->output = $pools->output; $this->error = (integer)$pools->exitcode; } diff --git a/gui/baculum/protected/Pages/API/RestoreRun.php b/gui/baculum/protected/Pages/API/RestoreRun.php index bca51994a0..3978ed07c4 100644 --- a/gui/baculum/protected/Pages/API/RestoreRun.php +++ b/gui/baculum/protected/Pages/API/RestoreRun.php @@ -36,7 +36,7 @@ class RestoreRun extends BaculumAPI { if(preg_match('/^b2[\d]+$/', $rfile) === 1) { if(!is_null($where)) { if(!is_null($replace)) { - $restore = $this->getModule('bconsole')->bconsoleCommand($this->director, array('restore', 'file="?' . $rfile . '"', 'client="' . $client->name . '"', 'where="' . $where . '"', 'replace="' . $replace . '"', 'fileset="' . $fileset . '"', 'priority="' . $priority . '"', 'yes')); + $restore = $this->getModule('bconsole')->bconsoleCommand($this->director, array('restore', 'file="?' . $rfile . '"', 'client="' . $client->name . '"', 'where="' . $where . '"', 'replace="' . $replace . '"', 'fileset="' . $fileset . '"', 'priority="' . $priority . '"', 'yes'), $this->user); $this->output = $restore->output; $this->error = (integer)$restore->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageMount.php b/gui/baculum/protected/Pages/API/StorageMount.php index 535c837acc..8fb8ae197d 100644 --- a/gui/baculum/protected/Pages/API/StorageMount.php +++ b/gui/baculum/protected/Pages/API/StorageMount.php @@ -24,7 +24,7 @@ class StorageMount extends BaculumAPI { $slot = intval($this->Request['slot']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageMount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('mount', 'storage="' . $storage->name . '"', 'drive=' . $drive, 'slot=' . $slot)); + $storageMount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('mount', 'storage="' . $storage->name . '"', 'drive=' . $drive, 'slot=' . $slot), $this->user); $this->output = $storageMount->output; $this->error = (integer)$storageMount->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageRelease.php b/gui/baculum/protected/Pages/API/StorageRelease.php index a1e10868d8..8247712635 100644 --- a/gui/baculum/protected/Pages/API/StorageRelease.php +++ b/gui/baculum/protected/Pages/API/StorageRelease.php @@ -22,7 +22,7 @@ class StorageRelease extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageRelease = $this->getModule('bconsole')->bconsoleCommand($this->director, array('release', 'storage="' . $storage->name . '"')); + $storageRelease = $this->getModule('bconsole')->bconsoleCommand($this->director, array('release', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageRelease->output; $this->error = (integer)$storageRelease->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageShow.php b/gui/baculum/protected/Pages/API/StorageShow.php index 587a18d4a2..c84bc34b5e 100644 --- a/gui/baculum/protected/Pages/API/StorageShow.php +++ b/gui/baculum/protected/Pages/API/StorageShow.php @@ -22,7 +22,7 @@ class StorageShow extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storage="' . $storage->name . '"')); + $storageShow = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageShow->output; $this->error = (integer)$storageShow->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageStatus.php b/gui/baculum/protected/Pages/API/StorageStatus.php index c10b89d85f..baaf4a27d6 100644 --- a/gui/baculum/protected/Pages/API/StorageStatus.php +++ b/gui/baculum/protected/Pages/API/StorageStatus.php @@ -22,7 +22,7 @@ class StorageStatus extends BaculumAPI { $storageid = intval($this->Request['id']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'storage="' . $storage->name . '"')); + $storageStatus = $this->getModule('bconsole')->bconsoleCommand($this->director, array('status', 'storage="' . $storage->name . '"'), $this->user); $this->output = $storageStatus->output; $this->error = (integer)$storageStatus->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/StorageUmount.php b/gui/baculum/protected/Pages/API/StorageUmount.php index 9b4776909b..b8c6c7bd88 100644 --- a/gui/baculum/protected/Pages/API/StorageUmount.php +++ b/gui/baculum/protected/Pages/API/StorageUmount.php @@ -23,7 +23,7 @@ class StorageUmount extends BaculumAPI { $drive = intval($this->Request['drive']); $storage = $this->getModule('storage')->getStorageById($storageid); if(!is_null($storage)) { - $storageUmount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('umount', 'storage="' . $storage->name . '"', 'drive=' . $drive)); + $storageUmount = $this->getModule('bconsole')->bconsoleCommand($this->director, array('umount', 'storage="' . $storage->name . '"', 'drive=' . $drive), $this->user); $this->output = $storageUmount->output; $this->error = (integer)$storageUmount->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/Storages.php b/gui/baculum/protected/Pages/API/Storages.php index bddfa7b640..9d4df64a79 100644 --- a/gui/baculum/protected/Pages/API/Storages.php +++ b/gui/baculum/protected/Pages/API/Storages.php @@ -22,7 +22,14 @@ class Storages extends BaculumAPI { public function get() { $limit = intval($this->Request['limit']); $storages = $this->getModule('storage')->getStorages($limit); - $this->output = $storages; + $allowedStorages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('.storage'), $this->user)->output; + $storagesOutput = array(); + foreach($storages as $storage) { + if(in_array($storage->name, $allowedStorages)) { + $storagesOutput[] = $storage; + } + } + $this->output = $storagesOutput; $this->error = StorageError::ERROR_NO_ERRORS; } } diff --git a/gui/baculum/protected/Pages/API/StoragesShow.php b/gui/baculum/protected/Pages/API/StoragesShow.php index 2970997593..368767a4c6 100644 --- a/gui/baculum/protected/Pages/API/StoragesShow.php +++ b/gui/baculum/protected/Pages/API/StoragesShow.php @@ -20,7 +20,7 @@ class StoragesShow extends BaculumAPI { public function get() { - $storages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storages')); + $storages = $this->getModule('bconsole')->bconsoleCommand($this->director, array('show', 'storages'), $this->user); $this->output = $storages->output; $this->error = (integer)$storages->exitcode; } diff --git a/gui/baculum/protected/Pages/API/Volume.php b/gui/baculum/protected/Pages/API/Volume.php index c4432b2901..411e34073e 100644 --- a/gui/baculum/protected/Pages/API/Volume.php +++ b/gui/baculum/protected/Pages/API/Volume.php @@ -31,7 +31,7 @@ class Volume extends BaculumAPI { } public function set($id, $params) { - $result = $this->getModule('volume')->setVolume($id, $params); + $result = ($this->user === null) ? $this->getModule('volume')->setVolume($id, $params) : true; if($result === true) { $this->output = null; $this->error = VolumeError::ERROR_NO_ERRORS; diff --git a/gui/baculum/protected/Pages/API/VolumePrune.php b/gui/baculum/protected/Pages/API/VolumePrune.php index 19a037690a..4beb266077 100644 --- a/gui/baculum/protected/Pages/API/VolumePrune.php +++ b/gui/baculum/protected/Pages/API/VolumePrune.php @@ -22,7 +22,7 @@ class VolumePrune extends BaculumAPI { $mediaid = intval($this->Request['id']); $volume = $this->getModule('volume')->getVolumeById($mediaid); if(!is_null($volume)) { - $prune = $this->getModule('bconsole')->bconsoleCommand($this->director, array('prune', 'volume="' . $volume->volumename . '"', 'yes')); + $prune = $this->getModule('bconsole')->bconsoleCommand($this->director, array('prune', 'volume="' . $volume->volumename . '"', 'yes'), $this->user); $this->output = $prune->output; $this->error = (integer)$prune->exitcode; } else { diff --git a/gui/baculum/protected/Pages/API/VolumePurge.php b/gui/baculum/protected/Pages/API/VolumePurge.php index 1aba55ba76..0f74533076 100644 --- a/gui/baculum/protected/Pages/API/VolumePurge.php +++ b/gui/baculum/protected/Pages/API/VolumePurge.php @@ -22,7 +22,7 @@ class VolumePurge extends BaculumAPI { $mediaid = intval($this->Request['id']); $volume = $this->getModule('volume')->getVolumeById($mediaid); if(!is_null($volume)) { - $purge = $this->getModule('bconsole')->bconsoleCommand($this->director, array('purge', 'volume="' . $volume->volumename . '"', 'yes')); + $purge = $this->getModule('bconsole')->bconsoleCommand($this->director, array('purge', 'volume="' . $volume->volumename . '"', 'yes'), $this->user); $this->output = $purge->output; $this->error = (integer)$purge->exitcode; } else { diff --git a/gui/baculum/protected/Pages/ConfigurationWizard.page b/gui/baculum/protected/Pages/ConfigurationWizard.page index 74086ce952..7cda83b63a 100644 --- a/gui/baculum/protected/Pages/ConfigurationWizard.page +++ b/gui/baculum/protected/Pages/ConfigurationWizard.page @@ -166,7 +166,7 @@
-
+
@@ -207,6 +207,23 @@

<%[ NOTE! ]%>
<%[ Baculum needs access to bconsole by the web server. ]%>

+
+
+

<%[ For need defining more Baculum users with custom access or restricted console access (Bconsole ACLs) here is possible to determine custom bconsole configuration file format for each user. ]%>

+
+
+

<%[ If there is used only one Baculum user then below field value will be ignored. ]%>

+
+
+
+
+ + +
+
+
+

<%[ NOTE! ]%>
<%[ {user} keyword will be replaced for each logged user into according username. ]%>

+
@@ -277,9 +294,13 @@
<%=$this->BconsolePath->Text%>
-
<%[ Bconsole config file path: ]%>
+
<%[ Bconsole admin config file path: ]%>
<%=$this->BconsoleConfigPath->Text%>
+
+
<%[ Bconsole custom config file path: ]%>
+
<%=$this->BconsoleConfigCustomPath->Text%>
+
<%[ Use sudo for bconsole requests: ]%>
<%=($this->UseSudo->Checked === true) ? 'yes' : 'no'%>
diff --git a/gui/baculum/protected/Pages/ConfigurationWizard.php b/gui/baculum/protected/Pages/ConfigurationWizard.php index 2a6214872f..c818af0c4c 100644 --- a/gui/baculum/protected/Pages/ConfigurationWizard.php +++ b/gui/baculum/protected/Pages/ConfigurationWizard.php @@ -34,12 +34,16 @@ class ConfigurationWizard extends BaculumPage const DEFAULT_DB_LOGIN = 'bacula'; const DEFAULT_BCONSOLE_BIN = '/usr/sbin/bconsole'; const DEFAULT_BCONSOLE_CONF = '/etc/bacula/bconsole.conf'; + const DEFAULT_BCONSOLE_CONF_CUSTOM = '/etc/bacula/bconsole-{user}.conf'; public function onInit($param) { parent::onInit($param); $this->Lang->SelectedValue = $this->Session['language']; $this->firstRun = !$this->getModule('configuration')->isApplicationConfig(); $this->applicationConfig = $this->getModule('configuration')->getApplicationConfig(); + if($this->firstRun === false && $this->User->getIsAdmin() === false) { + die('Access denied.'); + } } public function onLoad($param) { @@ -52,6 +56,7 @@ class ConfigurationWizard extends BaculumPage $this->Login->Text = self::DEFAULT_DB_LOGIN; $this->BconsolePath->Text = self::DEFAULT_BCONSOLE_BIN; $this->BconsoleConfigPath->Text = self::DEFAULT_BCONSOLE_CONF; + $this->BconsoleConfigCustomPath->Text = self::DEFAULT_BCONSOLE_CONF_CUSTOM; } else { $this->DBType->SelectedValue = $this->getPage()->applicationConfig['db']['type']; $this->DBName->Text = $this->applicationConfig['db']['name']; @@ -63,6 +68,7 @@ class ConfigurationWizard extends BaculumPage $this->DBPath->Text = $this->applicationConfig['db']['path']; $this->BconsolePath->Text = $this->applicationConfig['bconsole']['bin_path']; $this->BconsoleConfigPath->Text = $this->applicationConfig['bconsole']['cfg_path']; + $this->BconsoleConfigCustomPath->Text = array_key_exists('cfg_custom_path', $this->applicationConfig['bconsole']) ? $this->applicationConfig['bconsole']['cfg_custom_path'] : self::DEFAULT_BCONSOLE_CONF_CUSTOM; $this->UseSudo->Checked = $this->getPage()->applicationConfig['bconsole']['use_sudo'] == 1; $this->PanelLogin->Text = $this->applicationConfig['baculum']['login']; $this->PanelPassword->Text = $this->applicationConfig['baculum']['password']; @@ -92,6 +98,7 @@ class ConfigurationWizard extends BaculumPage $cfgData['db']['path'] = $this->Application->getModule('configuration')->isSQLiteType($cfgData['db']['type']) ? $this->DBPath->Text : ''; $cfgData['bconsole']['bin_path'] = $this->BconsolePath->Text; $cfgData['bconsole']['cfg_path'] = $this->BconsoleConfigPath->Text; + $cfgData['bconsole']['cfg_custom_path'] = $this->BconsoleConfigCustomPath->Text; $cfgData['bconsole']['use_sudo'] = (integer)($this->UseSudo->Checked === true); $cfgData['baculum']['login'] = $this->PanelLogin->Text; $cfgData['baculum']['password'] = $this->PanelPassword->Text; diff --git a/gui/baculum/protected/Pages/Home.page b/gui/baculum/protected/Pages/Home.page index 178095a8f3..29a41b401d 100644 --- a/gui/baculum/protected/Pages/Home.page +++ b/gui/baculum/protected/Pages/Home.page @@ -13,7 +13,7 @@ - +
diff --git a/gui/baculum/protected/Pages/Home.php b/gui/baculum/protected/Pages/Home.php index 29c21eae22..854fd7b357 100644 --- a/gui/baculum/protected/Pages/Home.php +++ b/gui/baculum/protected/Pages/Home.php @@ -31,6 +31,11 @@ class Home extends BaculumPage $this->goToPage('ConfigurationWizard'); } + $appConfig = $this->getModule('configuration')->getApplicationConfig(); + + $this->SettingsWizardBtn->Visible = $this->User->getIsAdmin(); + $this->MediaBtn->Visible = $this->User->getIsAdmin(); + if(!$this->IsPostBack && !$this->IsCallBack) { $this->Logging->Checked = $this->getModule('logging')->isDebugOn(); } diff --git a/gui/baculum/protected/Pages/config.xml b/gui/baculum/protected/Pages/config.xml new file mode 100644 index 0000000000..18bd4b30ec --- /dev/null +++ b/gui/baculum/protected/Pages/config.xml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/gui/baculum/protected/application.xml b/gui/baculum/protected/application.xml index fa4232622e..11bd376c50 100644 --- a/gui/baculum/protected/application.xml +++ b/gui/baculum/protected/application.xml @@ -96,6 +96,8 @@ + +