mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-24 02:58:43 +02:00
User profiles: created in dedicated module itop-profiles-itil
SVN:trunk[980]
This commit is contained in:
Romain Quetiez
@@ -471,14 +471,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
|
||||
return true;
|
||||
}
|
||||
|
||||
public function Setup()
|
||||
{
|
||||
SetupProfiles::ComputeITILProfiles();
|
||||
//SetupProfiles::ComputeBasicProfiles();
|
||||
SetupProfiles::DoCreateProfiles();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function Init()
|
||||
{
|
||||
MetaModel::RegisterPlugin('userrights', 'ACbyProfile');
|
||||
@@ -825,265 +817,6 @@ exit;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Create simple profiles into our user management model:
|
||||
// - administrator
|
||||
// - readers
|
||||
// - contributors
|
||||
//
|
||||
class SetupProfiles
|
||||
{
|
||||
protected static $m_aActions = array(
|
||||
UR_ACTION_READ => 'Read',
|
||||
UR_ACTION_MODIFY => 'Modify',
|
||||
UR_ACTION_DELETE => 'Delete',
|
||||
UR_ACTION_BULK_READ => 'Bulk Read',
|
||||
UR_ACTION_BULK_MODIFY => 'Bulk Modify',
|
||||
UR_ACTION_BULK_DELETE => 'Bulk Delete',
|
||||
);
|
||||
|
||||
// Note: It is possible to specify the same class in several modules
|
||||
//
|
||||
protected static $m_aModules = array();
|
||||
protected static $m_aProfiles = array();
|
||||
|
||||
|
||||
protected static function DoCreateActionGrant($iProfile, $iAction, $sClass, $bPermission = true)
|
||||
{
|
||||
$oNewObj = MetaModel::NewObject("URP_ActionGrant");
|
||||
$oNewObj->Set('profileid', $iProfile);
|
||||
$oNewObj->Set('permission', $bPermission ? 'yes' : 'no');
|
||||
$oNewObj->Set('class', $sClass);
|
||||
$oNewObj->Set('action', self::$m_aActions[$iAction]);
|
||||
$iId = $oNewObj->DBInsertNoReload();
|
||||
return $iId;
|
||||
}
|
||||
|
||||
protected static function DoCreateStimulusGrant($iProfile, $sStimulusCode, $sClass)
|
||||
{
|
||||
$oNewObj = MetaModel::NewObject("URP_StimulusGrant");
|
||||
$oNewObj->Set('profileid', $iProfile);
|
||||
$oNewObj->Set('permission', 'yes');
|
||||
$oNewObj->Set('class', $sClass);
|
||||
$oNewObj->Set('stimulus', $sStimulusCode);
|
||||
$iId = $oNewObj->DBInsertNoReload();
|
||||
return $iId;
|
||||
}
|
||||
|
||||
protected static function DoCreateOneProfile($sName, $aProfileData)
|
||||
{
|
||||
$sDescription = $aProfileData['description'];
|
||||
if (strlen(trim($aProfileData['write_modules'])) == 0)
|
||||
{
|
||||
$aWriteModules = array();
|
||||
}
|
||||
else
|
||||
{
|
||||
$aWriteModules = explode(',', trim($aProfileData['write_modules']));
|
||||
}
|
||||
$aStimuli = $aProfileData['stimuli'];
|
||||
|
||||
$oNewObj = MetaModel::NewObject("URP_Profiles");
|
||||
$oNewObj->Set('name', $sName);
|
||||
$oNewObj->Set('description', $sDescription);
|
||||
$iProfile = $oNewObj->DBInsertNoReload();
|
||||
|
||||
// Grant read rights for everything
|
||||
//
|
||||
foreach (MetaModel::GetClasses('bizmodel') as $sClass)
|
||||
{
|
||||
self::DoCreateActionGrant($iProfile, UR_ACTION_READ, $sClass);
|
||||
self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_READ, $sClass);
|
||||
}
|
||||
|
||||
// Grant write for given modules
|
||||
// Start by compiling the information, because some modules may overlap
|
||||
$aWriteableClasses = array();
|
||||
foreach ($aWriteModules as $sModule)
|
||||
{
|
||||
//$oPage->p('Granting write access for the module"'.$sModule.'" - '.count(self::$m_aModules[$sModule]).' classes');
|
||||
foreach (self::$m_aModules[$sModule] as $sClass)
|
||||
{
|
||||
$aWriteableClasses[$sClass] = true;
|
||||
}
|
||||
}
|
||||
foreach ($aWriteableClasses as $sClass => $foo)
|
||||
{
|
||||
if (!MetaModel::IsValidClass($sClass))
|
||||
{
|
||||
throw new CoreException("Invalid class name '$sClass'");
|
||||
}
|
||||
self::DoCreateActionGrant($iProfile, UR_ACTION_MODIFY, $sClass);
|
||||
self::DoCreateActionGrant($iProfile, UR_ACTION_DELETE, $sClass);
|
||||
self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_MODIFY, $sClass);
|
||||
// By default, do not allow bulk deletion operations for standard users
|
||||
// self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_DELETE, $sClass);
|
||||
}
|
||||
|
||||
// Grant stimuli for given classes
|
||||
foreach ($aStimuli as $sClass => $sAllowedStimuli)
|
||||
{
|
||||
if (!MetaModel::IsValidClass($sClass))
|
||||
{
|
||||
// Could be a class defined in a module that wasn't installed
|
||||
continue;
|
||||
//throw new CoreException("Invalid class name '$sClass'");
|
||||
}
|
||||
|
||||
if ($sAllowedStimuli == 'any')
|
||||
{
|
||||
$aAllowedStimuli = array_keys(MetaModel::EnumStimuli($sClass));
|
||||
}
|
||||
elseif ($sAllowedStimuli == 'none')
|
||||
{
|
||||
$aAllowedStimuli = array();
|
||||
}
|
||||
else
|
||||
{
|
||||
$aAllowedStimuli = explode(',', $sAllowedStimuli);
|
||||
}
|
||||
foreach ($aAllowedStimuli as $sStimulusCode)
|
||||
{
|
||||
self::DoCreateStimulusGrant($iProfile, $sStimulusCode, $sClass);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static function DoCreateProfiles()
|
||||
{
|
||||
URP_Profiles::DoCreateAdminProfile();
|
||||
URP_Profiles::DoCreateUserPortalProfile();
|
||||
|
||||
foreach(self::$m_aProfiles as $sName => $aProfileData)
|
||||
{
|
||||
self::DoCreateOneProfile($sName, $aProfileData);
|
||||
}
|
||||
}
|
||||
|
||||
public static function ComputeBasicProfiles()
|
||||
{
|
||||
// In this profiling scheme, one single module represents all the classes
|
||||
//
|
||||
self::$m_aModules = array(
|
||||
'UserData' => MetaModel::GetClasses('bizmodel'),
|
||||
);
|
||||
|
||||
self::$m_aProfiles = array(
|
||||
'Reader' => array(
|
||||
'description' => 'Person having a ready-only access to the data',
|
||||
'write_modules' => '',
|
||||
'stimuli' => array(
|
||||
),
|
||||
),
|
||||
'Writer' => array(
|
||||
'description' => 'Contributor to the contents (read + write access)',
|
||||
'write_modules' => 'UserData',
|
||||
'stimuli' => array(
|
||||
// any class => 'any'
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
public static function ComputeITILProfiles()
|
||||
{
|
||||
// In this profiling scheme, modules are based on ITIL recommendations
|
||||
//
|
||||
self::$m_aModules = array(
|
||||
/*
|
||||
'WriteModule' => array(
|
||||
'someclass',
|
||||
'anotherclass',
|
||||
),
|
||||
*/
|
||||
'General' => MetaModel::GetClasses('structure'),
|
||||
'Documentation' => MetaModel::GetClasses('documentation'),
|
||||
'Configuration' => MetaModel::GetClasses('configmgmt'),
|
||||
'Incident' => MetaModel::GetClasses('incidentmgmt'),
|
||||
'Problem' => MetaModel::GetClasses('problemmgmt'),
|
||||
'Change' => MetaModel::GetClasses('changemgmt'),
|
||||
'Service' => MetaModel::GetClasses('servicemgmt'),
|
||||
'Call' => MetaModel::GetClasses('requestmgmt'),
|
||||
'KnownError' => MetaModel::GetClasses('knownerrormgmt'),
|
||||
);
|
||||
|
||||
self::$m_aProfiles = array(
|
||||
'Configuration Manager' => array(
|
||||
'description' => 'Person in charge of the documentation of the managed CIs',
|
||||
'write_modules' => 'General,Documentation,Configuration',
|
||||
'stimuli' => array(
|
||||
//'bizServer' => 'none',
|
||||
//'bizContract' => 'none',
|
||||
//'bizIncidentTicket' => 'none',
|
||||
//'bizChangeTicket' => 'any',
|
||||
),
|
||||
),
|
||||
'Service Desk Agent' => array(
|
||||
'description' => 'Person in charge of creating incident reports',
|
||||
'write_modules' => 'Incident,Call',
|
||||
'stimuli' => array(
|
||||
'Incident' => 'ev_assign',
|
||||
'UserRequest' => 'ev_assign',
|
||||
),
|
||||
),
|
||||
'Support Agent' => array(
|
||||
'description' => 'Person analyzing and solving the current incidents',
|
||||
'write_modules' => 'Incident',
|
||||
'stimuli' => array(
|
||||
'Incident' => 'ev_assign,ev_reassign,ev_resolve,ev_close',
|
||||
'UserRequest' => 'ev_assign,ev_reassign,ev_resolve,ev_close,ev_freeze',
|
||||
),
|
||||
),
|
||||
'Problem Manager' => array(
|
||||
'description' => 'Person analyzing and solving the current problems',
|
||||
'write_modules' => 'Problem,KnownError',
|
||||
'stimuli' => array(
|
||||
'Problem' => 'ev_assign,ev_reassign,ev_resolve,ev_close',
|
||||
),
|
||||
),
|
||||
|
||||
'Change Implementor' => array(
|
||||
'description' => 'Person executing the changes',
|
||||
'write_modules' => 'Change',
|
||||
'stimuli' => array(
|
||||
'NormalChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
|
||||
'EmergencyChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
|
||||
'RoutineChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
|
||||
),
|
||||
),
|
||||
'Change Supervisor' => array(
|
||||
'description' => 'Person responsible for the overall change execution',
|
||||
'write_modules' => 'Change',
|
||||
'stimuli' => array(
|
||||
'NormalChange' => 'ev_validate,ev_reject,ev_assign,ev_reopen,ev_finish',
|
||||
'EmergencyChange' => 'ev_assign,ev_reopen,ev_finish',
|
||||
'RoutineChange' => 'ev_assign,ev_reopen,ev_finish',
|
||||
),
|
||||
),
|
||||
'Change Approver' => array(
|
||||
'description' => 'Person who could be impacted by some changes',
|
||||
'write_modules' => 'Change',
|
||||
'stimuli' => array(
|
||||
'NormalChange' => 'ev_approve,ev_notapprove',
|
||||
'EmergencyChange' => 'ev_approve,ev_notapprove',
|
||||
'RoutineChange' => 'none',
|
||||
),
|
||||
),
|
||||
'Service Manager' => array(
|
||||
'description' => 'Person responsible for the service delivered to the [internal] customer',
|
||||
'write_modules' => 'Service',
|
||||
'stimuli' => array(
|
||||
),
|
||||
),
|
||||
'Document author' => array(
|
||||
'description' => 'Any person who could contribute to documentation',
|
||||
'write_modules' => 'Documentation',
|
||||
'stimuli' => array(
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
UserRights::SelectModule('UserRightsProfile');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user