Access Control Plugin

Greg Plamondon

I am trying to use the Access Control plugin to limit what the helpdesk technicians can see.

I have an issue trying to restrict the active directory menu option within a host.

I have tried the following with no success.

Any help or suggestion would be appreciated.

Lee Rowlett

@Greg-Plamondon apologies i thought this was part of main code.

save below code in /var/www/html/fog/lib/hooks/removehosteditgen.hook.php

this is just to get you going, change data and template number to the right id that is relevent for what you want to remove and remove/comment out what you don’t want removing. read up about hooks on wiki. if you get stuck i’ll happily assist when i can to meet what you originally asked for etc but it’s worth you having a go yourself to understand how hooks function.

hope this helps

<?php
class removehosteditgen extends Hook {
    public $name = 'removehosteditgen';
    public $description = 'Remove unused fields in host edit general';
    public $author = 'Rowlett';
    public $active = true;
    public function __construct()
    {
        parent::__construct();
        self::$HookManager
            ->register(
                'HOST_EDIT_GEN',
                array(
                    $this,
                    'hostData'
                )
            )
			->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveSideNotes'
                )
            )
            ->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveDelete'
                )
            );
    }
	public function HostData($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['data'][5],$arguments['template'][5]);
			unset($arguments['data'][8],$arguments['template'][8]);
			unset($arguments['data'][9],$arguments['template'][9]);
			unset($arguments['data'][10],$arguments['template'][10]);
			unset($arguments['data'][11],$arguments['template'][11]);
		}
    }
	public function RemoveSideNotes($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['notes']['Host']);
			unset($arguments['notes']['MAC']);
			unset($arguments['notes']['Image']);
			unset($arguments['notes']['O/S']);
			unset($arguments['notes']['Last Deployed']);
			unset($arguments['notes']['Primary Group']);
		}
    }
	public function RemoveDelete($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			if (!in_array(self::$FOGUser->get('type'),array(0))) {
				unset($arguments['submenu']['?node=host&sub=membership&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=delete&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-printers']); 
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-service']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-powermanagement']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-virus-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				
				
			}
		}
    }
}

Fernando Gietz

Access Control Plugin doesn´t control the tabs that are in the host page. This plugin only control the entries in the general top menu (hosts, images, snapin, report, tasks, plugins, …) and the Main Menu entries (list All hosts, Create New XXX, Exports, …)

Greg Plamondon

@Fernando-Gietz ok, Thanks. Is there any way that i can remove the ability to see the Domain password in the Active Directory section of the host settings?

Lee Rowlett

@Greg-Plamondon you would need to use hooks to achieve this.

look at removehosteditgen.hook.php in hooks folder on webserver

Greg Plamondon

@Lee-Rowlett said in Access Control Plugin:

removehosteditgen.hook.php

Lee, I searched everywhere for that file and cannot find it.

Lee Rowlett

@Greg-Plamondon apologies i thought this was part of main code.

save below code in /var/www/html/fog/lib/hooks/removehosteditgen.hook.php

this is just to get you going, change data and template number to the right id that is relevent for what you want to remove and remove/comment out what you don’t want removing. read up about hooks on wiki. if you get stuck i’ll happily assist when i can to meet what you originally asked for etc but it’s worth you having a go yourself to understand how hooks function.

hope this helps

<?php
class removehosteditgen extends Hook {
    public $name = 'removehosteditgen';
    public $description = 'Remove unused fields in host edit general';
    public $author = 'Rowlett';
    public $active = true;
    public function __construct()
    {
        parent::__construct();
        self::$HookManager
            ->register(
                'HOST_EDIT_GEN',
                array(
                    $this,
                    'hostData'
                )
            )
			->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveSideNotes'
                )
            )
            ->register(
                'SUB_MENULINK_DATA',
                array(
                    $this,
                    'RemoveDelete'
                )
            );
    }
	public function HostData($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['data'][5],$arguments['template'][5]);
			unset($arguments['data'][8],$arguments['template'][8]);
			unset($arguments['data'][9],$arguments['template'][9]);
			unset($arguments['data'][10],$arguments['template'][10]);
			unset($arguments['data'][11],$arguments['template'][11]);
		}
    }
	public function RemoveSideNotes($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			unset($arguments['notes']['Host']);
			unset($arguments['notes']['MAC']);
			unset($arguments['notes']['Image']);
			unset($arguments['notes']['O/S']);
			unset($arguments['notes']['Last Deployed']);
			unset($arguments['notes']['Primary Group']);
		}
    }
	public function RemoveDelete($arguments) {
		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
			if (!in_array(self::$FOGUser->get('type'),array(0))) {
				unset($arguments['submenu']['?node=host&sub=membership&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=delete&id='.$_REQUEST['id']]);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-printers']); 
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-service']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-powermanagement']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-virus-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
				
				
			}
		}
    }
}

Greg Plamondon

@Lee-Rowlett Thanks!

Sebastian Roth

For anyone interested, here is a working example of how to hide the Domain Password field.

1. Create a new empty file named /var/www/html/fog/lib/hooks/hideadhostdata.hook.php
2. Change ownership: chown apache:apache /var/www/html/fog/lib/hooks/hideadhostdata.hook.php (this is for CentOS, use chown www-data:www-data ... for Debian/Ubuntu)
3. Copy and paste the following code to that file and save it:

<?php
class hideadhostdata extends Hook {
    public $name = 'hideadhostdata';
    public $description = 'Hide some of the AD information in host edit view';
    public $author = 'SR';
    public $active = true;
    public function __construct()
    {
        parent::__construct();
        self::$HookManager
            ->register(
                'HOST_EDIT_AD', 
                array($this, 'hideADHostData')
            );
    }
    
    public function hideADHostData($arguments) {
        if ($_REQUEST['node'] == 'host' && $_REQUEST['sub'] == 'edit') {
            unset($arguments['data'][5],$arguments['template'][5]); // Domain Password
        }
    }
}
?>

Greg Plamondon

@Sebastian-Roth Thank you!

Greg Plamondon

@Sebastian-Roth
Hey just wanted to post an update, I ran into one problem with this method. If you click the clear fields and then save, and then set the checkbox for “Join Domain after deploy” it doesn’t save the AD password to the database its left null

Tom Elliott

@Greg-Plamondon That’s mainly because the field is completely missing and removed from the view. This means that when you submit, the hosts in question don’t get updated.

Sebastian Roth

@Greg-Plamondon Good point. We are working on a better solution to this anyway. See here: https://github.com/FOGProject/fogproject/issues/337

Greg Plamondon

@Tom-Elliott I have access to the DB so I can work around it.

Lee Rowlett

what if you cleared the template but not the data?