Access Control Plugin


  • Testers

    I am trying to use the Access Control plugin to limit what the helpdesk technicians can see.

    I have an issue trying to restrict the active directory menu option within a host.

    IMAGE

    I have tried the following with no success.

    alt text

    Any help or suggestion would be appreciated.


  • Developer

    what if you cleared the template but not the data?


  • Testers

    @Tom-Elliott I have access to the DB so I can work around it.


  • Developer

    @Greg-Plamondon Good point. We are working on a better solution to this anyway. See here: https://github.com/FOGProject/fogproject/issues/337


  • Senior Developer

    @Greg-Plamondon That’s mainly because the field is completely missing and removed from the view. This means that when you submit, the hosts in question don’t get updated.


  • Testers

    @Sebastian-Roth
    Hey just wanted to post an update, I ran into one problem with this method. If you click the clear fields and then save, and then set the checkbox for “Join Domain after deploy” it doesn’t save the AD password to the database its left null


  • Testers

    @Sebastian-Roth Thank you!


  • Developer

    For anyone interested, here is a working example of how to hide the Domain Password field.

    1. Create a new empty file named /var/www/html/fog/lib/hooks/hideadhostdata.hook.php
    2. Change ownership: chown apache:apache /var/www/html/fog/lib/hooks/hideadhostdata.hook.php (this is for CentOS, use chown www-data:www-data ... for Debian/Ubuntu)
    3. Copy and paste the following code to that file and save it:
    <?php
    class hideadhostdata extends Hook {
        public $name = 'hideadhostdata';
        public $description = 'Hide some of the AD information in host edit view';
        public $author = 'SR';
        public $active = true;
        public function __construct()
        {
            parent::__construct();
            self::$HookManager
                ->register(
                    'HOST_EDIT_AD', 
                    array($this, 'hideADHostData')
                );
        }
        
        public function hideADHostData($arguments) {
            if ($_REQUEST['node'] == 'host' && $_REQUEST['sub'] == 'edit') {
                unset($arguments['data'][5],$arguments['template'][5]); // Domain Password
            }
        }
    }
    ?>
    

  • Testers

    @Lee-Rowlett Thanks!


  • Developer

    @Greg-Plamondon apologies i thought this was part of main code.

    save below code in /var/www/html/fog/lib/hooks/removehosteditgen.hook.php

    this is just to get you going, change data and template number to the right id that is relevent for what you want to remove and remove/comment out what you don’t want removing. read up about hooks on wiki. if you get stuck i’ll happily assist when i can to meet what you originally asked for etc but it’s worth you having a go yourself to understand how hooks function.

    hope this helps

    <?php
    class removehosteditgen extends Hook {
        public $name = 'removehosteditgen';
        public $description = 'Remove unused fields in host edit general';
        public $author = 'Rowlett';
        public $active = true;
        public function __construct()
        {
            parent::__construct();
            self::$HookManager
                ->register(
                    'HOST_EDIT_GEN',
                    array(
                        $this,
                        'hostData'
                    )
                )
    			->register(
                    'SUB_MENULINK_DATA',
                    array(
                        $this,
                        'RemoveSideNotes'
                    )
                )
                ->register(
                    'SUB_MENULINK_DATA',
                    array(
                        $this,
                        'RemoveDelete'
                    )
                );
        }
    	public function HostData($arguments) {
    		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
    			unset($arguments['data'][5],$arguments['template'][5]);
    			unset($arguments['data'][8],$arguments['template'][8]);
    			unset($arguments['data'][9],$arguments['template'][9]);
    			unset($arguments['data'][10],$arguments['template'][10]);
    			unset($arguments['data'][11],$arguments['template'][11]);
    		}
        }
    	public function RemoveSideNotes($arguments) {
    		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
    			unset($arguments['notes']['Host']);
    			unset($arguments['notes']['MAC']);
    			unset($arguments['notes']['Image']);
    			unset($arguments['notes']['O/S']);
    			unset($arguments['notes']['Last Deployed']);
    			unset($arguments['notes']['Primary Group']);
    		}
        }
    	public function RemoveDelete($arguments) {
    		if ($_REQUEST['node'] == 'host' && (($_REQUEST['sub'] == 'deploy') || ($_REQUEST['sub'] == 'edit') || ($_REQUEST['sub'] == 'membership'))) {
    			if (!in_array(self::$FOGUser->get('type'),array(0))) {
    				unset($arguments['submenu']['?node=host&sub=membership&id='.$_REQUEST['id']]);
    				unset($arguments['submenu']['?node=host&sub=delete&id='.$_REQUEST['id']]);
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-printers']); 
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-service']);
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-powermanagement']);
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-virus-history']);
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
    				unset($arguments['submenu']['?node=host&sub=edit&id='.$_REQUEST['id'].'#host-login-history']);
    				
    				
    			}
    		}
        }
    }
    

  • Testers

    @Lee-Rowlett said in Access Control Plugin:

    removehosteditgen.hook.php

    Lee, I searched everywhere for that file and cannot find it.


  • Developer

    @Greg-Plamondon you would need to use hooks to achieve this.

    look at removehosteditgen.hook.php in hooks folder on webserver


  • Testers

    @Fernando-Gietz ok, Thanks. Is there any way that i can remove the ability to see the Domain password in the Active Directory section of the host settings?


  • Developer

    Access Control Plugin doesn´t control the tabs that are in the host page. This plugin only control the entries in the general top menu (hosts, images, snapin, report, tasks, plugins, …) and the Main Menu entries (list All hosts, Create New XXX, Exports, …)


Log in to reply
 

483
Online

6.3k
Users

13.7k
Topics

129.2k
Posts