PageRenderTime 49ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/itop-profiles-itil/module.itop-profiles-itil.php

https://github.com/adiakin/itop
PHP | 370 lines | 271 code | 28 blank | 71 comment | 11 complexity | 77f1d351dc8ec557f396660202194066 MD5 | raw file
    

  1. <?php
    2. 

  2. // Copyright (C) 2010 Combodo SARL
    3. 

  3. //
    4. 

  4. //   This program is free software; you can redistribute it and/or modify
    5. 

  5. //   it under the terms of the GNU General Public License as published by
    6. 

  6. //   the Free Software Foundation; version 3 of the License.
    7. 

  7. //
    8. 

  8. //   This program is distributed in the hope that it will be useful,
    9. 

  9. //   but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10. //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11. //   GNU General Public License for more details.
    12. 

  12. //
    13. 

  13. //   You should have received a copy of the GNU General Public License
    14. 

  14. //   along with this program; if not, write to the Free Software
    15. 

  15. //   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    16. 

  16. 

  17. SetupWebPage::AddModule(
    18. 

  18. 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
    19. 

  19. 	'itop-profiles-itil/1.0.0',
    20. 

  20. 	array(
    21. 

  21. 		// Identification
    22. 

  22. 		//
    23. 

  23. 		'label' => 'Create standard ITIL profiles',
    24. 

  24. 		'category' => 'create_profiles',
    25. 

  25. 

  26. 		// Setup
    27. 

  27. 		//
    28. 

  28. 		'dependencies' => array(
    29. 

  29. 		),
    30. 

  30. 		'mandatory' => true,
    31. 

  31. 		'visible' => false,
    32. 

  32. 		'installer' => 'CreateITILProfilesInstaller',
    33. 

  33. 

  34. 		// Components
    35. 

  35. 		//
    36. 

  36. 		'datamodel' => array(
    37. 

  37. 			//'model.itop-profiles-itil.php',
    38. 

  38. 		),
    39. 

  39. 		'webservice' => array(
    40. 

  40. 			//'webservices.itop-profiles-itil.php',
    41. 

  41. 		),
    42. 

  42. 		'data.struct' => array(
    43. 

  43. 			//'data.struct.itop-profiles-itil.xml',
    44. 

  44. 		),
    45. 

  45. 		'data.sample' => array(
    46. 

  46. 			//'data.sample.itop-profiles-itil.xml',
    47. 

  47. 		),
    48. 

  48. 		
    49. 

  49. 		// Documentation
    50. 

  50. 		//
    51. 

  51. 		'doc.manual_setup' => '',
    52. 

  52. 		'doc.more_information' => '',
    53. 

  53. 

  54. 		// Default settings
    55. 

  55. 		//
    56. 

  56. 		'settings' => array(
    57. 

  57. 			//'some_setting' => 'some value',
    58. 

  58. 		),
    59. 

  59. 	)
    60. 

  60. );
    61. 

  61. 

  62. 

  63. // Module installation handler
    64. 

  64. //
    65. 

  65. class CreateITILProfilesInstaller extends ModuleInstallerAPI
    66. 

  66. {
    67. 

  67. 	public static function BeforeWritingConfig(Config $oConfiguration)
    68. 

  68. 	{
    69. 

  69. 		//$oConfiguration->SetModuleSetting('user-rigths-profile', 'myoption', 'myvalue');
    70. 

  70. 		return $oConfiguration;
    71. 

  71. 	}
    72. 

  72. 

  73. 	public static function AfterDatabaseCreation(Config $oConfiguration, $sPreviousVersion, $sCurrentVersion)
    74. 

  74. 	{
    75. 

  75. 		self::ComputeITILProfiles();
    76. 

  76. 		//self::ComputeBasicProfiles();
    77. 

  77. 		$bFirstInstall = empty($sPreviousVersion);
    78. 

  78. 		self::DoCreateProfiles($bFirstInstall);
    79. 

  79. 		UserRights::FlushPrivileges(true /* reset admin cache */);
    80. 

  80. 	}
    81. 

  81. 

  82. 	// Note: It is possible to specify the same class in several modules
    83. 

  83. 	//
    84. 

  84. 	protected static $m_aModules = array();
    85. 

  85. 	protected static $m_aProfiles = array();
    86. 

  86. 	
    87. 

  87. 	protected static function DoSetupProfile($sName, $aProfileData)
    88. 

  88. 	{
    89. 

  89. 		$sDescription = $aProfileData['description'];
    90. 

  90. 		if (strlen(trim($aProfileData['write_modules'])) == 0)
    91. 

  91. 		{
    92. 

  92. 			$aWriteModules = array(); 
    93. 

  93. 		}
    94. 

  94. 		else
    95. 

  95. 		{
    96. 

  96. 			$aWriteModules = explode(',', trim($aProfileData['write_modules']));
    97. 

  97. 		}
    98. 

  98. 		if (strlen(trim($aProfileData['delete_modules'])) == 0)
    99. 

  99. 		{
    100. 

  100. 			$aDeleteModules = array(); 
    101. 

  101. 		}
    102. 

  102. 		else
    103. 

  103. 		{
    104. 

  104. 			$aDeleteModules = explode(',', trim($aProfileData['delete_modules']));
    105. 

  105. 		}
    106. 

  106. 		$aStimuli = $aProfileData['stimuli'];
    107. 

  107. 		
    108. 

  108. 		$iProfile = URP_Profiles::DoCreateProfile($sName, $sDescription);
    109. 

  109. 	
    110. 

  110. 		// Warning: BulkInsert is working because we will load one single class
    111. 

  111. 		//          having one single table !
    112. 

  112. 		//          the benefit is: 10 queries (1 per profile) instead of 1500
    113. 

  113. 		//          which divides the overall user rights setup process by 5
    114. 

  114. 		DBObject::BulkInsertStart();
    115. 

  115. 

  116. 		// Grant read rights for everything
    117. 

  117. 		//
    118. 

  118. 		foreach (MetaModel::GetClasses('bizmodel') as $sClass)
    119. 

  119. 		{
    120. 

  120. 			URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_READ, $sClass);
    121. 

  121. 			URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_BULK_READ, $sClass);
    122. 

  122. 		}
    123. 

  123. 	
    124. 

  124. 		// Grant write for given modules
    125. 

  125. 		// Start by compiling the information, because some modules may overlap
    126. 

  126. 		$aWriteableClasses = array();
    127. 

  127. 		foreach ($aWriteModules as $sModule)
    128. 

  128. 		{
    129. 

  129. 			//$oPage->p('Granting write access for the module"'.$sModule.'" - '.count(self::$m_aModules[$sModule]).' classes');
    130. 

  130. 			foreach (self::$m_aModules[$sModule] as $sClass)
    131. 

  131. 			{
    132. 

  132. 				$aWriteableClasses[$sClass] = true;
    133. 

  133. 			}
    134. 

  134. 		}
    135. 

  135. 		foreach ($aWriteableClasses as $sClass => $foo)
    136. 

  136. 		{
    137. 

  137. 			if (!MetaModel::IsValidClass($sClass))
    138. 

  138. 			{
    139. 

  139. 				throw new CoreException("Invalid class name '$sClass'");
    140. 

  140. 			}
    141. 

  141. 			URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_MODIFY, $sClass);
    142. 

  142. 			URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_BULK_MODIFY, $sClass);
    143. 

  143. 		}
    144. 

  144. 		
    145. 

  145. 		// Grant delete for given modules
    146. 

  146. 		// Start by compiling the information, because some modules may overlap
    147. 

  147. 		$aDeletableClasses = array();
    148. 

  148. 		foreach ($aDeleteModules as $sModule)
    149. 

  149. 		{
    150. 

  150. 			//$oPage->p('Granting delete access for the module"'.$sModule.'" - '.count(self::$m_aModules[$sModule]).' classes');
    151. 

  151. 			foreach (self::$m_aModules[$sModule] as $sClass)
    152. 

  152. 			{
    153. 

  153. 				$aDeletableClasses[$sClass] = true;
    154. 

  154. 			}
    155. 

  155. 		}
    156. 

  156. 		foreach ($aDeletableClasses as $sClass => $foo)
    157. 

  157. 		{
    158. 

  158. 			if (!MetaModel::IsValidClass($sClass))
    159. 

  159. 			{
    160. 

  160. 				throw new CoreException("Invalid class name '$sClass'");
    161. 

  161. 			}
    162. 

  162. 			URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_DELETE, $sClass);
    163. 

  163. 			// By default, do not allow bulk deletion operations for standard users
    164. 

  164. 			// URP_Profiles::DoCreateActionGrant($iProfile, UR_ACTION_BULK_DELETE, $sClass);
    165. 

  165. 		}
    166. 

  166. 		
    167. 

  167. 		// Grant stimuli for given classes
    168. 

  168. 		foreach ($aStimuli as $sClass => $sAllowedStimuli)
    169. 

  169. 		{
    170. 

  170. 			if (!MetaModel::IsValidClass($sClass))
    171. 

  171. 			{
    172. 

  172. 				// Could be a class defined in a module that wasn't installed
    173. 

  173. 				continue;
    174. 

  174. 				//throw new CoreException("Invalid class name '$sClass'");
    175. 

  175. 			}
    176. 

  176. 

  177. 			if ($sAllowedStimuli == 'any')
    178. 

  178. 			{
    179. 

  179. 				$aAllowedStimuli = array_keys(MetaModel::EnumStimuli($sClass));
    180. 

  180. 			}
    181. 

  181. 			elseif ($sAllowedStimuli == 'none')
    182. 

  182. 			{
    183. 

  183. 				$aAllowedStimuli = array();
    184. 

  184. 			}
    185. 

  185. 			else
    186. 

  186. 			{
    187. 

  187. 				$aAllowedStimuli = explode(',', $sAllowedStimuli);
    188. 

  188. 			}
    189. 

  189. 			foreach ($aAllowedStimuli as $sStimulusCode)
    190. 

  190. 			{
    191. 

  191. 				URP_Profiles::DoCreateStimulusGrant($iProfile, $sStimulusCode, $sClass);
    192. 

  192. 			}
    193. 

  193. 		}
    194. 

  194. 		// Again: this is working only because action/stimulus grant are classes made of a single table!
    195. 

  195. 		DBObject::BulkInsertFlush();
    196. 

  196. 	}
    197. 

  197. 	
    198. 

  198. 	/*
    199. 

  199. 	* Create the built-in User Portal profile with its reserved name
    200. 

  200. 	*/	
    201. 

  201. 	public static function DoCreateUserPortalProfile()
    202. 

  202. 	{
    203. 

  203. 		// Do not attempt to create this profile if the module 'User Request Management' is not installed
    204. 

  204. 		// Note: ideally, the creation of this profile should be moved to the 'User Request Management' module
    205. 

  205. 		if (!MetaModel::IsValidClass('UserRequest')) return;
    206. 

  206. 

  207. 		$iNewId =  URP_Profiles::DoCreateProfile(PORTAL_PROFILE_NAME, 'Has the rights to access to the user portal. People having this profile will not be allowed to access the standard application, they will be automatically redirected to the user portal.', true /* reserved name */);
    208. 

  208. 		
    209. 

  209. 		// Grant read rights for everything
    210. 

  210. 		//
    211. 

  211. 		foreach (MetaModel::GetClasses('bizmodel') as $sClass)
    212. 

  212. 		{
    213. 

  213. 			URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_READ, $sClass);
    214. 

  214. 			URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_BULK_READ, $sClass);
    215. 

  215. 		}
    216. 

  216. 		// Can create UserRequests and attach Documents to it
    217. 

  217. 		URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_MODIFY, 'UserRequest');
    218. 

  218. 		URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_MODIFY, 'lnkTicketToDoc');
    219. 

  219. 		URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_DELETE, 'lnkTicketToDoc');
    220. 

  220. 		URP_Profiles::DoCreateActionGrant($iNewId, UR_ACTION_MODIFY, 'FileDoc');
    221. 

  221. 		// Can close user requests
    222. 

  222. 		URP_Profiles::DoCreateStimulusGrant($iNewId, 'ev_close', 'UserRequest');
    223. 

  223. 	}
    224. 

  224. 

  225. 	public static function DoCreateProfiles($bFirstInstall = true)
    226. 

  226. 	{
    227. 

  227. 		URP_Profiles::DoCreateAdminProfile(); // Will be created only if it does not exist
    228. 

  228. 		self::DoCreateUserPortalProfile(); // Will be created only if it does not exist and updated otherwise
    229. 

  229. 

  230. 		foreach(self::$m_aProfiles as $sName => $aProfileData)
    231. 

  231. 		{
    232. 

  232. 			self::DoSetupProfile($sName, $aProfileData);
    233. 

  233. 		}
    234. 

  234. 	}
    235. 

  235. 

  236. 	public static function ComputeBasicProfiles()
    237. 

  237. 	{
    238. 

  238. 		// In this profiling scheme, one single module represents all the classes
    239. 

  239. 		//
    240. 

  240. 		self::$m_aModules = array(
    241. 

  241. 			'UserData' => MetaModel::GetClasses('bizmodel'),
    242. 

  242. 		);
    243. 

  243. 

  244. 		self::$m_aProfiles = array(
    245. 

  245. 			'Reader' => array(
    246. 

  246. 				'description' => 'Person having a ready-only access to the data',
    247. 

  247. 				'write_modules' => '',
    248. 

  248. 				'delete_modules' => '',
    249. 

  249. 				'stimuli' => array(
    250. 

  250. 				),
    251. 

  251. 			),
    252. 

  252. 			'Writer' => array(
    253. 

  253. 				'description' => 'Contributor to the contents (read + write access)',
    254. 

  254. 				'write_modules' => 'UserData',
    255. 

  255. 				'delete_modules' => 'UserData',
    256. 

  256. 				'stimuli' => array(
    257. 

  257. 					// any class => 'any'
    258. 

  258. 				),
    259. 

  259. 			),
    260. 

  260. 		);
    261. 

  261. 	}
    262. 

  262. 

  263. 	public static function ComputeITILProfiles()
    264. 

  264. 	{
    265. 

  265. 		// In this profiling scheme, modules are based on ITIL recommendations
    266. 

  266. 		//
    267. 

  267. 		self::$m_aModules = array(
    268. 

  268. 			'General' => MetaModel::GetClasses('structure'),
    269. 

  269. 			'Documentation' => MetaModel::GetClasses('documentation'),
    270. 

  270. 			'Configuration' => MetaModel::GetClasses('configmgmt'),
    271. 

  271. 			'Incident' => MetaModel::GetClasses('incidentmgmt'),
    272. 

  272. 			'Problem' => MetaModel::GetClasses('problemmgmt'),
    273. 

  273. 			'Change' => MetaModel::GetClasses('changemgmt'),
    274. 

  274. 			'Service' => MetaModel::GetClasses('servicemgmt'),
    275. 

  275. 			'Call' => MetaModel::GetClasses('requestmgmt'),
    276. 

  276. 			'KnownError' => MetaModel::GetClasses('knownerrormgmt'),
    277. 

  277. 			'LnkTickets' => MetaModel::GetClasses('lnkticket'),
    278. 

  278. 			'LnkIncidents' => MetaModel::GetClasses('lnkincident'),
    279. 

  279. 			'LnkServices' => MetaModel::GetClasses('lnkservice'),
    280. 

  280. 			'LnkKnownErrors' => MetaModel::GetClasses('lnkknownerror'),
    281. 

  281. 		);
    282. 

  282. 		
    283. 

  283. 		self::$m_aProfiles = array(
    284. 

  284. 			'Configuration Manager' => array(
    285. 

  285. 				'description' => 'Person in charge of the documentation of the managed CIs',
    286. 

  286. 				'write_modules' => 'General,Documentation,Configuration',
    287. 

  287. 				'delete_modules' => 'General,Documentation,Configuration',
    288. 

  288. 				'stimuli' => array(
    289. 

  289. 					//'Server' => 'none',
    290. 

  290. 					//'Contract' => 'none',
    291. 

  291. 					//'IncidentTicket' => 'none',
    292. 

  292. 					//'ChangeTicket' => 'any',
    293. 

  293. 				),
    294. 

  294. 			),
    295. 

  295. 			'Service Desk Agent' => array(
    296. 

  296. 				'description' => 'Person in charge of creating incident reports',
    297. 

  297. 				'write_modules' => 'Incident,Call',
    298. 

  298. 				'delete_modules' => 'LnkTickets,LnkIncidents',
    299. 

  299. 				'stimuli' => array(
    300. 

  300. 					'Incident' => 'ev_assign',
    301. 

  301. 					'UserRequest' => 'ev_assign',
    302. 

  302. 				),
    303. 

  303. 			),
    304. 

  304. 			'Support Agent' => array(
    305. 

  305. 				'description' => 'Person analyzing and solving the current incidents',
    306. 

  306. 				'write_modules' => 'Incident,Call',
    307. 

  307. 				'delete_modules' => 'LnkTickets,LnkIncidents',
    308. 

  308. 				'stimuli' => array(
    309. 

  309. 					'Incident' => 'ev_assign,ev_reassign,ev_resolve,ev_close',
    310. 

  310. 					'UserRequest' => 'ev_assign,ev_reassign,ev_resolve,ev_close,ev_freeze',
    311. 

  311. 				),
    312. 

  312. 			),
    313. 

  313. 			'Problem Manager' => array(
    314. 

  314. 				'description' => 'Person analyzing and solving the current problems',
    315. 

  315. 				'write_modules' => 'Problem,KnownError',
    316. 

  316. 				'delete_modules' => 'LnkTickets,LnkKnownErrors',
    317. 

  317. 				'stimuli' => array(
    318. 

  318. 					'Problem' => 'ev_assign,ev_reassign,ev_resolve,ev_close',
    319. 

  319. 				),
    320. 

  320. 			),
    321. 

  321. 

  322. 			'Change Implementor' => array(
    323. 

  323. 				'description' => 'Person executing the changes',
    324. 

  324. 				'write_modules' => 'Change',
    325. 

  325. 				'delete_modules' => 'LnkTickets',
    326. 

  326. 				'stimuli' => array(
    327. 

  327. 					'NormalChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
    328. 

  328. 					'EmergencyChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
    329. 

  329. 					'RoutineChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor',
    330. 

  330. 				),
    331. 

  331. 			),
    332. 

  332. 			'Change Supervisor' => array(
    333. 

  333. 				'description' => 'Person responsible for the overall change execution',
    334. 

  334. 				'write_modules' => 'Change',
    335. 

  335. 				'delete_modules' => 'LnkTickets',
    336. 

  336. 				'stimuli' => array(
    337. 

  337. 					'NormalChange' => 'ev_validate,ev_reject,ev_assign,ev_reopen,ev_finish',
    338. 

  338. 					'EmergencyChange' => 'ev_assign,ev_reopen,ev_finish',
    339. 

  339. 					'RoutineChange' => 'ev_assign,ev_reopen,ev_finish',
    340. 

  340. 				),
    341. 

  341. 			),
    342. 

  342. 			'Change Approver' => array(
    343. 

  343. 				'description' => 'Person who could be impacted by some changes',
    344. 

  344. 				'write_modules' => 'Change',
    345. 

  345. 				'delete_modules' => 'LnkTickets',
    346. 

  346. 				'stimuli' => array(
    347. 

  347. 					'NormalChange' => 'ev_approve,ev_notapprove',
    348. 

  348. 					'EmergencyChange' => 'ev_approve,ev_notapprove',
    349. 

  349. 					'RoutineChange' => 'none',
    350. 

  350. 				),
    351. 

  351. 			),
    352. 

  352. 			'Service Manager' => array(
    353. 

  353. 				'description' => 'Person responsible for the service delivered to the [internal] customer',
    354. 

  354. 				'write_modules' => 'Service',
    355. 

  355. 				'delete_modules' => 'LnkServices',
    356. 

  356. 				'stimuli' => array(
    357. 

  357. 				),
    358. 

  358. 			),
    359. 

  359. 			'Document author' => array(
    360. 

  360. 				'description' => 'Any person who could contribute to documentation',
    361. 

  361. 				'write_modules' => 'Documentation',
    362. 

  362. 				'delete_modules' => 'Documentation,LnkTickets',
    363. 

  363. 				'stimuli' => array(
    364. 

  364. 				),
    365. 

  365. 			),
    366. 

  366. 		);
    367. 

  367. 	}
    368. 

  368. }
    369. 

  369. 

  370. ?>
    371. 

  371.