You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1800 lines
46 KiB
1800 lines
46 KiB
1 year ago
|
<?php
|
||
|
/*
|
||
|
** Zabbix
|
||
|
** Copyright (C) 2001-2023 Zabbix SIA
|
||
|
**
|
||
|
** This program is free software; you can redistribute it and/or modify
|
||
|
** it under the terms of the GNU General Public License as published by
|
||
|
** the Free Software Foundation; either version 2 of the License, or
|
||
|
** (at your option) any later version.
|
||
|
**
|
||
|
** This program is distributed in the hope that it will be useful,
|
||
|
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
** GNU General Public License for more details.
|
||
|
**
|
||
|
** You should have received a copy of the GNU General Public License
|
||
|
** along with this program; if not, write to the Free Software
|
||
|
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||
|
**/
|
||
|
|
||
|
|
||
|
require_once dirname(__FILE__).'/../../include/CWebTest.php';
|
||
|
require_once dirname(__FILE__).'/../traits/TableTrait.php';
|
||
|
require_once dirname(__FILE__).'/../behaviors/CMessageBehavior.php';
|
||
|
require_once dirname(__FILE__).'/../../include/helpers/CDataHelper.php';
|
||
|
|
||
|
use Facebook\WebDriver\WebDriverKeys;
|
||
|
|
||
|
/**
|
||
|
* @backup role, module, users, report, services
|
||
|
* @dataSource ExecuteNowAction
|
||
|
* @onBefore prepareUserData, prepareReportData, prepareServiceData
|
||
|
*/
|
||
|
class testUserRolesPermissions extends CWebTest {
|
||
|
|
||
|
use TableTrait;
|
||
|
|
||
|
/**
|
||
|
* Attach MessageBehavior to the test.
|
||
|
*/
|
||
|
public function getBehaviors() {
|
||
|
return [CMessageBehavior::class];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Id of role that created for future role change for Super admin.
|
||
|
*
|
||
|
* @var integer
|
||
|
*/
|
||
|
protected static $super_roleid;
|
||
|
|
||
|
/**
|
||
|
* Id of user that created for future checks.
|
||
|
*
|
||
|
* @var integer
|
||
|
*/
|
||
|
protected static $super_user;
|
||
|
|
||
|
/**
|
||
|
* Id of created scheduled report.
|
||
|
*
|
||
|
* @var integer
|
||
|
*/
|
||
|
protected static $reportid;
|
||
|
|
||
|
/**
|
||
|
* Function used to create user.
|
||
|
*/
|
||
|
public function prepareUserData() {
|
||
|
$role = CDataHelper::call('role.create', [
|
||
|
[
|
||
|
'name' => 'super_role',
|
||
|
'type' => 3,
|
||
|
'rules' => [
|
||
|
'services.write.mode' => 1
|
||
|
]
|
||
|
]
|
||
|
]);
|
||
|
$this->assertArrayHasKey('roleids', $role);
|
||
|
self::$super_roleid = $role['roleids'][0];
|
||
|
|
||
|
$user = CDataHelper::call('user.create', [
|
||
|
[
|
||
|
'username' => 'user_for_role',
|
||
|
'passwd' => 'zabbixzabbix',
|
||
|
'roleid' => self::$super_roleid,
|
||
|
'usrgrps' => [
|
||
|
[
|
||
|
'usrgrpid' => '7'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
]);
|
||
|
$this->assertArrayHasKey('userids', $user);
|
||
|
self::$super_user = $user['userids'][0];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Scheduled report.
|
||
|
*/
|
||
|
public function prepareReportData() {
|
||
|
$response = CDataHelper::call('report.create', [
|
||
|
[
|
||
|
'userid' => self::$super_user,
|
||
|
'name' => 'test_report_for_role',
|
||
|
'dashboardid' => '1',
|
||
|
'users' => [
|
||
|
[
|
||
|
'userid' => self::$super_user,
|
||
|
'exclude' => '0'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
]);
|
||
|
$this->assertArrayHasKey('reportids', $response);
|
||
|
self::$reportid = $response['reportids'][0];
|
||
|
}
|
||
|
|
||
|
public function prepareServiceData() {
|
||
|
// Remove all unnecessary services before proceeding with execution.
|
||
|
DBExecute('DELETE FROM services');
|
||
|
|
||
|
// Create services for Service permission checks.
|
||
|
CDataHelper::call('service.create', [
|
||
|
[
|
||
|
'name' => 'Parent 1',
|
||
|
'algorithm' => 1,
|
||
|
'sortorder' => 1
|
||
|
],
|
||
|
[
|
||
|
'name' => 'Parent 2',
|
||
|
'algorithm' => 2,
|
||
|
'sortorder' => 2
|
||
|
],
|
||
|
[
|
||
|
'name' => 'Child of parent 1',
|
||
|
'algorithm' => 2,
|
||
|
'sortorder' => 1,
|
||
|
'tags' => [
|
||
|
[
|
||
|
'tag' => 'test',
|
||
|
'value' => 'test123'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
'name' => 'Child of child 1',
|
||
|
'algorithm' => 2,
|
||
|
'sortorder' => 1
|
||
|
],
|
||
|
[
|
||
|
'name' => 'Child of parent 2',
|
||
|
'algorithm' => 2,
|
||
|
'sortorder' => 1
|
||
|
]
|
||
|
]);
|
||
|
|
||
|
$services = CDataHelper::getIds('name');
|
||
|
|
||
|
CDataHelper::call('service.update', [
|
||
|
[
|
||
|
'serviceid' => $services['Child of parent 1'],
|
||
|
'parents' => [
|
||
|
[
|
||
|
'serviceid' => $services['Parent 1']
|
||
|
]
|
||
|
],
|
||
|
'children' => [
|
||
|
[
|
||
|
'serviceid' => $services['Child of child 1']
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
'serviceid' => $services['Child of parent 2'],
|
||
|
'parents' => [
|
||
|
[
|
||
|
'serviceid' => $services['Parent 2']
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
]);
|
||
|
}
|
||
|
|
||
|
public static function getPageActionsData() {
|
||
|
return [
|
||
|
// Map creation/edit.
|
||
|
[
|
||
|
[
|
||
|
'page_buttons' => [
|
||
|
'Create map',
|
||
|
'Import',
|
||
|
'Delete'
|
||
|
],
|
||
|
'form_button' => [
|
||
|
'Edit map'
|
||
|
],
|
||
|
'list_link' => 'sysmaps.php',
|
||
|
'action_link' => 'zabbix.php?action=map.view&sysmapid=1',
|
||
|
'action' => 'Create and edit maps',
|
||
|
'check_links' => ['sysmap.php?sysmapid=1', 'sysmaps.php?form=Create+map']
|
||
|
]
|
||
|
],
|
||
|
// Dashboard creation/edit.
|
||
|
[
|
||
|
[
|
||
|
'page_buttons' => [
|
||
|
'Create dashboard',
|
||
|
'Delete'
|
||
|
],
|
||
|
'form_button' => [
|
||
|
'Edit dashboard'
|
||
|
],
|
||
|
'list_link' => 'zabbix.php?action=dashboard.list',
|
||
|
'action_link' => 'zabbix.php?action=dashboard.view&dashboardid=1220',
|
||
|
'action' => 'Create and edit dashboards',
|
||
|
'check_links' => ['zabbix.php?action=dashboard.view&new=1']
|
||
|
]
|
||
|
],
|
||
|
// Manage scheduled reports.
|
||
|
[
|
||
|
[
|
||
|
'report' => true,
|
||
|
'page_buttons' => [
|
||
|
'Create report',
|
||
|
'Enable',
|
||
|
'Disable',
|
||
|
'Delete'
|
||
|
],
|
||
|
'form_button' => [
|
||
|
'Update',
|
||
|
'Clone',
|
||
|
'Test',
|
||
|
'Delete',
|
||
|
'Cancel'
|
||
|
],
|
||
|
'list_link' => 'zabbix.php?action=scheduledreport.list',
|
||
|
'action' => 'Manage scheduled reports',
|
||
|
'check_links' => ['zabbix.php?action=scheduledreport.edit']
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check creation/edit for dashboard, map, reports.
|
||
|
*
|
||
|
* @dataProvider getPageActionsData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_PageActions($data) {
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$this->page->open($data['list_link'])->waitUntilReady();
|
||
|
|
||
|
$this->query('class:list-table')->asTable()->waitUntilVisible()->one()->getRow(0)->select();
|
||
|
foreach ($data['page_buttons'] as $button) {
|
||
|
$this->assertTrue($this->query('button', $button)->one()->isEnabled($action_status));
|
||
|
}
|
||
|
|
||
|
$this->page->open(array_key_exists('report', $data) ? 'zabbix.php?action=scheduledreport.edit&reportid='.
|
||
|
self::$reportid : $data['action_link'])->waitUntilReady();
|
||
|
|
||
|
foreach ($data['form_button'] as $text) {
|
||
|
$this->assertTrue($this->query('button', $text)->one()->isEnabled(($text === 'Cancel') ? true : $action_status));
|
||
|
}
|
||
|
|
||
|
if ($action_status) {
|
||
|
$this->changeRoleRule([$data['action'] => false]);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$this->checkLinks($data['check_links']);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check creation/edit for maintenance.
|
||
|
*/
|
||
|
public function testUserRolesPermissions_MaintenanceActions() {
|
||
|
$form_button = [ 'Update', 'Clone', 'Delete', 'Cancel'];
|
||
|
$headers = ['', 'Name', 'Type', 'Active since', 'Active till', 'State', 'Description'];
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$this->page->open('zabbix.php?action=maintenance.list')->waitUntilReady();
|
||
|
$this->assertTrue($this->query('button', 'Create maintenance period')->one()->isEnabled($action_status));
|
||
|
|
||
|
$table = $this->query('class:list-table')->asTable()->waitUntilVisible()->one();
|
||
|
if ($action_status) {
|
||
|
$table->getRow(0)->select();
|
||
|
$this->assertTrue($this->query('button', 'Delete')->one()->isEnabled());
|
||
|
}
|
||
|
else {
|
||
|
// Checkboxes and the Delete button are not visible.
|
||
|
$this->assertFalse($this->query('button', 'Delete')->one(false)->isValid());
|
||
|
$this->assertFalse($this->query('id:maintenanceids_1')->one(false)->isValid());
|
||
|
array_shift($headers);
|
||
|
}
|
||
|
$this->assertEquals($headers, $table->getHeadersText());
|
||
|
|
||
|
$table->getRow(0)->getColumn('Name')->query('tag:a')->one()->click();
|
||
|
$dialog = COverlayDialogElement::find()->waitUntilReady()->one();
|
||
|
foreach ($form_button as $text) {
|
||
|
$this->assertTrue($dialog->getFooter()->query('button', $text)->one()->isEnabled(($text === 'Cancel') ? true : $action_status));
|
||
|
}
|
||
|
$dialog->close();
|
||
|
|
||
|
if ($action_status) {
|
||
|
$this->changeRoleRule(['Create and edit maintenance' => false]);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static function getProblemActionsData() {
|
||
|
return [
|
||
|
// Message.
|
||
|
[
|
||
|
[
|
||
|
'activityid' => 'message',
|
||
|
'action' => 'Add problem comments',
|
||
|
'column' => 'Message',
|
||
|
'value' => 'test_text'
|
||
|
]
|
||
|
],
|
||
|
// Severity.
|
||
|
[
|
||
|
[
|
||
|
'activityid' => 'change_severity',
|
||
|
'action' => 'Change severity',
|
||
|
'column' => 'Severity',
|
||
|
'value' => 'Average'
|
||
|
]
|
||
|
],
|
||
|
// Close problem.
|
||
|
[
|
||
|
[
|
||
|
'activityid' => 'close_problem',
|
||
|
'action' => 'Close problems',
|
||
|
'column' => 'Status',
|
||
|
'value' => 'CLOSING'
|
||
|
]
|
||
|
],
|
||
|
// Acknowledge problem.
|
||
|
[
|
||
|
[
|
||
|
'activityid' => 'acknowledge_problem',
|
||
|
'action' => 'Acknowledge problems',
|
||
|
'column' => 'Update',
|
||
|
'value' => 'Update'
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check problem actions.
|
||
|
*
|
||
|
* @backupOnce events
|
||
|
*
|
||
|
* @dataProvider getProblemActionsData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ProblemAction($data) {
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$this->page->open('zabbix.php?action=problem.view')->waitUntilReady();
|
||
|
$row = $this->query('class:list-table')->asTable()->one()->findRow('Problem', 'Test trigger with tag');
|
||
|
$row->getColumn('Update')->query('link:Update')->waitUntilClickable()->one()->click();
|
||
|
$dialog = COverlayDialogElement::find()->waitUntilReady()->one();
|
||
|
$this->assertTrue($dialog->query('id', $data['activityid'])->one()->isEnabled($action_status));
|
||
|
$this->changeRoleRule([$data['action'] => !$action_status]);
|
||
|
|
||
|
// Check that problem actions works after they were turned on.
|
||
|
if ($action_status === false) {
|
||
|
$this->page->open('zabbix.php?action=problem.view')->waitUntilReady();
|
||
|
$row->getColumn('Update')->query('link:Update')->waitUntilCLickable()->one()->click();
|
||
|
COverlayDialogElement::find()->waitUntilReady()->one();
|
||
|
|
||
|
if ($data['activityid'] === 'message') {
|
||
|
$dialog->query('id:message')->one()->fill('test_text');
|
||
|
$dialog->query('button:Update')->one()->click();
|
||
|
$dialog->ensureNotPresent();
|
||
|
$this->page->waitUntilReady();
|
||
|
$row->getColumn('Actions')->query("xpath:.//button[".
|
||
|
CXPathHelper::fromClass('zi-alert-with-content')."]")->one()->click();
|
||
|
$message_hint = $this->query('xpath://div[@data-hintboxid]')->asOverlayDialog()->waitUntilPresent()->all()->last();
|
||
|
$value = $message_hint->query('class:list-table')->asTable()->one()->getRow(0)->getColumn($data['column'])->getText();
|
||
|
$this->assertEquals($data['value'], $value);
|
||
|
}
|
||
|
else {
|
||
|
$dialog->query('id', $data['activityid'])->asCheckbox()->one()->check();
|
||
|
|
||
|
if ($data['activityid'] === 'change_severity') {
|
||
|
$dialog->query('id:severity')->asSegmentedRadio()->one()->fill('Average');
|
||
|
}
|
||
|
|
||
|
$dialog->query('button:Update')->one()->click();
|
||
|
$this->page->waitUntilReady();
|
||
|
$status = $row->getColumn($data['column'])->getText();
|
||
|
$this->assertEquals($data['value'], $status);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check that Acknowledge link is disabled after all problem actions is disabled.
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ProblemsActionsAll() {
|
||
|
$problem = 'Test trigger with tag';
|
||
|
$actions = [
|
||
|
'Add problem comments' => false,
|
||
|
'Change severity' => false,
|
||
|
'Acknowledge problems' => false,
|
||
|
'Suppress problems' => false,
|
||
|
'Close problems' => false,
|
||
|
'Change problem ranking' => false
|
||
|
];
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
// Problem page.
|
||
|
$this->page->open('zabbix.php?action=problem.view')->waitUntilReady();
|
||
|
$problem_row = $this->query('class:list-table')->asTable()->one()->findRow('Problem', $problem);
|
||
|
$this->assertEquals($action_status, $problem_row->getColumn('Update')->query('xpath:.//*[text()="Update"]')
|
||
|
->one()->isAttributePresent('onclick'));
|
||
|
|
||
|
// Problem widget in dashboard.
|
||
|
$this->page->open('zabbix.php?action=dashboard.view&dashboardid=1')->waitUntilReady();
|
||
|
$table = CDashboardElement::find()->one()->getWidget('Current problems')->query('class:list-table')->asTable()->one();
|
||
|
$this->assertEquals($action_status, $table->findRow('Problem • Severity', $problem)->getColumn('Update')
|
||
|
->query('xpath:.//*[text()="Update"]')->one()->isAttributePresent('onclick'));
|
||
|
|
||
|
// Event details page.
|
||
|
$this->page->open('tr_events.php?triggerid=99251&eventid=93')->waitUntilReady();
|
||
|
|
||
|
$table = $this->query('xpath://h4[text()='.CXPathHelper::escapeQuotes('Event list [previous 20]').
|
||
|
']/../..//table')->asTable()->one();
|
||
|
$this->assertEquals($action_status, $table->query('xpath:(.//*[text()="Update"])[2]')
|
||
|
->one()->isAttributePresent('onclick'));
|
||
|
|
||
|
if ($action_status) {
|
||
|
$this->changeRoleRule($actions);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static function getScriptActionData() {
|
||
|
return [
|
||
|
// Monitoring problems page.
|
||
|
[
|
||
|
[
|
||
|
'link' => 'zabbix.php?action=problem.view',
|
||
|
'selector' => 'xpath:(//a[@class="link-action wordbreak" and text()="ЗАББИКС Сервер"])[1]'
|
||
|
]
|
||
|
],
|
||
|
// Dashboard problem widget.
|
||
|
[
|
||
|
[
|
||
|
'link' => 'zabbix.php?action=dashboard.view&dashboardid=1',
|
||
|
'selector' => 'link:ЗАББИКС Сервер'
|
||
|
]
|
||
|
],
|
||
|
// Monitoring hosts page.
|
||
|
[
|
||
|
[
|
||
|
'link' => 'zabbix.php?action=host.view',
|
||
|
'selector' => 'link:3_Host_to_check_Monitoring_Overview'
|
||
|
]
|
||
|
],
|
||
|
// Event detail page.
|
||
|
[
|
||
|
[
|
||
|
'link' => 'tr_events.php?triggerid=99251&eventid=93',
|
||
|
'selector' => 'xpath:(//*[@class="list-table"])[1]//*[text()="ЗАББИКС Сервер"]'
|
||
|
]
|
||
|
],
|
||
|
// Monitoring maps page.
|
||
|
[
|
||
|
[
|
||
|
'link' => 'zabbix.php?action=map.view&sysmapid=1',
|
||
|
'selector' => 'xpath://*[name()="g"][@class="map-elements"]/*[name()="image"]'
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check script actions.
|
||
|
*
|
||
|
* @dataProvider getScriptActionData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ScriptAction($data) {
|
||
|
$context_before = [
|
||
|
'Dashboards',
|
||
|
'Problems',
|
||
|
'Latest data',
|
||
|
'Graphs',
|
||
|
'Web',
|
||
|
'Inventory',
|
||
|
'Host',
|
||
|
'Items',
|
||
|
'Triggers',
|
||
|
'Discovery',
|
||
|
'Web',
|
||
|
'Detect operating system',
|
||
|
'Ping',
|
||
|
'Traceroute'
|
||
|
];
|
||
|
$context_after = [
|
||
|
'Dashboards',
|
||
|
'Problems',
|
||
|
'Latest data',
|
||
|
'Graphs',
|
||
|
'Web',
|
||
|
'Inventory',
|
||
|
'Host',
|
||
|
'Items',
|
||
|
'Triggers',
|
||
|
'Discovery',
|
||
|
'Web'
|
||
|
];
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$this->page->open($data['link'])->waitUntilReady();
|
||
|
$this->query($data['selector'])->waitUntilPresent()->one()->click();
|
||
|
|
||
|
$popup = CPopupMenuElement::find()->waitUntilVisible()->one();
|
||
|
if ($action_status) {
|
||
|
$this->assertTrue($popup->hasItems($context_before));
|
||
|
$this->assertEquals(['VIEW', 'CONFIGURATION', 'SCRIPTS'], $popup->getTitles()->asText());
|
||
|
$this->changeRoleRule(['Execute scripts' => false]);
|
||
|
}
|
||
|
else {
|
||
|
$this->assertTrue($popup->hasItems($context_after));
|
||
|
$this->assertEquals(['VIEW', 'CONFIGURATION'], $popup->getTitles()->asText());
|
||
|
$this->changeRoleRule(['Execute scripts' => true]);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Module enable/disable.
|
||
|
*/
|
||
|
public function testUserRolesPermissions_Module() {
|
||
|
$pages_before = [
|
||
|
'Dashboards',
|
||
|
'Monitoring',
|
||
|
'Services',
|
||
|
'Inventory',
|
||
|
'Reports',
|
||
|
'Data collection',
|
||
|
'Alerts',
|
||
|
'Users',
|
||
|
'Administration',
|
||
|
'Module 5 menu'
|
||
|
];
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=module.list')->waitUntilReady();
|
||
|
$this->query('button:Scan directory')->one()->click();
|
||
|
$this->query('class:list-table')->asTable()->one()->findRows('Name', '5th Module')->select();
|
||
|
$this->query('button:Enable')->one()->click();
|
||
|
$this->page->acceptAlert();
|
||
|
$this->page->waitUntilReady();
|
||
|
$this->assertMessage(TEST_GOOD, 'Module enabled');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$page_number = $this->query('xpath://ul[@class="menu-main"]/li/a')->count();
|
||
|
$all_pages = [];
|
||
|
|
||
|
for ($i = 1; $i <= $page_number; ++$i) {
|
||
|
$all_pages[] = $this->query('xpath:(//ul[@class="menu-main"]/li/a)['.$i.']')->one()->getText();
|
||
|
}
|
||
|
|
||
|
if ($action_status) {
|
||
|
$this->assertEquals($pages_before, $all_pages);
|
||
|
$this->changeRoleRule(['5th Module' => false]);
|
||
|
}
|
||
|
else {
|
||
|
$pages_after = array_values(array_diff($pages_before, ['Module 5 menu']));
|
||
|
$this->assertEquals($pages_after, $all_pages);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static function getUIData() {
|
||
|
return [
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Inventory',
|
||
|
'page' => 'Overview',
|
||
|
'displayed_ui' => [
|
||
|
'Hosts'
|
||
|
],
|
||
|
'link' => ['hostinventoriesoverview.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Inventory',
|
||
|
'page' => 'Hosts',
|
||
|
'displayed_ui' => [
|
||
|
'Overview'
|
||
|
],
|
||
|
'link' => ['hostinventories.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Availability report',
|
||
|
'displayed_ui' => [
|
||
|
'Scheduled reports',
|
||
|
'System information',
|
||
|
'Top 100 triggers',
|
||
|
'Audit log',
|
||
|
'Action log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['report2.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'System information',
|
||
|
'displayed_ui' => [
|
||
|
'Scheduled reports',
|
||
|
'Availability report',
|
||
|
'Top 100 triggers',
|
||
|
'Audit log',
|
||
|
'Action log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=report.status']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Availability report',
|
||
|
'displayed_ui' => [
|
||
|
'System information',
|
||
|
'Scheduled reports',
|
||
|
'Top 100 triggers',
|
||
|
'Audit log',
|
||
|
'Action log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['report2.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Top 100 triggers',
|
||
|
'displayed_ui' => [
|
||
|
'Availability report',
|
||
|
'System information',
|
||
|
'Scheduled reports',
|
||
|
'Audit log',
|
||
|
'Action log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=toptriggers.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Audit log',
|
||
|
'displayed_ui' => [
|
||
|
'Availability report',
|
||
|
'System information',
|
||
|
'Scheduled reports',
|
||
|
'Top 100 triggers',
|
||
|
'Action log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=auditlog.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Action log',
|
||
|
'displayed_ui' => [
|
||
|
'Availability report',
|
||
|
'System information',
|
||
|
'Scheduled reports',
|
||
|
'Top 100 triggers',
|
||
|
'Audit log',
|
||
|
'Notifications'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=actionlog.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Reports',
|
||
|
'page' => 'Notifications',
|
||
|
'displayed_ui' => [
|
||
|
'Availability report',
|
||
|
'System information',
|
||
|
'Scheduled reports',
|
||
|
'Top 100 triggers',
|
||
|
'Audit log',
|
||
|
'Action log'
|
||
|
],
|
||
|
'link' => ['report4.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Template groups',
|
||
|
'displayed_ui' => [
|
||
|
'Host groups',
|
||
|
'Templates',
|
||
|
'Hosts',
|
||
|
'Maintenance',
|
||
|
'Event correlation',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=templategroup.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Host groups',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Templates',
|
||
|
'Hosts',
|
||
|
'Maintenance',
|
||
|
'Event correlation',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=hostgroup.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Templates',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Host groups',
|
||
|
'Hosts',
|
||
|
'Maintenance',
|
||
|
'Event correlation',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=template.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Hosts',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Host groups',
|
||
|
'Templates',
|
||
|
'Maintenance',
|
||
|
'Event correlation',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=host.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Maintenance',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Host groups',
|
||
|
'Templates',
|
||
|
'Hosts',
|
||
|
'Event correlation',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=maintenance.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Event correlation',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Host groups',
|
||
|
'Templates',
|
||
|
'Hosts',
|
||
|
'Maintenance',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=correlation.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Data collection',
|
||
|
'page' => 'Discovery',
|
||
|
'displayed_ui' => [
|
||
|
'Template groups',
|
||
|
'Host groups',
|
||
|
'Templates',
|
||
|
'Hosts',
|
||
|
'Maintenance',
|
||
|
'Event correlation'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=discovery.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Trigger actions',
|
||
|
'actions' => true,
|
||
|
'displayed_ui' => [
|
||
|
'Service actions',
|
||
|
'Discovery actions',
|
||
|
'Autoregistration actions',
|
||
|
'Internal actions',
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=action.list&eventsource=0']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Service actions',
|
||
|
'actions' => true,
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Discovery actions',
|
||
|
'Autoregistration actions',
|
||
|
'Internal actions',
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=action.list&eventsource=4']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Discovery actions',
|
||
|
'actions' => true,
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Service actions',
|
||
|
'Autoregistration actions',
|
||
|
'Internal actions',
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=action.list&eventsource=1']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Autoregistration actions',
|
||
|
'actions' => true,
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Service actions',
|
||
|
'Discovery actions',
|
||
|
'Internal actions',
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=action.list&eventsource=2']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Internal actions',
|
||
|
'actions' => true,
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Service actions',
|
||
|
'Discovery actions',
|
||
|
'Autoregistration actions',
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=action.list&eventsource=3']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Actions',
|
||
|
'displayed_ui' => [
|
||
|
'Media types',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => [
|
||
|
'zabbix.php?action=action.list&eventsource=0',
|
||
|
'zabbix.php?action=action.list&eventsource=1',
|
||
|
'zabbix.php?action=action.list&eventsource=2',
|
||
|
'zabbix.php?action=action.list&eventsource=3',
|
||
|
'zabbix.php?action=action.list&eventsource=4'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Media types',
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Service actions',
|
||
|
'Discovery actions',
|
||
|
'Autoregistration actions',
|
||
|
'Internal actions',
|
||
|
'Scripts'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=mediatype.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Alerts',
|
||
|
'page' => 'Scripts',
|
||
|
'displayed_ui' => [
|
||
|
'Trigger actions',
|
||
|
'Service actions',
|
||
|
'Discovery actions',
|
||
|
'Autoregistration actions',
|
||
|
'Internal actions',
|
||
|
'Media types'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=script.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Users',
|
||
|
'page' => 'User groups',
|
||
|
'displayed_ui' => [
|
||
|
'User roles',
|
||
|
'Users',
|
||
|
'API tokens',
|
||
|
'Authentication'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=usergroup.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Users',
|
||
|
'user_roles' => true,
|
||
|
'page' => 'User roles',
|
||
|
'displayed_ui' => [
|
||
|
'User groups',
|
||
|
'Users',
|
||
|
'API tokens',
|
||
|
'Authentication'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=userrole.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Users',
|
||
|
'page' => 'Users',
|
||
|
'displayed_ui' => [
|
||
|
'User groups',
|
||
|
'User roles',
|
||
|
'API tokens',
|
||
|
'Authentication'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=user.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Users',
|
||
|
'page' => 'API tokens',
|
||
|
'displayed_ui' => [
|
||
|
'User groups',
|
||
|
'User roles',
|
||
|
'Users',
|
||
|
'Authentication'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=token.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Users',
|
||
|
'page' => 'Authentication',
|
||
|
'displayed_ui' => [
|
||
|
'User groups',
|
||
|
'User roles',
|
||
|
'Users',
|
||
|
'API tokens'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=authentication.edit']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'General',
|
||
|
'displayed_ui' => [
|
||
|
'Audit log',
|
||
|
'Housekeeping',
|
||
|
'Proxies',
|
||
|
'Macros',
|
||
|
'Queue'
|
||
|
],
|
||
|
'link' => [
|
||
|
'zabbix.php?action=gui.edit',
|
||
|
'zabbix.php?action=autoreg.edit',
|
||
|
'zabbix.php?action=image.list',
|
||
|
'zabbix.php?action=iconmap.list',
|
||
|
'zabbix.php?action=regex.list',
|
||
|
'zabbix.php?action=trigdisplay.edit',
|
||
|
'zabbix.php?action=geomaps.edit',
|
||
|
'zabbix.php?action=module.list',
|
||
|
'zabbix.php?action=miscconfig.edit'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'Audit log',
|
||
|
'displayed_ui' => [
|
||
|
'General',
|
||
|
'Proxies',
|
||
|
'Housekeeping',
|
||
|
'Macros',
|
||
|
'Queue'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=audit.settings.edit']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'Housekeeping',
|
||
|
'displayed_ui' => [
|
||
|
'General',
|
||
|
'Audit log',
|
||
|
'Proxies',
|
||
|
'Macros',
|
||
|
'Queue'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=housekeeping.edit']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'Proxies',
|
||
|
'displayed_ui' => [
|
||
|
'General',
|
||
|
'Audit log',
|
||
|
'Housekeeping',
|
||
|
'Macros',
|
||
|
'Queue'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=proxy.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'Macros',
|
||
|
'displayed_ui' => [
|
||
|
'General',
|
||
|
'Audit log',
|
||
|
'Housekeeping',
|
||
|
'Proxies',
|
||
|
'Queue'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=macros.edit']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Administration',
|
||
|
'page' => 'Queue',
|
||
|
'displayed_ui' => [
|
||
|
'General',
|
||
|
'Audit log',
|
||
|
'Housekeeping',
|
||
|
'Proxies',
|
||
|
'Macros'
|
||
|
],
|
||
|
'link' => [
|
||
|
'zabbix.php?action=queue.overview',
|
||
|
'zabbix.php?action=queue.overview.proxy',
|
||
|
'zabbix.php?action=queue.details'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Monitoring',
|
||
|
'page' => 'Problems',
|
||
|
'displayed_ui' => [
|
||
|
'Hosts',
|
||
|
'Latest data',
|
||
|
'Maps',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=problem.view']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Monitoring',
|
||
|
'page' => 'Hosts',
|
||
|
'displayed_ui' => [
|
||
|
'Problems',
|
||
|
'Latest data',
|
||
|
'Maps',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=host.view']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Monitoring',
|
||
|
'page' => 'Latest data',
|
||
|
'displayed_ui' => [
|
||
|
'Problems',
|
||
|
'Hosts',
|
||
|
'Maps',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=latest.view']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Monitoring',
|
||
|
'page' => 'Maps',
|
||
|
'displayed_ui' => [
|
||
|
'Problems',
|
||
|
'Hosts',
|
||
|
'Latest data',
|
||
|
'Discovery'
|
||
|
],
|
||
|
'link' => ['sysmaps.php']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Monitoring',
|
||
|
'page' => 'Discovery',
|
||
|
'displayed_ui' => [
|
||
|
'Problems',
|
||
|
'Hosts',
|
||
|
'Latest data',
|
||
|
'Maps'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=discovery.view']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Services',
|
||
|
'page' => 'Services',
|
||
|
'displayed_ui' => [
|
||
|
'SLA',
|
||
|
'SLA report'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=service.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Services',
|
||
|
'page' => 'SLA',
|
||
|
'displayed_ui' => [
|
||
|
'Services',
|
||
|
'SLA report'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=sla.list']
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'section' => 'Services',
|
||
|
'page' => 'SLA report',
|
||
|
'displayed_ui' => [
|
||
|
'Services',
|
||
|
'SLA'
|
||
|
],
|
||
|
'link' => ['zabbix.php?action=slareport.list']
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* UI permission
|
||
|
*
|
||
|
* @dataProvider getUIData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_UI($data) {
|
||
|
$user_roles = [
|
||
|
'Users' => [
|
||
|
'User groups',
|
||
|
'User roles',
|
||
|
'Users',
|
||
|
'API tokens',
|
||
|
'Authentication'
|
||
|
]
|
||
|
];
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
|
||
|
foreach ([true, false] as $action_status) {
|
||
|
$menu = CMainMenuElement::find()->one();
|
||
|
|
||
|
if ($data['section'] !== 'Dashboards') {
|
||
|
$menu->select($data['section']);
|
||
|
}
|
||
|
|
||
|
if ($data['page'] === $data['section']) {
|
||
|
$submenu = $menu->query("xpath:.//a[text()=".CXPathHelper::escapeQuotes($data['section']).
|
||
|
"]/../ul[@class='submenu']")->one();
|
||
|
$this->assertEquals($action_status, $submenu->query('link', $data['page'])->one(false)->isValid());
|
||
|
}
|
||
|
else {
|
||
|
if (array_key_exists('actions', $data)) {
|
||
|
$menu->query('xpath:.//ul/li/a[text()="Actions"]')->waitUntilClickable()->one()->click();
|
||
|
}
|
||
|
|
||
|
$this->assertEquals($action_status, $menu->exists($data['page']));
|
||
|
}
|
||
|
|
||
|
if ($action_status) {
|
||
|
if (array_key_exists('user_roles', $data)) {
|
||
|
$this->signOut();
|
||
|
$this->page->userLogin('Admin', 'zabbix');
|
||
|
$this->changeRoleRule([$data['section'] => $data['displayed_ui']]);
|
||
|
$this->signOut();
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
}
|
||
|
else {
|
||
|
$this->changeRoleRule([$data['section'] => $data['displayed_ui']]);
|
||
|
$this->page->open('zabbix.php?action=dashboard.view')->waitUntilReady();
|
||
|
}
|
||
|
|
||
|
if (array_key_exists('actions', $data)) {
|
||
|
$this->changeRoleRule([$data['section'] => $data['displayed_ui']]);
|
||
|
$this->page->open('zabbix.php?action=action.list'.(($data['page'] === 'Trigger actions') ?
|
||
|
'&eventsource=1' : '&eventsource=0'))->waitUntilReady();
|
||
|
$popup_menu = $this->query('id:page-title-general')->asPopupButton()->one()->getMenu();
|
||
|
$this->assertNotContains($data['page'], $popup_menu->getItems()->asText());
|
||
|
$this->page->open('zabbix.php?action=dashboard.view')->waitUntilReady();
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
if (array_key_exists('user_roles', $data)) {
|
||
|
$this->checkLinks($data['link']);
|
||
|
$this->signOut();
|
||
|
$this->page->userLogin('Admin', 'zabbix');
|
||
|
$this->changeRoleRule($user_roles);
|
||
|
$this->signOut();
|
||
|
}
|
||
|
else {
|
||
|
$this->checkLinks($data['link']);
|
||
|
$this->signOut();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Manage API token action check.
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ManageApiToken() {
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=user.token.list')->waitUntilReady();
|
||
|
$this->assertEquals('TEST_SERVER_NAME: API tokens', $this->page->getTitle());
|
||
|
$this->changeRoleRule(['Manage API tokens' => false]);
|
||
|
$this->checkLinks(['zabbix.php?action=user.token.list']);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Disabling access to Dashboard. Check warning message text and button.
|
||
|
*/
|
||
|
public function testUserRolesPermissions_Dashboard() {
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=dashboard.view')->waitUntilReady();
|
||
|
$this->changeRoleRule(['Dashboards' => false]);
|
||
|
$this->checkLinks(['zabbix.php?action=dashboard.view'], 'Problems');
|
||
|
}
|
||
|
|
||
|
public static function getRoleServiceData() {
|
||
|
return [
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'None',
|
||
|
'Read-only access to services' => 'None'
|
||
|
],
|
||
|
'services' => null
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'All',
|
||
|
'Read-only access to services' => 'None'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'write',
|
||
|
'Child of parent 1' => 'write',
|
||
|
'Child of parent 2' => 'write',
|
||
|
'Parent 1' => 'write',
|
||
|
'Parent 2' => 'write'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'None',
|
||
|
'Read-only access to services' => 'All'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'read',
|
||
|
'Child of parent 1' => 'read',
|
||
|
'Child of parent 2' => 'read',
|
||
|
'Parent 1' => 'read',
|
||
|
'Parent 2' => 'read'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'All',
|
||
|
'Read-only access to services' => 'All'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'write',
|
||
|
'Child of parent 1' => 'write',
|
||
|
'Child of parent 2' => 'write',
|
||
|
'Parent 1' => 'write',
|
||
|
'Parent 2' => 'write'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'Service list',
|
||
|
'Read-only access to services' => 'None'
|
||
|
],
|
||
|
'service_list' => [
|
||
|
'Read-write access to services with tag' => [
|
||
|
'service-write-tag-tag' => 'test',
|
||
|
'service_write_tag_value' => 'test123'
|
||
|
]
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'write',
|
||
|
'Child of parent 1' => 'write'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'None',
|
||
|
'Read-only access to services' => 'Service list'
|
||
|
],
|
||
|
'service_list' => [
|
||
|
'Read-only access to services with tag' => [
|
||
|
'service-read-tag-tag' => 'test',
|
||
|
'service_read_tag_value' => 'test123'
|
||
|
]
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'read',
|
||
|
'Child of parent 1' => 'read'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'Service list',
|
||
|
'Read-only access to services' => 'None'
|
||
|
],
|
||
|
'service_list' => [
|
||
|
'xpath:(//div[@class="multiselect-control"])[1]' => 'Child of parent 1'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'write',
|
||
|
'Child of parent 1' => 'write'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'None',
|
||
|
'Read-only access to services' => 'Service list',
|
||
|
// added element 'API methods' with default value for page scroll
|
||
|
'API methods' => 'Deny list'
|
||
|
],
|
||
|
'service_list' => [
|
||
|
'xpath:(//div[@class="multiselect-control"])[2]' => 'Child of parent 1'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'read',
|
||
|
'Child of parent 1' => 'read'
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'role_config' => [
|
||
|
'Read-write access to services' => 'Service list',
|
||
|
'Read-only access to services' => 'All'
|
||
|
],
|
||
|
'service_list' => [
|
||
|
'xpath:(//div[@class="multiselect-control"])[1]' => 'Child of parent 1'
|
||
|
],
|
||
|
'services' => [
|
||
|
'Child of child 1' => 'write',
|
||
|
'Child of parent 1' => 'write',
|
||
|
'Child of parent 2' => 'read',
|
||
|
'Parent 1' => 'read',
|
||
|
'Parent 2' => 'read'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check permissions to services based on user role configuration.
|
||
|
*
|
||
|
* @dataProvider getRoleServiceData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ServicePermissions($data) {
|
||
|
// Prepare a combination of service name and the number of child services for service for further comparison.
|
||
|
if ($data['services'] !== null) {
|
||
|
$child_services = [
|
||
|
'Child of parent 1' => 1,
|
||
|
'Parent 1' => 1,
|
||
|
'Parent 2' => 1
|
||
|
];
|
||
|
$column_content = [];
|
||
|
|
||
|
foreach (array_keys($data['services']) as $service) {
|
||
|
$column_content[] = array_key_exists($service, $child_services)
|
||
|
? $service.' '.$child_services[$service]
|
||
|
: $service;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Configure the role according to the data provider.
|
||
|
$this->page->login()->open('zabbix.php?action=userrole.edit&roleid='.self::$super_roleid)->waitUntilReady();
|
||
|
$form = $this->query('id:userrole-form')->waitUntilPresent()->asForm()->one();
|
||
|
$form->fill($data['role_config']);
|
||
|
|
||
|
if (array_key_exists('service_list', $data)) {
|
||
|
$form->fill($data['service_list']);
|
||
|
}
|
||
|
$form->submit();
|
||
|
$this->assertMessage(TEST_GOOD, 'User role updated');
|
||
|
$this->page->logout();
|
||
|
|
||
|
// Login as user that belongs to the updated row and check access to services based on applied configuration.
|
||
|
$this->page->userLogin('user_for_role', 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=service.list')->waitUntilReady();
|
||
|
$this->assertEquals('user_for_role', $this->query('xpath://a[text()="User settings"]')->one()->getAttribute('title'));
|
||
|
|
||
|
$services_mode = $this->query('id:list_mode')->asSegmentedRadio()->one(false);
|
||
|
|
||
|
// Check that table service list content and edit mode in not available if the user doest have permissions.
|
||
|
if ($data['services'] === null) {
|
||
|
$this->assertTableData();
|
||
|
$this->assertFalse($services_mode->isValid());
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
elseif ($data['role_config']['Read-write access to services'] !== 'None') {
|
||
|
// Open edit mode if user has write permissions to at least one service.
|
||
|
$services_mode->select('Edit');
|
||
|
$this->page->waituntilReady();
|
||
|
}
|
||
|
|
||
|
// Filter out unnecessary services.
|
||
|
$this->query('id:filter_tags_0_tag')->waitUntilVisible()->one()->fill('action');
|
||
|
$this->query('id:filter_tags_0_operator')->asDropdown()->waitUntilVisible()->one()->fill('Does not exist');
|
||
|
|
||
|
// Apply filter in order to see the list of available services.
|
||
|
$this->query('name:filter_set')->waitUntilClickable()->one()->click();
|
||
|
$this->page->waituntilReady();
|
||
|
|
||
|
$this->assertTableDataColumn($column_content, 'Name');
|
||
|
$table = $this->query('class:list-table')->asTable()->one();
|
||
|
|
||
|
// Check buttons are not visible for user with no permissions, otherwise, check edit permissions per service.
|
||
|
if ($data['role_config']['Read-write access to services'] === 'None') {
|
||
|
foreach ($table->getRows() as $row) {
|
||
|
$this->assertEquals(0, $row->query('xpath:.//button')->all(false)->count());
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
foreach ($data['services'] as $service => $permissions) {
|
||
|
$property = ($permissions === 'write') ? CElementFilter::CLICKABLE : CElementFilter::NOT_CLICKABLE;
|
||
|
$row = $table->findRow('Name', $service, true);
|
||
|
// Check that all three action buttons in the row are clickable.
|
||
|
$this->assertEquals(3, $row->query("xpath:.//button")->all()
|
||
|
->filter(new CElementFilter($property))->count()
|
||
|
);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static function getExecuteNowButtonData() {
|
||
|
return [
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U1-r-on',
|
||
|
'test_cases' => [
|
||
|
// Simple items.
|
||
|
[
|
||
|
'items' => ['I4-trap-log']
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_GOOD,
|
||
|
'items' => ['I5-agent-txt', 'I4-trap-log'],
|
||
|
'message' => 'Request sent successfully. Some items are filtered due to access permissions or type.'
|
||
|
],
|
||
|
// Dependent items.
|
||
|
[
|
||
|
'expected' => TEST_GOOD,
|
||
|
'items' => ['I1-lvl2-dep-log'],
|
||
|
'message' => 'Request sent successfully'
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_BAD,
|
||
|
'items' => ['I2-lvl2-dep-log'],
|
||
|
'message' => 'Cannot send request: wrong master item type.'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U2-r-off',
|
||
|
'test_cases' => [
|
||
|
// Simple items.
|
||
|
[
|
||
|
'items' => ['I4-trap-log']
|
||
|
],
|
||
|
[
|
||
|
'items' => ['I5-agent-txt', 'I4-trap-log']
|
||
|
],
|
||
|
// Dependent items.
|
||
|
[
|
||
|
'items' => ['I1-lvl2-dep-log']
|
||
|
],
|
||
|
[
|
||
|
'items' => ['I2-lvl2-dep-log']
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U3-rw-off',
|
||
|
'test_cases' => [
|
||
|
// Simple items.
|
||
|
[
|
||
|
'items' => ['I4-trap-log']
|
||
|
],
|
||
|
// Dependent items.
|
||
|
[
|
||
|
'expected' => TEST_GOOD,
|
||
|
'items' => ['I1-lvl2-dep-log', 'I4-trap-log'],
|
||
|
'message' => 'Request sent successfully. Some items are filtered due to access permissions or type.'
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_BAD,
|
||
|
'items' => ['I2-lvl2-dep-log'],
|
||
|
'message' => 'Cannot send request: wrong master item type.'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check permissions to "Execute now" button on Latest data page based on user role.
|
||
|
*
|
||
|
* @dataProvider getExecuteNowButtonData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ExecuteNowButton($data) {
|
||
|
// Login and select host group for testing.
|
||
|
$this->page->userLogin($data['user'], 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=latest.view')->waitUntilReady();
|
||
|
$table = $this->query('xpath://table['.CXPathHelper::fromClass('overflow-ellipsis').']')->asTable()->one();
|
||
|
$filter_form = $this->query('name:zbx_filter')->asForm()->one();
|
||
|
$filter_form->fill(['Host groups' => 'HG-for-executenow']);
|
||
|
$filter_form->submit();
|
||
|
$table->waitUntilReloaded();
|
||
|
|
||
|
$selected_count = $this->query('id:selected_count')->one();
|
||
|
$select_all = $this->query('id:all_items')->asCheckbox()->one();
|
||
|
|
||
|
foreach ($data['test_cases'] as $test_case) {
|
||
|
$table->findRows('Name', $test_case['items'])->select();
|
||
|
$this->assertEquals(count($test_case['items']).' selected', $selected_count->getText());
|
||
|
|
||
|
// Disabled "Execute now" button.
|
||
|
if (!array_key_exists('expected', $test_case)) {
|
||
|
$this->assertTrue($this->query('button:Execute now')->one()->isEnabled(false));
|
||
|
// Reset selected items.
|
||
|
$select_all->check();
|
||
|
$select_all->uncheck();
|
||
|
$this->assertEquals('0 selected', $selected_count->getText());
|
||
|
continue;
|
||
|
}
|
||
|
|
||
|
$this->query('button:Execute now')->one()->click();
|
||
|
|
||
|
switch (CTestArrayHelper::get($test_case, 'expected')) {
|
||
|
case TEST_GOOD:
|
||
|
$this->assertMessage(TEST_GOOD, $test_case['message']);
|
||
|
// After a successful "Execute now" action, the item selection is reset.
|
||
|
$this->assertEquals('0 selected', $selected_count->getText());
|
||
|
break;
|
||
|
|
||
|
case TEST_BAD:
|
||
|
$this->assertMessage(TEST_BAD, 'Cannot execute operation', $test_case['message']);
|
||
|
// Reset selected items after a failed "Execute now" action.
|
||
|
$this->assertEquals(count($test_case['items']).' selected', $selected_count->getText());
|
||
|
$select_all->check();
|
||
|
$select_all->uncheck();
|
||
|
$this->assertEquals('0 selected', $selected_count->getText());
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
CMessageElement::find()->waitUntilVisible()->one()->close();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static function getExecuteNowContextMenuData() {
|
||
|
return [
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U1-r-on',
|
||
|
'test_cases' => [
|
||
|
[
|
||
|
'items' => ['I4-trap-log', 'I2-lvl1-trap-num']
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_GOOD,
|
||
|
'items' => 'I1-lvl2-dep-log'
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_BAD,
|
||
|
'items' => 'I2-lvl2-dep-log',
|
||
|
'message' => 'Cannot send request: wrong master item type.'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U2-r-off',
|
||
|
'test_cases' => [
|
||
|
[
|
||
|
'items' => ['I4-trap-log', 'I5-agent-txt', 'I1-lvl2-dep-log', 'I2-lvl2-dep-log']
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
],
|
||
|
[
|
||
|
[
|
||
|
'user' => 'U3-rw-off',
|
||
|
'test_cases' => [
|
||
|
[
|
||
|
'items' => ['I4-trap-log', 'I2-lvl1-trap-num']
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_GOOD,
|
||
|
'items' => 'I1-lvl2-dep-log'
|
||
|
],
|
||
|
[
|
||
|
'expected' => TEST_BAD,
|
||
|
'items' => 'I2-lvl2-dep-log',
|
||
|
'message' => 'Cannot send request: wrong master item type.'
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
]
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check permissions to "Execute now" link in context menu on Latest data page based on user role.
|
||
|
*
|
||
|
* @dataProvider getExecuteNowContextMenuData
|
||
|
*/
|
||
|
public function testUserRolesPermissions_ExecuteNowContextMenu($data) {
|
||
|
// Login and select host group for testing.
|
||
|
$this->page->userLogin($data['user'], 'zabbixzabbix');
|
||
|
$this->page->open('zabbix.php?action=latest.view')->waitUntilReady();
|
||
|
$filter_form = $this->query('name:zbx_filter')->asForm()->one();
|
||
|
$filter_form->fill(['Host groups' => 'HG-for-executenow']);
|
||
|
$filter_form->submit();
|
||
|
$this->page->waitUntilReady();
|
||
|
|
||
|
foreach ($data['test_cases'] as $test_case) {
|
||
|
// Disabled "Execute now" option in context menu.
|
||
|
if (!array_key_exists('expected', $test_case)) {
|
||
|
foreach ($test_case['items'] as $item) {
|
||
|
$this->query('link', $item)->one()->click();
|
||
|
$popup = CPopupMenuElement::find()->waitUntilVisible()->one();
|
||
|
$this->assertFalse($popup->getItem('Execute now')->isEnabled());
|
||
|
$this->page->pressKey(WebDriverKeys::ESCAPE);
|
||
|
}
|
||
|
|
||
|
continue;
|
||
|
}
|
||
|
|
||
|
$this->query('link', $test_case['items'])->one()->click();
|
||
|
$popup = CPopupMenuElement::find()->waitUntilVisible()->one();
|
||
|
$popup->fill('Execute now');
|
||
|
|
||
|
if ($test_case['expected'] === TEST_GOOD) {
|
||
|
$this->assertMessage(TEST_GOOD, 'Request sent successfully');
|
||
|
}
|
||
|
else {
|
||
|
$this->assertMessage(TEST_BAD, 'Cannot execute operation', $test_case['message']);
|
||
|
}
|
||
|
|
||
|
CMessageElement::find()->waitUntilVisible()->one()->close();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Check disabled actions with links.
|
||
|
*
|
||
|
* @param array $links checked links after disabling action
|
||
|
* @param string $page page name displayed on error message button
|
||
|
*/
|
||
|
private function checkLinks($links, $page = 'Dashboards') {
|
||
|
foreach ($links as $link) {
|
||
|
$this->page->open($link)->waitUntilReady();
|
||
|
$this->assertMessage(TEST_BAD, 'Access denied', 'You are logged in as "user_for_role". '.
|
||
|
'You have no permissions to access this page.');
|
||
|
$this->query('button:Go to "'.$page.'"')->one()->waitUntilClickable()->click();
|
||
|
|
||
|
if ($page === 'Dashboards') {
|
||
|
$this->assertStringContainsString('zabbix.php?action=dashboard', $this->page->getCurrentUrl());
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Enable/disable actions and UI.
|
||
|
*
|
||
|
* @param array $action action with true/false status or UI section with page
|
||
|
*/
|
||
|
private function changeRoleRule($action) {
|
||
|
$this->page->open('zabbix.php?action=userrole.edit&roleid='.self::$super_roleid)->waitUntilReady();
|
||
|
$this->query('id:userrole-form')->waitUntilPresent()->asForm()->one()->fill($action)->submit();
|
||
|
$this->page->waitUntilReady();
|
||
|
$this->assertMessage(TEST_GOOD, 'User role updated');
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Click Sign out button.
|
||
|
*/
|
||
|
private function signOut() {
|
||
|
$this->query('xpath://a[@class="zi-signout"]')->waitUntilPresent()->one()->click();
|
||
|
$this->page->waitUntilReady();
|
||
|
$this->query('button:Sign in')->waitUntilVisible();
|
||
|
}
|
||
|
}
|