#975 RBAC for port control with new portctl_by_role setting

share/config.yml

@@ -251,6 +251,7 @@ portctl_nowaps: false
 portctl_nophones: false
 portctl_vlans: false
 portctl_uplinks: false
+portctl_by_role: {}
 system_port_control_reasons:
   address:     'Address Allocation Abuse'
   copyright:   'Copyright Violation'

share/views/ajax/admintask/users.tt

@@ -17,7 +17,7 @@
     <tr>
       <td class="nd_center-cell"><input data-form="add" name="fullname" type="text"></td>
       <td class="nd_center-cell"><input class="span2" data-form="add" name="username" type="text"></td>
-      <td class="nd_center-cell"><input class="span2" data-form="add" name="password" type="password"></td>
+      <td class="nd_center-cell"><input class="span1" data-form="add" name="password" type="password"></td>
       <td class="nd_center-cell">
         <div class="form-group">
           <select class="span2 form-control" data-form="add" name="auth_method">
@@ -49,7 +49,7 @@
         <input class="span2" data-form="update" name="username" type="text" value="[% row.username | html_entity %]">
       </td>
       <td class="nd_center-cell">
-        <input class="span2" data-form="update" name="password" type="password" value="********">
+        <input class="span1" data-form="update" name="password" type="password" value="********">
       </td>
       <td class="nd_center-cell">
         <div class="form-group">
@@ -62,7 +62,15 @@
         </div>
       </td>
       <td class="nd_center-cell">
-        <input data-form="update" name="port_control" type="checkbox" [% ' checked="checked"' IF row.port_control %]>
+        <div class="form-group">
+          <select class="span2 form-control" data-form="update" name="port_control">
+            <option[% ' selected' IF NOT row.port_control %] value="">Off</option>
+            <option[% ' selected' IF row.port_control AND row.portctl_role == "" %] value="_global_">Enabled (any port)</option>
+            [% FOREACH role IN port_control_roles %]
+            <option[% ' selected' IF row.port_control AND row.portctl_role == role %] value="[% role | html_entity %]">Role: [% role | html_entity %]</option>
+            [% END %]
+          </select>
+        </div>
       </td>
       <td class="nd_center-cell">
         <input data-form="update" name="admin" type="checkbox" [% ' checked="checked"' IF row.admin %]>

share/views/ajax/admintask/users_csv.tt

@@ -1,6 +1,6 @@
 [% USE CSV -%]
 [% CSV.dump([ 'Full Name' 'Username'
-              'LDAP Auth' 'RADIUS Auth' 'TACACS+ Auth' 'Port Control' 'Administrator' 'Created'
+              'LDAP Auth' 'RADIUS Auth' 'TACACS+ Auth' 'Port Control' 'Port Control Role' 'Administrator' 'Created'
               'Last Login' 'Note']) %]
 
 [% FOREACH row IN results %]
@@ -11,6 +11,7 @@
   [% mylist.push(row.radius) %]
   [% mylist.push(row.tacacs) %]
   [% mylist.push(row.port_control) %]
+  [% mylist.push(row.portctl_role) %]
   [% mylist.push(row.admin) %]
   [% mylist.push(row.created) %]
   [% mylist.push(row.last_seen) %]

share/views/ajax/device/details.tt

@@ -1,4 +1,4 @@
-[% SET user_can_port_control = user_has_role('port_control') %]
+[% SET user_can_port_control = user_has_role('port_control', d) %]
 <table class="table table-condensed table-striped">
   <tbody>
     <tr>

share/views/ajax/device/ports.tt

@@ -1,4 +1,4 @@
-[% SET user_can_port_control = user_has_role('port_control') %]
+[% SET user_can_port_control = user_has_role('port_control', device) %]
 <table id="dp-data-table" class="table table-bordered table-striped" width="100%" cellspacing="0">
   <thead>
     <tr>

share/views/device.tt

@@ -40,7 +40,7 @@
       <li[% ' class="active"' IF params.tab == tab.tag %]><a id="[% tab.tag | html_entity %]_link" href="#[% tab.tag | html_entity %]_pane">[% tab.label | html_entity %]</a></li>
       [% END %]
       <span id="nd_device-name">
-        [% IF is_pseudo %]<span class="badge badge-warning">[% END %][% display_name | html_entity %][% IF is_pseudo %]</span>[% END %]
+        [% IF netdisco_device.is_pseudo %]<span class="badge badge-warning">[% END %][% display_name | html_entity %][% IF netdisco_device.is_pseudo %]</span>[% END %]
         <a id="nd_csv-download" href="#" download="netdisco.csv">&nbsp;
           <i id="nd_csv-download-icon" class="text-info icon-file-text-alt icon-large"
             rel="tooltip" data-placement="left" data-offset="5" data-title="Download as CSV"></i></a>

share/views/sidebar/device/ports.tt

@@ -49,7 +49,7 @@
                   <li><i class="icon-li icon-rss"></i>&nbsp; Wireless Access Point</li>
                   <li><i class="icon-li icon-book"></i>&nbsp; Archived Data</li>
                   <li><i class="icon-li icon-group"></i>&nbsp; Interface Group</li>
-                  [% IF user_has_role('port_control') %]
+                  [% IF user_has_role('port_control', netdisco_device) %]
                   <li><i class="icon-li icon-refresh icon-spin"></i>&nbsp; Click "Update View"</li>
                   [% END %]
                 </ul>
@@ -63,7 +63,7 @@
               <div id="nd_columns" class="collapse in">
                 <ul class="nd_inputs-list unstyled">
                   [% FOREACH item IN settings.port_columns %]
-                  [% NEXT IF item.name == 'c_admin' AND NOT user_has_role('port_control') %]
+                  [% NEXT IF item.name == 'c_admin' AND NOT user_has_role('port_control', netdisco_device) %]
                   <li>
                     <label class="checkbox">
                       <input type="checkbox" id="[% item.name | html_entity %]"