'Create standard ITIL profiles', 'category' => 'create_profiles', // Setup // 'dependencies' => array( ), 'mandatory' => true, 'visible' => false, 'installer' => 'CreateITILProfilesInstaller', // Components // 'datamodel' => array( //'model.itop-profiles-itil.php', ), 'webservice' => array( //'webservices.itop-profiles-itil.php', ), 'dictionary' => array( //'en.dict.itop-profiles-itil.php', //'fr.dict.itop-profiles-itil.php', //'de.dict.itop-profiles-itil.php', ), 'data.struct' => array( //'data.struct.itop-profiles-itil.xml', ), 'data.sample' => array( //'data.sample.itop-profiles-itil.xml', ), // Documentation // 'doc.manual_setup' => '', 'doc.more_information' => '', // Default settings // 'settings' => array( //'some_setting' => 'some value', ), ) ); // Module installation handler // class CreateITILProfilesInstaller extends ModuleInstallerAPI { public static function BeforeWritingConfig(Config $oConfiguration) { //$oConfiguration->SetModuleSetting('user-rigths-profile', 'myoption', 'myvalue'); return $oConfiguration; } public static function AfterDatabaseCreation(Config $oConfiguration) { self::ComputeITILProfiles(); //self::ComputeBasicProfiles(); self::DoCreateProfiles(); UserRights::FlushPrivileges(true /* reset admin cache */); } protected static $m_aActions = array( UR_ACTION_READ => 'Read', UR_ACTION_MODIFY => 'Modify', UR_ACTION_DELETE => 'Delete', UR_ACTION_BULK_READ => 'Bulk Read', UR_ACTION_BULK_MODIFY => 'Bulk Modify', UR_ACTION_BULK_DELETE => 'Bulk Delete', ); // Note: It is possible to specify the same class in several modules // protected static $m_aModules = array(); protected static $m_aProfiles = array(); protected static function DoCreateActionGrant($iProfile, $iAction, $sClass, $bPermission = true) { $oNewObj = MetaModel::NewObject("URP_ActionGrant"); $oNewObj->Set('profileid', $iProfile); $oNewObj->Set('permission', $bPermission ? 'yes' : 'no'); $oNewObj->Set('class', $sClass); $oNewObj->Set('action', self::$m_aActions[$iAction]); $iId = $oNewObj->DBInsertNoReload(); return $iId; } protected static function DoCreateStimulusGrant($iProfile, $sStimulusCode, $sClass) { $oNewObj = MetaModel::NewObject("URP_StimulusGrant"); $oNewObj->Set('profileid', $iProfile); $oNewObj->Set('permission', 'yes'); $oNewObj->Set('class', $sClass); $oNewObj->Set('stimulus', $sStimulusCode); $iId = $oNewObj->DBInsertNoReload(); return $iId; } protected static function DoCreateOneProfile($sName, $aProfileData) { $sDescription = $aProfileData['description']; if (strlen(trim($aProfileData['write_modules'])) == 0) { $aWriteModules = array(); } else { $aWriteModules = explode(',', trim($aProfileData['write_modules'])); } if (strlen(trim($aProfileData['delete_modules'])) == 0) { $aDeleteModules = array(); } else { $aDeleteModules = explode(',', trim($aProfileData['delete_modules'])); } $aStimuli = $aProfileData['stimuli']; $oNewObj = MetaModel::NewObject("URP_Profiles"); $oNewObj->Set('name', $sName); $oNewObj->Set('description', $sDescription); $iProfile = $oNewObj->DBInsertNoReload(); // Grant read rights for everything // foreach (MetaModel::GetClasses('bizmodel') as $sClass) { self::DoCreateActionGrant($iProfile, UR_ACTION_READ, $sClass); self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_READ, $sClass); } // Grant write for given modules // Start by compiling the information, because some modules may overlap $aWriteableClasses = array(); foreach ($aWriteModules as $sModule) { //$oPage->p('Granting write access for the module"'.$sModule.'" - '.count(self::$m_aModules[$sModule]).' classes'); foreach (self::$m_aModules[$sModule] as $sClass) { $aWriteableClasses[$sClass] = true; } } foreach ($aWriteableClasses as $sClass => $foo) { if (!MetaModel::IsValidClass($sClass)) { throw new CoreException("Invalid class name '$sClass'"); } self::DoCreateActionGrant($iProfile, UR_ACTION_MODIFY, $sClass); self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_MODIFY, $sClass); } // Grant delete for given modules // Start by compiling the information, because some modules may overlap $aDeletableClasses = array(); foreach ($aDeleteModules as $sModule) { //$oPage->p('Granting delete access for the module"'.$sModule.'" - '.count(self::$m_aModules[$sModule]).' classes'); foreach (self::$m_aModules[$sModule] as $sClass) { $aDeletableClasses[$sClass] = true; } } foreach ($aDeletableClasses as $sClass => $foo) { if (!MetaModel::IsValidClass($sClass)) { throw new CoreException("Invalid class name '$sClass'"); } self::DoCreateActionGrant($iProfile, UR_ACTION_DELETE, $sClass); // By default, do not allow bulk deletion operations for standard users // self::DoCreateActionGrant($iProfile, UR_ACTION_BULK_DELETE, $sClass); } // Grant stimuli for given classes foreach ($aStimuli as $sClass => $sAllowedStimuli) { if (!MetaModel::IsValidClass($sClass)) { // Could be a class defined in a module that wasn't installed continue; //throw new CoreException("Invalid class name '$sClass'"); } if ($sAllowedStimuli == 'any') { $aAllowedStimuli = array_keys(MetaModel::EnumStimuli($sClass)); } elseif ($sAllowedStimuli == 'none') { $aAllowedStimuli = array(); } else { $aAllowedStimuli = explode(',', $sAllowedStimuli); } foreach ($aAllowedStimuli as $sStimulusCode) { self::DoCreateStimulusGrant($iProfile, $sStimulusCode, $sClass); } } } public static function DoCreateProfiles() { URP_Profiles::DoCreateAdminProfile(); URP_Profiles::DoCreateUserPortalProfile(); foreach(self::$m_aProfiles as $sName => $aProfileData) { self::DoCreateOneProfile($sName, $aProfileData); } } public static function ComputeBasicProfiles() { // In this profiling scheme, one single module represents all the classes // self::$m_aModules = array( 'UserData' => MetaModel::GetClasses('bizmodel'), ); self::$m_aProfiles = array( 'Reader' => array( 'description' => 'Person having a ready-only access to the data', 'write_modules' => '', 'delete_modules' => '', 'stimuli' => array( ), ), 'Writer' => array( 'description' => 'Contributor to the contents (read + write access)', 'write_modules' => 'UserData', 'delete_modules' => 'UserData', 'stimuli' => array( // any class => 'any' ), ), ); } public static function ComputeITILProfiles() { // In this profiling scheme, modules are based on ITIL recommendations // self::$m_aModules = array( 'General' => MetaModel::GetClasses('structure'), 'Documentation' => MetaModel::GetClasses('documentation'), 'Configuration' => MetaModel::GetClasses('configmgmt'), 'Incident' => MetaModel::GetClasses('incidentmgmt'), 'Problem' => MetaModel::GetClasses('problemmgmt'), 'Change' => MetaModel::GetClasses('changemgmt'), 'Service' => MetaModel::GetClasses('servicemgmt'), 'Call' => MetaModel::GetClasses('requestmgmt'), 'KnownError' => MetaModel::GetClasses('knownerrormgmt'), ); self::$m_aProfiles = array( 'Configuration Manager' => array( 'description' => 'Person in charge of the documentation of the managed CIs', 'write_modules' => 'General,Documentation,Configuration', 'delete_modules' => 'General,Documentation,Configuration', 'stimuli' => array( //'Server' => 'none', //'Contract' => 'none', //'IncidentTicket' => 'none', //'ChangeTicket' => 'any', ), ), 'Service Desk Agent' => array( 'description' => 'Person in charge of creating incident reports', 'write_modules' => 'Incident,Call', 'delete_modules' => 'Incident,Call', 'stimuli' => array( 'Incident' => 'ev_assign', 'UserRequest' => 'ev_assign', ), ), 'Support Agent' => array( 'description' => 'Person analyzing and solving the current incidents', 'write_modules' => 'Incident', 'delete_modules' => 'Incident', 'stimuli' => array( 'Incident' => 'ev_assign,ev_reassign,ev_resolve,ev_close', 'UserRequest' => 'ev_assign,ev_reassign,ev_resolve,ev_close,ev_freeze', ), ), 'Problem Manager' => array( 'description' => 'Person analyzing and solving the current problems', 'write_modules' => 'Problem,KnownError', 'delete_modules' => 'Problem,KnownError', 'stimuli' => array( 'Problem' => 'ev_assign,ev_reassign,ev_resolve,ev_close', ), ), 'Change Implementor' => array( 'description' => 'Person executing the changes', 'write_modules' => 'Change', 'delete_modules' => 'Change', 'stimuli' => array( 'NormalChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor', 'EmergencyChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor', 'RoutineChange' => 'ev_plan,ev_replan,ev_implement,ev_monitor', ), ), 'Change Supervisor' => array( 'description' => 'Person responsible for the overall change execution', 'write_modules' => 'Change', 'delete_modules' => 'Change', 'stimuli' => array( 'NormalChange' => 'ev_validate,ev_reject,ev_assign,ev_reopen,ev_finish', 'EmergencyChange' => 'ev_assign,ev_reopen,ev_finish', 'RoutineChange' => 'ev_assign,ev_reopen,ev_finish', ), ), 'Change Approver' => array( 'description' => 'Person who could be impacted by some changes', 'write_modules' => 'Change', 'delete_modules' => 'Change', 'stimuli' => array( 'NormalChange' => 'ev_approve,ev_notapprove', 'EmergencyChange' => 'ev_approve,ev_notapprove', 'RoutineChange' => 'none', ), ), 'Service Manager' => array( 'description' => 'Person responsible for the service delivered to the [internal] customer', 'write_modules' => 'Service', 'delete_modules' => 'Service', 'stimuli' => array( ), ), 'Document author' => array( 'description' => 'Any person who could contribute to documentation', 'write_modules' => 'Documentation', 'delete_modules' => 'Documentation', 'stimuli' => array( ), ), ); } } ?>