From fa91388fee260dd735edaa93abfeec78e27ad974 Mon Sep 17 00:00:00 2001
From: Frank Bergkemper <frank.bergkemper@dass-it.de>
Date: Mon, 1 Jun 2015 13:45:29 +0200
Subject: [PATCH] Restricted consoles and profiles modification

Splits the restricted console and profile configuration into separate files
and updates the install documentation as well as the makefiles.
---
 Makefile.am                                   |  3 +-
 Makefile.in                                   |  3 +-
 doc/INSTALL.md                                | 63 ++++++++++++++++---
 install/bareos/webui-consoles.conf            | 16 +++++
 ...{bareos-webui.conf => webui-profiles.conf} | 13 +---
 packaging/obs/bareos-webui.spec               |  3 +-
 6 files changed, 77 insertions(+), 24 deletions(-)
 create mode 100644 install/bareos/webui-consoles.conf
 rename install/bareos/{bareos-webui.conf => webui-profiles.conf} (58%)

diff --git a/Makefile.am b/Makefile.am
index e5a99bd6..3fc82745 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,7 +6,8 @@ install: install-am
 
 	cp -pr init_autoloader.php config/ data/ module/ public/ vendor/ $(DESTDIR)$(pkgdatadir)
 	cp -p install/directors.ini $(DESTDIR)/etc/bareos-webui/directors.ini
-	$(INSTALL) -m 0640 install/bareos/bareos-webui.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-consoles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-profiles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
 	$(INSTALL) -m 0640 install/apache/bareos-webui.conf $(DESTDIR)@HTTPD_CONF@/
 
 #	#$(INSTALL_SCRIPT) install/bareos-webui-config $(DESTDIR)@sbindir@
diff --git a/Makefile.in b/Makefile.in
index 21c62fc9..efd7dbf2 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -527,7 +527,8 @@ install: install-am
 
 	cp -pr init_autoloader.php config/ data/ module/ public/ vendor/ $(DESTDIR)$(pkgdatadir)
 	cp -p install/directors.ini $(DESTDIR)/etc/bareos-webui/directors.ini
-	$(INSTALL) -m 0640 install/bareos/bareos-webui.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-consoles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
+	$(INSTALL) -m 0640 install/bareos/webui-profiles.conf $(DESTDIR)/etc/bareos/bareos-dir.d/
 	$(INSTALL) -m 0640 install/apache/bareos-webui.conf $(DESTDIR)@HTTPD_CONF@/
 
 #	#$(INSTALL_SCRIPT) install/bareos-webui-config $(DESTDIR)@sbindir@
diff --git a/doc/INSTALL.md b/doc/INSTALL.md
index 1c8be18f..3cc882b1 100644
--- a/doc/INSTALL.md
+++ b/doc/INSTALL.md
@@ -27,7 +27,13 @@ INSTALLATION
 
 ### PACKAGE BASED INSTALLATION
 
-Bareos-WebUI packages are available for a number of Linux distributions, see [Bareos contrib](http://download.bareos.org/bareos/contrib/) repository.
+Packages are available for a number of Linux distributions, please see:
+
+* [Version 14.2 (stable)](http://download.bareos.org/bareos/contrib/)
+* [Version 15.2 (experimental/nightly)](http://download.bareos.org/bareos/experimental/nightly/)
+
+**Note:** The experimental nightly webui build only works with and from Bareos 15.2 (experimental/nightly) onwards,
+as it makes use of the new JSON API.
 
 #### Step 1 - Adding the Repository
 
@@ -103,7 +109,7 @@ apt-get install bareos-webui
 
 ```
 
-#### Step 2 - Configuration of a restricted console
+#### Step 2 - Configuration of restricted consoles and profile resources
 
 You can have multiple Consoles with different names and passwords, sort of like multiple users, each with different privileges.
 As a default, these consoles can do absolutely nothing – no commands whatsoever. You give them privileges or rather access to
@@ -114,7 +120,7 @@ It is required to add at least one restricted named console in your director con
 The restricted named consoles, configured in your bareos-dir.conf, are used for authentication and access control. The name
 and password directives of the restricted consoles are the credentials you have to provide during authentication to the webui
 as username and password. For full access and functionality relating the director connection the following commands are
-currently needed by the webui and have to be made available via the CommandACL in your restricted consoles.
+currently needed by the webui and have to be made available via the CommandACL in your profile the restricted consoles uses.
 
 * status
 * messages
@@ -123,12 +129,22 @@ currently needed by the webui and have to be made available via the CommandACL i
 * run
 * rerun
 * cancel
-
-The package install provides a default configuration under /etc/bareos/bareos-dir.d/bareos-webui.conf, which has to be included
+* use
+* restore
+* list, llist
+* .api
+* .bvfs_update
+* .bvfs_lsdirs
+* .bvfs_lsfiles
+* .bvfs_versions
+* .bvfs_restore
+
+The package install provides a default console and profile configuration under /etc/bareos/bareos-dir.d/, which have to be included
 at the bottum of your /etc/bareos/bareos-dir.conf and edited to your needs.
 
 ```
-echo "@/etc/bareos/bareos-dir.d/bareos-webui.conf" >> /etc/bareos/bareos-dir.conf
+echo "@/etc/bareos/bareos-dir.d/webui-consoles.conf" >> /etc/bareos/bareos-dir.conf
+echo "@/etc/bareos/bareos-dir.d/webui-profiles.conf" >> /etc/bareos/bareos-dir.conf
 ```
 
 **Note:** Most parts of the webui still use a direct connection to the catalog database to retrieve data, so the configured ACL
@@ -137,13 +153,39 @@ or may be fine with the defaults provided in the example below. However, in futu
 will be droped and fully replaced by the native connection to the director itself.
 
 ```
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-consoles.conf
+#
+
 #
 # Restricted console used by bareos-webui
 #
 Console {
   Name = user1
-  Password = "password"
-  CommandACL = status, messages, show, version, run, rerun, cancel
+  Password = "CHANGEME"
+  Profile = webui
+}
+
+```
+For more details about console resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/master/html/bareos-manual-main-reference.html#ConsoleResource).
+
+```
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-profiles.conf
+#
+
+#
+# bareos-webui default profile resource
+#
+Profile {
+  Name = webui
+  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_*, list, llist, use, restore
   Job ACL = *all*
   Schedule ACL = *all*
   Catalog ACL = *all*
@@ -151,10 +193,11 @@ Console {
   Storage ACL = *all*
   Client ACL = *all*
   FileSet ACL = *all*
-  #Where ACL =
+  Where ACL = *all*
 }
+
 ```
-For more details about console resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/).
+For more details about profile resource configuration in bareos, please have a look at the online [Bareos documentation](http://doc.bareos.org/master/html/bareos-manual-main-reference.html#ProfileResource).
 
 **Note:** Do not forget to reload your new director configuration.
 
diff --git a/install/bareos/webui-consoles.conf b/install/bareos/webui-consoles.conf
new file mode 100644
index 00000000..f1c3cf2a
--- /dev/null
+++ b/install/bareos/webui-consoles.conf
@@ -0,0 +1,16 @@
+#
+# Preparations:
+#
+# include this configuration file in bareos-dir.conf by
+# @/etc/bareos/bareos-dir.d/webui-consoles.conf
+#
+
+#
+# Restricted console used by bareos-webui
+#
+Console {
+  Name = user1
+  Password = "CHANGEME"
+  Profile = webui
+}
+
diff --git a/install/bareos/bareos-webui.conf b/install/bareos/webui-profiles.conf
similarity index 58%
rename from install/bareos/bareos-webui.conf
rename to install/bareos/webui-profiles.conf
index 47310085..1677dcc2 100644
--- a/install/bareos/bareos-webui.conf
+++ b/install/bareos/webui-profiles.conf
@@ -2,24 +2,15 @@
 # Preparations:
 #
 # include this configuration file in bareos-dir.conf by
-# @/etc/bareos/bareos-dir.d/bareos-webui.conf
+# @/etc/bareos/bareos-dir.d/webui-profiles.conf
 #
 
-#
-# Restricted console used by bareos-webui
-#
-Console {
-  Name = user1
-  Password = "CHANGEME"
-  Profile = webui
-}
-
 #
 # bareos-webui default profile resource
 #
 Profile {
   Name = webui
-  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_update, .bvfs_lsdirs, .bvfs_lsfiles, .bvfs_versions, .bvfs_restore, list, llist, use, restore
+  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_*, list, llist, use, restore
   Job ACL = *all*
   Schedule ACL = *all*
   Catalog ACL = *all*
diff --git a/packaging/obs/bareos-webui.spec b/packaging/obs/bareos-webui.spec
index f5a41df0..d938f529 100644
--- a/packaging/obs/bareos-webui.spec
+++ b/packaging/obs/bareos-webui.spec
@@ -92,6 +92,7 @@ rm -rf $RPM_BUILD_ROOT
 #attr(-, #daemon_user, #daemon_group) #{_datadir}/#{name}/data
 %dir /etc/bareos-webui
 %config(noreplace) /etc/bareos-webui/directors.ini
-%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/bareos-webui.conf
+%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/webui-consoles.conf
+%config(noreplace) %attr(644,root,root) /etc/bareos/bareos-dir.d/webui-profiles.conf
 %config(noreplace) %{_apache_conf_dir}/bareos-webui.conf