FirewallObjects/Hosts: validate host-group Members prop consitency. R…

…efs #2705

createlinks

@@ -135,6 +135,10 @@ validator_actions($_, qw(
    fwobject-fwservice-delete
 ));
 
+validator_actions('fwobject-host-delete', qw(
+   fwobject-hostgroup-remove-member 20
+));
+
 #
 # Adjust firewall when "remote" and "local" records in hosts DB
 # change:

root/etc/e-smith/validators/actions/fwobject-hostgroup-remove-member

@@ -0,0 +1,45 @@
+#!/usr/bin/perl
+
+#
+# Copyright (C) 2014 Nethesis S.r.l.
+# http://www.nethesis.it - support@nethesis.it
+#
+# This script is part of NethServer.
+#
+# NethServer is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# NethServer is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with NethServer.  If not, see .
+#
+
+use strict;
+
+use esmith::HostsDB;
+
+my $dbName = shift || die("Missing DB argument");
+my $hostKey = shift || die("Missing host key argument");
+
+my $hdb = esmith::HostsDB->open();
+
+my @groups = ();
+
+foreach my $record ($hdb->get_all_by_prop('type' => 'host-group')) {
+    if(($record->prop('Members') || '') eq $hostKey) {
+	push @groups, $record->key;
+    }
+}
+
+if(@groups) {
+    print join(', ', @groups) . "\n";
+    exit(3);
+}
+
+exit(0);

root/usr/share/nethesis/NethServer/Language/en/NethServer_Module_FirewallObjects.php

@@ -49,3 +49,4 @@
 $L['valid_platform,fwobject-fwservice-delete,fwobject-referenced,3'] = 'Could not delete ${2}. The service is used by firewall rules.';
 $L['valid_platform,fwobject-host-delete,fwobject-referenced,3'] = 'Could not delete ${2}. The host is used by firewall rules.';
 $L['valid_platform,fwobject-host-group-delete,fwobject-referenced,3'] = 'Could not delete ${2}. The host group is used by firewall rules.';
+$L['valid_platform,fwobject-host-delete,fwobject-hostgroup-remove-member,3'] = 'Could not delete ${2}: it is the last member of host group ${${reason}}.';

root/usr/share/nethesis/NethServer/Language/it/NethServer_Module_FirewallObjects.php

@@ -48,4 +48,5 @@
 $L['valid_platform,fwobject-zone-delete,fwobject-referenced,3'] = 'Impossibile eliminare ${2}. La zona è utilizzata dalle regole del firewall.';
 $L['valid_platform,fwobject-fwservice-delete,fwobject-referenced,3'] = 'Impossibile eliminare ${2}. Il servizio è utilizzato dalle regole del firewall.';
 $L['valid_platform,fwobject-host-delete,fwobject-referenced,3'] = 'Impossibile eliminare ${2}. L\'host è utilizzato dalle regole del firewall.';
-$L['valid_platform,fwobject-host-group-delete,fwobject-referenced,3'] = 'Impossibile eliminare ${2}. Il gruppo di host è utilizzato dalle regole del firewall.';
+$L['valid_platform,fwobject-host-group-delete,fwobject-referenced,3'] = 'Impossibile eliminare ${2}. Il gruppo di host è utilizzato dalle regole del firewall.';
+$L['valid_platform,fwobject-host-delete,fwobject-hostgroup-remove-member,3'] = 'Impossibile eliminare ${2}: è l\'ultimo membro del gruppo di host ${${reason}}.';

root/usr/share/nethesis/NethServer/Module/FirewallObjects/Hosts.php

@@ -51,8 +51,4 @@ public function initialize()
         parent::initialize();
     }
 
-    function onParametersSaved(\Nethgui\Module\ModuleInterface $currentAction, $changes, $parameters)
-    {
-        $this->getPlatform()->signalEvent('firewall-objects-modify &');
-    }
 }

root/usr/share/nethesis/NethServer/Module/FirewallObjects/Hosts/Modify.php

@@ -61,6 +61,28 @@ public function validate(\Nethgui\Controller\ValidationReportInterface $report)
         parent::validate($report);
     }
 
+    protected function processDelete($key)
+    {
+        parent::processDelete($key);
+        $this->clearHostgroupMembers($key);
+    }
+
+    private function clearHostgroupMembers($hostKey)
+    {
+        $hostsDb = $this->getPlatform()->getDatabase('hosts');
+
+        $notHostKey = function ($e) use ($hostKey) {
+            return $e !== $hostKey;
+        };
+
+        foreach ($hostsDb->getAll('host-group') as $groupKey => $groupProps) {
+            $members = isset($groupProps['Members']) ? explode(',', $groupProps['Members']) : array();
+            if (in_array($hostKey, $members)) {
+                $hostsDb->setProp($groupKey, array('Members' => implode(',', array_filter($members, $notHostKey))));
+            }
+        }
+    }
+
     public function prepareView(\Nethgui\View\ViewInterface $view)
     {
         parent::prepareView($view);
@@ -72,4 +94,9 @@ public function prepareView(\Nethgui\View\ViewInterface $view)
         $view->setTemplate($templates[$this->getIdentifier()]);
     }
 
+    function onParametersSaved($parameters)
+    {
+        $this->getPlatform()->signalEvent('firewall-objects-modify &');
+    }
+
 }