创建新的简档(角色)

本文档逐步说明了如何创建自己的iTop模块,以便创建新的简档(角色)来授予对iTop应用的访问权限。

教程的目标

在本分步教程中,您将学习:

  • 为iTop 2.0创建自己的扩展模块
  • 为iTop定义新的简档(角色)
  • 通过再次运行安装程序将新的简档(角色)安装在板上

出于此教程的目的,我们将创建两个新的简档(角色):

  • 完整的只读简档,授予用户权利浏览应用的权限,但不能浏览iTop中的变更
  • 类似于“门户用户”简档的只读简档,授予用户足够的简档,以在大多数模式下以只读模式浏览普通iTop应用,同时还使用权利提交用户请求。

您将需要什么

  • 将iTop安装在开发机器上,您可以在其上轻松地访问编辑文件。
  • 一个文本编辑器,能够编辑PHP和XML文件并支持U-8。在Windows上,您可以使用写字板(记事本不喜欢Unix行结尾)或出色的免费开发IDE之一,例如PSPad 要么记事本++.

定制流程

定制流程如下:

  1. 安装iTop的开发实例。最好不要在生产中进行试验!
  2. 安装工具包 协助您进行定制
  3. 使用以下命令创建一个新的(空)模块模块创建向导 
  4. 将此新模块复制到iTop上的扩展文件夹,然后再次运行安装程序以安装空模块
  5. 修改扩展中的模块并使用工具包检查您的自定义
  6. 再次运行安装程序以创建新的简档

重复最后两点,直到您对自定义满意为止。完成后,就可以部署新模块了。将模块文件夹复制到生产iTop实例的扩展目录中,然后运行安装程序进行安装。

循序渐进教程

创建您的自定义模块

使用模块创建向导。用以下值填充表单:

标签价值备注
模块名称sample-add-profile以itop-和combodo-开头的名称保留供Combodo使用。建议不要在模块名称中添加空格或强调字符。具有相同名称的两个模块不能在同一iTop实例中共存。
模块标签Add Profile Sample该标签将显示在设置向导中。允许使用本地化的字符和空格
模块版本1.0.0惯例是使用3位数编号方案:X.Y.Z
类别

business

对数据模型进行修改的模块应位于类别'业务'中
依存关系itop-profiles-itil/1.0.0我们的定制模块依赖于以下模块:iTop简档(角色)ITIL,因为我们将使用此模块中定义的组。请注意,即使在iTop 2.0中,该模块也保留了版本1.0.0!

单击生成!将空模块下载为zip文件。

安装空模块

将zip的内容扩展到开发iTop实例的扩展文件夹中。现在,您应该在扩展文件夹中有一个名为sample-简档-class的文件夹。此文件夹包含以下文件:

  • datamodel.sample-add-profile.xml

  • module.sample-add-profile.php

  • en.dict.sample-add-profile.php

  • model.sample-add-profile.php

确保Web服务器的文件conf/production/config-itop.php是可写的(在Windows上:右键单击以显示文件属性,并取消选中只读标志;在Linux变更上为文件的权利),然后通过以下方式启动iTop安装:将您的浏览器指向http ::: your_itop/setup/

Launching the re-install

单击“继续»”开始重新安装。

https://www.itophub.io/wiki/media?w=300&tok=da0485&media=2_5_0%3Acustomization%3Ainstall-extension-2.png

在单击“下一步»”之前,请确保已选择“更新现有实例”。

https://www.itophub.io/wiki/media?w=300&tok=d0b59e&media=2_5_0%3Acustomization%3Aupgrade-screenshot2.png

继续执行向导的下一步……

Select the new extension

您的自定义模块应出现在“扩展”列表中。如果不是这种情况,请检查是否已将模块文件复制到正确的位置,以及Web服务器是否具有足够的权利来读取它们。

在单击“下一步»”之前,请选择您的自定义模块并完成安装。

声明新的简档(角色)

使用常用文本编辑器,打开文件datamodel.sample-add-profile.xml。

在 user_rights标签内,添加以下XML:

  <profiles>
      <profile id="50" _delta="define">
        <name>Read-Only Except Requests</name>
        <description>Users with this profile are allowed to browse through all objects in the application and to create/modify user requests (either through the portal or in the normal application)</description>
        <groups>
          <group id="Portal user - write">
            <actions>
              <action xsi:type="write">allow</action>
            </actions>
          </group>
          <group id="Portal user - delete">
            <actions>
              <action xsi:type="delete">allow</action>
            </actions>
          </group>
          <group id="class:UserRequest">
            <actions>
              <action id="ev_close" xsi:type="stimulus">allow</action>
            </actions>
          </group>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
      <profile id="51" _delta="define">
        <name>Read-Only No Portal Access</name>
        <description>Users with this profile are allowed to browse through all objects in the application but not to modify anything (event through the portal)</description>
        <groups>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
    </profiles>

这指示iTop定义两个新的简档(角色)。

  • 第一个简档(编号为id =“ 50”)实际上是“门户用户”简档的克隆。唯一的区别是“门户用户”是简档的常规名称。具有“门户用户”简档的任何简档都将自动定向到iTop的简档接口。由于我们的新简档被命名为“只读请求除外”,因此拥有此简档的用户可以浏览iTop的用户简档。
  • 第二个简档(编号为id =“ 51”)是纯只读的简档:它仅允许浏览iTop,而不能浏览简档。

通过在给定的 classes - listed in “groups”.上累积权利来定义简档(角色)。按照惯例,id =“ *”的组表示“任何类”。此示例中使用的其他组是已经在模块“ itop-profiles-itil”中定义的组(您可以在文件datamodel.itop-简档(角色)-itil.xml中查看它们的定义)。

例如,组“门户用户-写”的定义如下:

 <group id="Portal user - write" _delta="define">
        <classes>
          <class id="FileDoc"/>
          <class id="lnkTicketToDoc"/>
          <class id="UserRequest"/>
        </classes>

该组用于在以下类上授予权利:FileDoc(文件文档),UserRequest(用户请求工单)以及lnkTicketToDoc(文档与工单之间的n:n关系)。为了让终端用户创建用户请求工单(并将文档附加到工单),工单“只读请求”必须授予对该组中所有类的写访问权限(读访问权限由“ *”组)。

请参阅XML引用文档 有关组XML语法和简档(角色)的更多信息。

由于我们不需要重新定义任何类组,因此datamodel.add-profile-sample.xml文件应仅包含以下内容:

datamodel.sample-add-profile.xml
 
<?xml version="1.0" encoding="UTF-8"?>
<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
  <classes/>
  <menus/>
  <user_rights>
     <profiles>
      <profile id="50" _delta="define">
        <name>Read-Only Except Requests</name>
        <description>Users with this profile are allowed to browse through all objects in the application and to create/modify user requests (either through the portal or in the normal application)</description>
        <groups>
          <group id="Portal user - write">
            <actions>
              <action xsi:type="write">allow</action>
            </actions>
          </group>
          <group id="Portal user - delete">
            <actions>
              <action xsi:type="delete">allow</action>
            </actions>
          </group>
          <group id="class:UserRequest">
            <actions>
              <action id="ev_close" xsi:type="stimulus">allow</action>
            </actions>
          </group>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
      <profile id="51" _delta="define">
        <name>Read-Only No Portal Access</name>
        <description>Users with this profile are allowed to browse through all objects in the application but not to modify anything (event through the portal)</description>
        <groups>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
    </profiles>
  </user_rights>
</itop_design>

通过运行工具包检查您的修改。将浏览器指向http://your_itop/toolkit.

Checking the modifications with the toolkit

如果在此阶段报告了任何错误,请通过编辑XML文件进行修复,然后单击工具包页面中的“刷新”按钮再次检查您的修改。

搭载新的简档(角色)

完成修改后,需要再次运行安装程序,以使新的简档(角色)变为引入。

确保Web服务器的文件conf/production/config-itop.php是可写的(在Windows上:右键单击以显示文件属性,并取消选中只读标志;在Linux变更上为文件的权利),然后通过以下方式启动iTop安装:将您的浏览器指向http ::: your_itop/setup/

Launching the re-install

单击“继续»”开始重新安装。

https://www.itophub.io/wiki/media?w=300&tok=da0485&media=2_5_0%3Acustomization%3Ainstall-extension-2.png

在单击“下一步»”之前,请确保已选择“更新现有实例”。

https://www.itophub.io/wiki/media?w=300&tok=d0b59e&media=2_5_0%3Acustomization%3Aupgrade-screenshot2.png

继续执行向导的下一步……

Select the new extension

您的自定义模块应该出现在“扩展”的列表中,应该已经将其选中并显示为灰色(这意味着您无法卸载它)。只需按“下一步»”并完成安装。

简档(角色)在XML中定义,但实际上存储在数据库中。当前仅由安装程序执行将其加载到数据库的自带运维,因此,每次定义新的数据库(或修改了数据库定义)时,都需要再次运行安装程序。

最终定制模块

您可以通过单击以下链接下载完整的定制模块:

sample-add-profile.zip

下一步

要将定制部署到另一个iTop服务器,只需将文件夹“ sample-add-profile”复制到iTop的扩展文件夹,然后再次运行安装程序。

原贴链接:https://www.itophub.io/wiki/page?id=2_5_0%3Acustomization%3Aadd-profile-sample


Creating new Profiles

This document explains, step by step, how to create your own iTop module in order to create new profiles to grant access to the iTop application.

Goals of this tutorial

In this step-by-step tutorial you will learn to:

  • create your own extension module for iTop 2.0

  • define new profiles for iTop

  • on-board the new profiles by running the setup again

For the purpose of this tutorial we will create two new profiles:

  • A complete read-only profile, which grants the users the rights to browse through the application, but not to change anything in iTop

  • A read-only profile similar to the “Portal user” profile which grants the users enough rights to browse through the normal iTop application in read-only mode for most classes but also to use the Portal for submitting User Requests.

What you will need

  • iTop installed on a development machine, on which you can easily access/edit the files.

  • A text editor capable of editing PHP and XML file and supporting UTF-8. On Windows you can use Wordpad (Notepad does not like Unix line endings) or one of the excellent free development IDEs like PSPad or Notepad++.

Customization process

The customization process is the following:

  1. Install a development instance of iTop. It is always better not to experiment in production !!

  2. Install the toolkit to assist you in the customization

  3. Create a new (empty) module using the module creation wizard

  4. Copy this new module to the extensions folder on iTop and run the setup again to install the empty module

  5. Modify the module in extensions and use the toolkit to check your customizations

  6. Run the setup again to create the new profile(s)

Repeat the last two points until you are satisfied with your customization. When you are done, your new module is ready to be deployed. Copy the module folder in the extensions directory on your production iTop instance and run the setup to install it.

Step by step tutorial

Create your customization module

Use the module creation wizard. Fill the form with the following values:

LabelValueRemarks
Module namesample-add-profileNames starting with itop- and combodo- are reserved for use by Combodo. It is recommended not to put spaces or accentuated characters in the name of the module. Two modules with the same name cannot co-exist in the same iTop instance.
Module LabelAdd Profile SampleThis label will be displayed in the setup wizard. Localized characters and spaces are allowed
Module Version1.0.0The convention is to use a 3 digits numbering scheme: X.Y.Z
CategorybusinessModules that provide modifications to the data model should be in the category 'business'
Dependenciesitop-profiles-itil/1.0.0Our customization module depends on the modules: iTop Profiles ITIL since we will be using the groups defined in this module. Note that this module retained the version 1.0.0 even in iTop 2.0 !!

Click Generate ! to download the empty module as a zip file.

Install the empty module

Expand the content of the zip into the extensions folder of your development iTop instance. You should now have a folder named sample-profile-class inside the extensions folder. this folder contains the following files:

  • datamodel.sample-add-profile.xml

  • module.sample-add-profile.php

  • en.dict.sample-add-profile.php

  • model.sample-add-profile.php

Make sure that the file conf/production/config-itop.php is writable for the web server (on Windows: right click to display the file properties and uncheck the read-only flag; on Linux change the rights of the file), then launch the iTop installation by pointing your browser to http://your_itop/setup/

Launching the re-install

Click “Continue »” to start the re-installation.

https://www.itophub.io/wiki/media?w=300&tok=da0485&media=2_5_0%3Acustomization%3Ainstall-extension-2.png

Make sure that “Update an existing instance” is selected before clicking “Next »”.

https://www.itophub.io/wiki/media?w=300&tok=d0b59e&media=2_5_0%3Acustomization%3Aupgrade-screenshot2.png

Continue to the next steps of the wizard…

Select the new extension

Your custom module should appear in the list of “Extensions”. If this is not the case, check that the module files have been copied in the proper location and that the web server has enough rights to read them.

Select your custom module before clicking “Next »” and complete the installation.

Declare the new Profiles

Using you favorite text editor, open the file datamodel.sample-add-profile.xml.

Inside the user_rights tag, add the following piece of XML:

     <profiles>
      <profile id="50" _delta="define">
        <name>Read-Only Except Requests</name>
        <description>Users with this profile are allowed to browse through all objects in the application and to create/modify user requests (either through the portal or in the normal application)</description>
        <groups>
          <group id="Portal user - write">
            <actions>
              <action xsi:type="write">allow</action>
            </actions>
          </group>
          <group id="Portal user - delete">
            <actions>
              <action xsi:type="delete">allow</action>
            </actions>
          </group>
          <group id="class:UserRequest">
            <actions>
              <action id="ev_close" xsi:type="stimulus">allow</action>
            </actions>
          </group>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
      <profile id="51" _delta="define">
        <name>Read-Only No Portal Access</name>
        <description>Users with this profile are allowed to browse through all objects in the application but not to modify anything (event through the portal)</description>
        <groups>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
    </profiles>

This instructs iTop to define two new profiles.

  • The first profile (numbered id=“50”) is actually a clone of the “Portal User” profile. The only difference is that “Portal User” is a conventional name for a profile. Any user which has the “Portal User” profile is automatically directed to the portal interface of iTop. Since our new profile is named “Read-Only Except Requests”, users with this profile are allowed to navigate through the standard user interface of iTop.

  • The second profile (numbered id=“51”) is a pure read-only profile: it allows only to browse through iTop but not to change anything.

The profiles are defined by accumulating rights on a given set of classes - listed in “groups”. By convention the group with id=“*” means “any class”. The other groups used in this example are the groups already defined in the module “itop-profiles-itil” (you can see their definition in the file datamodel.itop-profiles-itil.xml).

For example the group “Portal user - write” is defined as follows:

      <group id="Portal user - write" _delta="define">
        <classes>
          <class id="FileDoc"/>
          <class id="lnkTicketToDoc"/>
          <class id="UserRequest"/>
        </classes>

This group is used to grant rights on the classes: FileDoc (a file document), UserRequest (a user request ticket) and also lnkTicketToDoc (the n:n relation between a Document and a Ticket). In order to let the end-user create a User Request ticket (and attach/detach documents to the ticket), the profile “Read-Only Except Requests” must grant write access to all classes in this group (The read access is granted by the rule on the “*” group).

Refer to the XML reference documentation for more information about the XML syntax for groups and profiles.

Since we don't need to redefine any group of classes, the datamodel.add-profile-sample.xml file should contain only the following:

datamodel.sample-add-profile.xml
 
<?xml version="1.0" encoding="UTF-8"?>
<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
  <classes/>
  <menus/>
  <user_rights>
     <profiles>
      <profile id="50" _delta="define">
        <name>Read-Only Except Requests</name>
        <description>Users with this profile are allowed to browse through all objects in the application and to create/modify user requests (either through the portal or in the normal application)</description>
        <groups>
          <group id="Portal user - write">
            <actions>
              <action xsi:type="write">allow</action>
            </actions>
          </group>
          <group id="Portal user - delete">
            <actions>
              <action xsi:type="delete">allow</action>
            </actions>
          </group>
          <group id="class:UserRequest">
            <actions>
              <action id="ev_close" xsi:type="stimulus">allow</action>
            </actions>
          </group>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
      <profile id="51" _delta="define">
        <name>Read-Only No Portal Access</name>
        <description>Users with this profile are allowed to browse through all objects in the application but not to modify anything (event through the portal)</description>
        <groups>
          <group id="*">
            <actions>
              <action xsi:type="read">allow</action>
              <action xsi:type="bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
    </profiles>
  </user_rights>
</itop_design>

Check your modification by running the toolkit. Point your browser to http://your_itop/toolkit.

Checking the modifications with the toolkit

If any error is reported at this stage, fix it by editing the XML file and check again your modifications by clicking on the “Refresh” button in the toolkit page.

On-board the new Profiles

When you are done with the modifications, you need to run the setup again in order to onboard the new profiles.

Make sure that the file conf/production/config-itop.php is writable for the web server (on Windows: right click to display the file properties and uncheck the read-only flag; on Linux change the rights of the file), then launch the iTop installation by pointing your browser to http://your_itop/setup/

Launching the re-install

Click “Continue »” to start the re-installation.

https://www.itophub.io/wiki/media?w=300&tok=da0485&media=2_5_0%3Acustomization%3Ainstall-extension-2.png

Make sure that “Update an existing instance” is selected before clicking “Next »”.

https://www.itophub.io/wiki/media?w=300&tok=d0b59e&media=2_5_0%3Acustomization%3Aupgrade-screenshot2.png

Continue to the next steps of the wizard…

Select the new extension

Your custom module should appear in the list of “Extensions”, it should already be checked and greyed out (meaning that you cannot deinstall it). Just press “Next »” and complete the installation.

The profiles are defined in the XML but are actually stored in the database. The on-boarding operation that loads them into the database is currently performed only by the setup, so you need to run the setup again each time a new profile is defined (or if a profile definition is modified).

Final Customization Module

You can download the complete customization module by clicking on the link below:

sample-add-profile.zip

Next Steps

To deploy your customization to another iTop server, simply copy the folder “sample-add-profile” to the extensions folder of iTop and run the setup again.

标签:
由 superadmin 在 2020/08/27, 17:11 创建
    

需要帮助?

如果您需要有关XWiki的帮助,可以联系:

深圳市艾拓先锋企业管理咨询有限公司