icingaweb2-module-director/library/Director/Acl.php

91 lines
1.7 KiB
PHP
Raw Normal View History

2017-01-13 18:59:04 +01:00
<?php
namespace Icinga\Module\Director;
use Icinga\Authentication\Auth;
2017-01-13 18:59:04 +01:00
use Icinga\Authentication\Role;
use Icinga\Exception\AuthenticationException;
class Acl
{
2017-01-13 18:59:04 +01:00
/** @var Auth */
protected $auth;
2017-01-13 18:59:04 +01:00
/** @var self */
private static $instance;
2017-01-13 18:59:04 +01:00
/**
* @return self
*/
public static function instance()
{
if (self::$instance === null) {
self::$instance = new static(Auth::getInstance());
}
return self::$instance;
}
2017-01-13 18:59:04 +01:00
/**
* Acl constructor
*
* @param Auth $auth
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
2017-01-13 18:59:04 +01:00
/**
* Whether the given permission is available
*
* @param $name
*
* @return bool
*/
public function hasPermission($name)
{
return $this->auth->hasPermission($name);
}
2017-01-13 18:59:04 +01:00
/**
* List all given roles
*
* @return array
*/
public function listRoleNames()
{
return array_map(
array($this, 'getNameForRole'),
$this->getUser()->getRoles()
);
}
/**
* Get our user object, throws auth error if not available
*
* @return \Icinga\User
* @throws AuthenticationException
*/
protected function getUser()
{
if (null === ($user = $this->auth->getUser())) {
throw new AuthenticationException('Authenticated user required');
}
return $user;
}
2017-01-13 18:59:04 +01:00
/**
* Get the name for a given role
*
* @param Role $role
*
* @return string
*/
protected function getNameForRole(Role $role)
{
return $role->getName();
}
}