2017-01-13 18:59:04 +01:00
|
|
|
<?php
|
2016-10-27 19:58:31 +02:00
|
|
|
|
|
|
|
namespace Icinga\Module\Director;
|
|
|
|
|
|
|
|
use Icinga\Authentication\Auth;
|
2017-01-13 18:59:04 +01:00
|
|
|
use Icinga\Authentication\Role;
|
2016-10-27 19:58:31 +02:00
|
|
|
use Icinga\Exception\AuthenticationException;
|
|
|
|
|
|
|
|
class Acl
|
|
|
|
{
|
2017-01-13 18:59:04 +01:00
|
|
|
/** @var Auth */
|
2016-10-27 19:58:31 +02:00
|
|
|
protected $auth;
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/** @var self */
|
2016-10-27 19:58:31 +02:00
|
|
|
private static $instance;
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/**
|
|
|
|
* @return self
|
|
|
|
*/
|
2016-10-27 19:58:31 +02:00
|
|
|
public static function instance()
|
|
|
|
{
|
|
|
|
if (self::$instance === null) {
|
|
|
|
self::$instance = new static(Auth::getInstance());
|
|
|
|
}
|
|
|
|
|
|
|
|
return self::$instance;
|
|
|
|
}
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/**
|
|
|
|
* Acl constructor
|
|
|
|
*
|
|
|
|
* @param Auth $auth
|
|
|
|
*/
|
2016-10-27 19:58:31 +02:00
|
|
|
public function __construct(Auth $auth)
|
|
|
|
{
|
|
|
|
$this->auth = $auth;
|
|
|
|
}
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/**
|
|
|
|
* Whether the given permission is available
|
|
|
|
*
|
|
|
|
* @param $name
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2016-10-27 19:58:31 +02:00
|
|
|
public function hasPermission($name)
|
|
|
|
{
|
|
|
|
return $this->auth->hasPermission($name);
|
|
|
|
}
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/**
|
|
|
|
* List all given roles
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function listRoleNames()
|
|
|
|
{
|
|
|
|
return array_map(
|
|
|
|
array($this, 'getNameForRole'),
|
|
|
|
$this->getUser()->getRoles()
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get our user object, throws auth error if not available
|
|
|
|
*
|
|
|
|
* @return \Icinga\User
|
|
|
|
* @throws AuthenticationException
|
|
|
|
*/
|
2016-10-27 19:58:31 +02:00
|
|
|
protected function getUser()
|
|
|
|
{
|
|
|
|
if (null === ($user = $this->auth->getUser())) {
|
|
|
|
throw new AuthenticationException('Authenticated user required');
|
|
|
|
}
|
|
|
|
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
2017-01-13 18:59:04 +01:00
|
|
|
/**
|
|
|
|
* Get the name for a given role
|
|
|
|
*
|
|
|
|
* @param Role $role
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function getNameForRole(Role $role)
|
2016-10-27 19:58:31 +02:00
|
|
|
{
|
|
|
|
return $role->getName();
|
|
|
|
}
|
|
|
|
}
|