From 473bbd40c4cd2a8cc9d3f4e1d85f6ce74588d417 Mon Sep 17 00:00:00 2001 From: Thomas Gelf Date: Thu, 29 Mar 2018 16:46:41 +0200 Subject: [PATCH] IcingaHostForm: fix premission checks on new Hosts refs #1451 --- application/forms/IcingaHostForm.php | 4 +- library/Director/Objects/IcingaObject.php | 37 ++++++++++++++++++- .../Restriction/HostgroupRestriction.php | 12 ++++++ 3 files changed, 49 insertions(+), 4 deletions(-) diff --git a/application/forms/IcingaHostForm.php b/application/forms/IcingaHostForm.php index 57312944..33a09dbb 100644 --- a/application/forms/IcingaHostForm.php +++ b/application/forms/IcingaHostForm.php @@ -254,7 +254,7 @@ class IcingaHostForm extends DirectorObjectForm protected function getInheritedGroups() { if ($this->hasObject()) { - return $this->object->getInheritedGroups(); + return $this->object->listInheritedGroupNames(); } else { return []; } @@ -379,6 +379,6 @@ class IcingaHostForm extends DirectorObjectForm } } - return parent::onSuccess(); + parent::onSuccess(); } } diff --git a/library/Director/Objects/IcingaObject.php b/library/Director/Objects/IcingaObject.php index c3bfbd73..d3f5cbdb 100644 --- a/library/Director/Objects/IcingaObject.php +++ b/library/Director/Objects/IcingaObject.php @@ -111,6 +111,7 @@ abstract class IcingaObject extends DbObject implements IcingaConfigRenderer private $vars; + /** @var IcingaObjectGroups */ private $groups; private $imports; @@ -789,6 +790,15 @@ abstract class IcingaObject extends DbObject implements IcingaConfigRenderer return $this->groups; } + public function hasModifiedGroups() + { + $this->assertGroupsSupport(); + if ($this->groups === null) { + return false; + } + + return $this->groups->hasBeenModified(); + } /** * @return IcingaTimePeriodRanges */ @@ -1005,12 +1015,16 @@ abstract class IcingaObject extends DbObject implements IcingaConfigRenderer return $vars; } + /** + * This is mostly for magic getters + * @return array + */ public function getGroups() { return $this->groups()->listGroupNames(); } - public function getInheritedGroups() + public function listInheritedGroupNames() { $parents = $this->imports()->getObjects(); /** @var IcingaObject $parent */ @@ -1030,6 +1044,25 @@ abstract class IcingaObject extends DbObject implements IcingaConfigRenderer return $this; } + public function listResolvedGroupNames() + { + $groups = $this->groups()->listGroupNames(); + if (empty($groups)) { + return $this->listInheritedGroupNames(); + } + + return $groups; + } + + public function hasGroup($group) + { + if ($group instanceof static) { + $group = $group->getObjectName(); + } + + return in_array($group, $this->listResolvedGroupNames()); + } + protected function getResolved($what) { $func = 'resolve' . $what; @@ -2574,7 +2607,7 @@ abstract class IcingaObject extends DbObject implements IcingaConfigRenderer // TODO: resolve $groups = $this->groups()->listGroupNames(); if ($resolved && empty($groups)) { - $groups = $this->getInheritedGroups(); + $groups = $this->listInheritedGroupNames(); } $props['groups'] = $groups; diff --git a/library/Director/Restriction/HostgroupRestriction.php b/library/Director/Restriction/HostgroupRestriction.php index 40d12b0d..0d88b919 100644 --- a/library/Director/Restriction/HostgroupRestriction.php +++ b/library/Director/Restriction/HostgroupRestriction.php @@ -56,6 +56,18 @@ class HostgroupRestriction extends ObjectRestriction return true; } + if (! $host->hasBeenLoadedFromDb()) { + if ($host->hasModifiedGroups()) { + foreach ($this->listRestrictedHostgroups() as $group) { + if ($host->hasGroup($group)) { + return true; + } + } + } + + return false; + } + $query = $this->db->select()->from( ['o' => 'icinga_host'], ['id']