HostController: Move ServiceFinder::getRedirectionUrl() method code to findserviceAction()

- This helps to detect backend easily, and was only called in this method anyway. - Add and use helping method getServicesReadOnlyPermission() -
2025-07-28 16:24:05 +02:00 · 2023-11-21 09:27:40 +01:00 · 2023-11-21 09:27:40 +01:00 · 8a489bcc46
commit 8a489bcc46
parent 4e6528e862
2 changed files with 44 additions and 40 deletions
--- a/application/controllers/HostController.php
+++ b/application/controllers/HostController.php
@ -4,6 +4,8 @@ namespace Icinga\Module\Director\Controllers;

 use gipfl\Web\Widget\Hint;
 use Icinga\Module\Director\Auth\Permission;
+use Icinga\Module\Director\Integration\Icingadb\IcingadbBackend;
+use Icinga\Module\Director\Integration\MonitoringModule\Monitoring;
 use Icinga\Module\Director\Web\Table\ObjectsTableService;
 use ipl\Html\Html;
 use gipfl\IcingaWeb2\Link;
@ -39,7 +41,7 @@ class HostController extends ObjectController
        ) {
            return;
        }
-        if ($auth->hasPermission(Permission::MONITORING_SERVICES_RO) && $this->isServicesReadOnlyAction()) {
+        if ($this->isServicesReadOnlyAction() && $auth->hasPermission($this->getServicesReadOnlyPermission())) {
            return;
        }
        if ($auth->hasPermission(Permission::HOSTS)) { // faster
@ -136,11 +138,35 @@ class HostController extends ObjectController

    public function findserviceAction()
    {
+        $auth = $this->Auth();
        $host = $this->getHostObject();
-        $this->redirectNow(
-            (new ServiceFinder($host, $this->getAuth()))
-                ->getRedirectionUrl($this->params->get('service'))
-        );
+        $hostName = $host->getObjectName();
+        $serviceName = $this->params->get('service');
+        $info = ServiceFinder::find($host, $serviceName);
+        $backend = $this->backend();
+
+        if ($info && $auth->hasPermission(Permission::HOSTS)) {
+            $redirectUrl = $info->getUrl();
+        } elseif ($info
+            && (($backend instanceof Monitoring && $auth->hasPermission(Permission::MONITORING_HOSTS))
+                || ($backend instanceof IcingadbBackend && $auth->hasPermission(Permission::ICINGADB_HOSTS))
+            )
+            && $backend->canModifyService($hostName, $serviceName)
+        ) {
+            $redirectUrl = $info->getUrl();
+        } elseif ($auth->hasPermission($this->getServicesReadOnlyPermission())) {
+            $redirectUrl = Url::fromPath('director/host/servicesro', [
+                'name'    => $hostName,
+                'service' => $serviceName
+            ]);
+        } else {
+            $redirectUrl = Url::fromPath('director/host/invalidservice', [
+                'name'    => $hostName,
+                'service' => $serviceName,
+            ]);
+        }
+
+        $this->redirectNow($redirectUrl);
    }

    /**
@ -263,7 +289,7 @@ class HostController extends ObjectController
     */
    public function servicesroAction()
    {
-        $this->assertPermission(Permission::MONITORING_SERVICES_RO);
+        $this->assertPermission($this->getServicesReadOnlyPermission());
        $host = $this->getHostObject();
        $service = $this->params->getRequired('service');
        $db = $this->db();
@ -618,4 +644,16 @@ class HostController extends ObjectController
        }
        return $this->object;
    }
+
+    /**
+     * Get readOnly permission of the service for the current backend
+     *
+     * @return string permission
+     */
+    protected function getServicesReadOnlyPermission(): string
+    {
+        return $this->backend() instanceof IcingadbBackend
+            ? Permission::ICINGADB_SERVICES_RO
+            : Permission::MONITORING_SERVICES_RO;
+    }
 }
--- a/library/Director/DirectorObject/Lookup/ServiceFinder.php
+++ b/library/Director/DirectorObject/Lookup/ServiceFinder.php
@ -51,38 +51,4 @@ class ServiceFinder

        return false;
    }
-
-    /**
-     * @param $serviceName
-     * @return Url
-     */
-    public function getRedirectionUrl($serviceName)
-    {
-        if ($this->auth === null) {
-            throw new RuntimeException('Auth is required for ServiceFinder when dealing when asking for URLs');
-        }
-        if ($this->auth->hasPermission(Permission::HOSTS)) {
-            if ($info = $this::find($this->host, $serviceName)) {
-                return $info->getUrl();
-            }
-        }
-        if ($this->auth->hasPermission(Permission::MONITORING_HOSTS)) {
-            if ($info = $this::find($this->host, $serviceName)) {
-                if ((new Monitoring())->canModifyService($this->host->getObjectName(), $serviceName)) {
-                    return $info->getUrl();
-                }
-            }
-        }
-        if ($this->auth->hasPermission(Permission::MONITORING_SERVICES_RO)) {
-            return Url::fromPath('director/host/servicesro', [
-                'name'    => $this->host->getObjectName(),
-                'service' => $serviceName
-            ]);
-        }
-
-        return Url::fromPath('director/host/invalidservice', [
-            'name'    => $this->host->getObjectName(),
-            'service' => $serviceName,
-        ]);
-    }
 }