From 8a489bcc46017743ae957256c14bef7e4660b15c Mon Sep 17 00:00:00 2001
From: Sukhwinder Dhillon <sukhwinder33445@gmail.com>
Date: Tue, 21 Nov 2023 09:27:40 +0100
Subject: [PATCH] HostController: Move ServiceFinder::getRedirectionUrl()
 method code to findserviceAction()

- This helps to detect backend easily, and was only called in this method anyway.
- Add and use helping method getServicesReadOnlyPermission()
-
---
 application/controllers/HostController.php    | 50 ++++++++++++++++---
 .../DirectorObject/Lookup/ServiceFinder.php   | 34 -------------
 2 files changed, 44 insertions(+), 40 deletions(-)

diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php
index da873a61..d5acdfc7 100644
--- a/application/controllers/HostController.php
+++ b/application/controllers/HostController.php
@@ -4,6 +4,8 @@ namespace Icinga\Module\Director\Controllers;
 
 use gipfl\Web\Widget\Hint;
 use Icinga\Module\Director\Auth\Permission;
+use Icinga\Module\Director\Integration\Icingadb\IcingadbBackend;
+use Icinga\Module\Director\Integration\MonitoringModule\Monitoring;
 use Icinga\Module\Director\Web\Table\ObjectsTableService;
 use ipl\Html\Html;
 use gipfl\IcingaWeb2\Link;
@@ -39,7 +41,7 @@ class HostController extends ObjectController
         ) {
             return;
         }
-        if ($auth->hasPermission(Permission::MONITORING_SERVICES_RO) && $this->isServicesReadOnlyAction()) {
+        if ($this->isServicesReadOnlyAction() && $auth->hasPermission($this->getServicesReadOnlyPermission())) {
             return;
         }
         if ($auth->hasPermission(Permission::HOSTS)) { // faster
@@ -136,11 +138,35 @@ class HostController extends ObjectController
 
     public function findserviceAction()
     {
+        $auth = $this->Auth();
         $host = $this->getHostObject();
-        $this->redirectNow(
-            (new ServiceFinder($host, $this->getAuth()))
-                ->getRedirectionUrl($this->params->get('service'))
-        );
+        $hostName = $host->getObjectName();
+        $serviceName = $this->params->get('service');
+        $info = ServiceFinder::find($host, $serviceName);
+        $backend = $this->backend();
+
+        if ($info && $auth->hasPermission(Permission::HOSTS)) {
+            $redirectUrl = $info->getUrl();
+        } elseif ($info
+            && (($backend instanceof Monitoring && $auth->hasPermission(Permission::MONITORING_HOSTS))
+                || ($backend instanceof IcingadbBackend && $auth->hasPermission(Permission::ICINGADB_HOSTS))
+            )
+            && $backend->canModifyService($hostName, $serviceName)
+        ) {
+            $redirectUrl = $info->getUrl();
+        } elseif ($auth->hasPermission($this->getServicesReadOnlyPermission())) {
+            $redirectUrl = Url::fromPath('director/host/servicesro', [
+                'name'    => $hostName,
+                'service' => $serviceName
+            ]);
+        } else {
+            $redirectUrl = Url::fromPath('director/host/invalidservice', [
+                'name'    => $hostName,
+                'service' => $serviceName,
+            ]);
+        }
+
+        $this->redirectNow($redirectUrl);
     }
 
     /**
@@ -263,7 +289,7 @@ class HostController extends ObjectController
      */
     public function servicesroAction()
     {
-        $this->assertPermission(Permission::MONITORING_SERVICES_RO);
+        $this->assertPermission($this->getServicesReadOnlyPermission());
         $host = $this->getHostObject();
         $service = $this->params->getRequired('service');
         $db = $this->db();
@@ -618,4 +644,16 @@ class HostController extends ObjectController
         }
         return $this->object;
     }
+
+    /**
+     * Get readOnly permission of the service for the current backend
+     *
+     * @return string permission
+     */
+    protected function getServicesReadOnlyPermission(): string
+    {
+        return $this->backend() instanceof IcingadbBackend
+            ? Permission::ICINGADB_SERVICES_RO
+            : Permission::MONITORING_SERVICES_RO;
+    }
 }
diff --git a/library/Director/DirectorObject/Lookup/ServiceFinder.php b/library/Director/DirectorObject/Lookup/ServiceFinder.php
index 45b586c8..a14d8538 100644
--- a/library/Director/DirectorObject/Lookup/ServiceFinder.php
+++ b/library/Director/DirectorObject/Lookup/ServiceFinder.php
@@ -51,38 +51,4 @@ class ServiceFinder
 
         return false;
     }
-
-    /**
-     * @param $serviceName
-     * @return Url
-     */
-    public function getRedirectionUrl($serviceName)
-    {
-        if ($this->auth === null) {
-            throw new RuntimeException('Auth is required for ServiceFinder when dealing when asking for URLs');
-        }
-        if ($this->auth->hasPermission(Permission::HOSTS)) {
-            if ($info = $this::find($this->host, $serviceName)) {
-                return $info->getUrl();
-            }
-        }
-        if ($this->auth->hasPermission(Permission::MONITORING_HOSTS)) {
-            if ($info = $this::find($this->host, $serviceName)) {
-                if ((new Monitoring())->canModifyService($this->host->getObjectName(), $serviceName)) {
-                    return $info->getUrl();
-                }
-            }
-        }
-        if ($this->auth->hasPermission(Permission::MONITORING_SERVICES_RO)) {
-            return Url::fromPath('director/host/servicesro', [
-                'name'    => $this->host->getObjectName(),
-                'service' => $serviceName
-            ]);
-        }
-
-        return Url::fromPath('director/host/invalidservice', [
-            'name'    => $this->host->getObjectName(),
-            'service' => $serviceName,
-        ]);
-    }
 }