diff --git a/library/Director/Restriction/ObjectRestriction.php b/library/Director/Restriction/ObjectRestriction.php index 81cd8730..9161ebb8 100644 --- a/library/Director/Restriction/ObjectRestriction.php +++ b/library/Director/Restriction/ObjectRestriction.php @@ -5,8 +5,10 @@ namespace Icinga\Module\Director\Restriction; use Icinga\Authentication\Auth; use Icinga\Exception\ProgrammingError; use Icinga\Module\Director\Db; +use Icinga\Module\Director\Objects\IcingaObject; +use Zend_Db_Select as ZfSelect; -class ObjectRestriction +abstract class ObjectRestriction { /** @var string */ protected $name; @@ -23,6 +25,29 @@ class ObjectRestriction $this->auth = $auth; } + abstract public function allows(IcingaObject $object); + + /** + * Apply the restriction to the given Hosts Query + * + * We assume that the query wants to fetch hosts and that therefore the + * icinga_host table already exists in the given query, using the $tableAlias + * alias. + * + * @param ZfSelect $query + * @param string $tableAlias + */ + abstract protected function filterQuery(ZfSelect $query, $tableAlias = 'o'); + + public function applyToQuery(ZfSelect $query, $tableAlias = 'o') + { + if ($this->isRestricted()) { + $this->filterQuery($query, $tableAlias); + } + + return $query; + } + public function getName() { if ($this->name === null) { @@ -38,6 +63,20 @@ class ObjectRestriction return ! empty($restrictions); } + protected function getQueryTableByAlias(ZfSelect $query, $tableAlias) + { + $from = $query->getPart(ZfSelect::FROM); + if (! array_key_exists($tableAlias, $from)) { + throw new ProgrammingError( + 'Cannot restrict query with alias "%s", got %s', + $tableAlias, + json_encode($from) + ); + } + + return $from[$tableAlias]['tableName']; + } + protected function gracefullySplitOnComma($string) { return preg_split('/\s*,\s*/', $string, -1, PREG_SPLIT_NO_EMPTY);