<?php namespace Icinga\Module\Director; use Icinga\Authentication\Auth; use Icinga\Authentication\Role; use Icinga\Exception\AuthenticationException; class Acl { /** @var Auth */ protected $auth; /** @var self */ private static $instance; /** * @return self */ public static function instance() { if (self::$instance === null) { self::$instance = new static(Auth::getInstance()); } return self::$instance; } /** * Acl constructor * * @param Auth $auth */ public function __construct(Auth $auth) { $this->auth = $auth; } /** * Whether the given permission is available * * @param $name * * @return bool */ public function hasPermission($name) { return $this->auth->hasPermission($name); } /** * List all given roles * * @return array */ public function listRoleNames() { return array_map( array($this, 'getNameForRole'), $this->getUser()->getRoles() ); } /** * Get our user object, throws auth error if not available * * @return \Icinga\User * @throws AuthenticationException */ protected function getUser() { if (null === ($user = $this->auth->getUser())) { throw new AuthenticationException('Authenticated user required'); } return $user; } /** * Get the name for a given role * * @param Role $role * * @return string */ protected function getNameForRole(Role $role) { return $role->getName(); } }