Fix the permission wildcards assertion

fixes #9202
2015-05-05 12:36:26 +02:00 · 2015-05-05 12:36:26 +02:00 · 612fefba9c
parent 993cb31572
commit 612fefba9c
2 changed files with 14 additions and 10 deletions
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@ -413,30 +413,30 @@ class User
    /**
     * Whether the user has a given permission
     *
-     * @param   string $permission
+     * @param   string $requiredPermission
     *
     * @return  bool
     */
-    public function can($permission)
+    public function can($requiredPermission)
    {
-        if (isset($this->permissions['*']) || isset($this->permissions[$permission])) {
+        if (isset($this->permissions['*']) || isset($this->permissions[$requiredPermission])) {
            return true;
        }
        // If the permission to check contains a wildcard, grant the permission if any permit related to the permission
        // matches
-        $any = strpos($permission, '*');
-        foreach ($this->permissions as $permitted) {
-            if ($any !== false) {
+        $any = strpos($requiredPermission, '*');
+        foreach ($this->permissions as $grantedPermission) {
+            if ($any !== false && strpos($grantedPermission, '*') === false) {
                $wildcard = $any;
            } else {
                // If the permit contains a wildcard, grant the permission if it's related to the permit
-                $wildcard = strpos($permitted, '*');
+                $wildcard = strpos($grantedPermission, '*');
            }
            if ($wildcard !== false) {
-                if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) {
+                if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
                    return true;
                }
-            } elseif ($permission === $permitted) {
+            } elseif ($requiredPermission === $grantedPermission) {
                return true;
            }
        }
--- a/test/php/library/Icinga/UserTest.php
+++ b/test/php/library/Icinga/UserTest.php
@ -66,12 +66,16 @@ class UserTest extends BaseTestCase
        $user->setPermissions(array(
            'test',
            'test/some/specific',
-            'test/more/*'
+            'test/more/*',
+            'test/wildcard-with-wildcard/*'
        ));
        $this->assertTrue($user->can('test'));
        $this->assertTrue($user->can('test/some/specific'));
        $this->assertTrue($user->can('test/more/everything'));
+        $this->assertTrue($user->can('test/wildcard-with-wildcard/*'));
+        $this->assertTrue($user->can('test/wildcard/sub/sub'));
        $this->assertFalse($user->can('not/test'));
        $this->assertFalse($user->can('test/some/not/so/specific'));
+        $this->assertFalse($user->can('test/wildcard2/*'));
    }
 }