From 7f010102f641e0f46ed013d1d9eff80730444e51 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 12 Mar 2015 15:27:44 +0100
Subject: [PATCH] Add wildcard support to the permission passed to User::can()

refs #8720
---
 library/Icinga/User.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/library/Icinga/User.php b/library/Icinga/User.php
index 3bf0d0aa2..18d44af96 100644
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@@ -422,8 +422,16 @@ class User
         if (isset($this->permissions['*']) || isset($this->permissions[$permission])) {
             return true;
         }
+        // If the permission to check contains a wildcard, grant the permission if any permit related to the permission
+        // matches
+        $any = strpos($permission, '*');
         foreach ($this->permissions as $permitted) {
-            $wildcard = strpos($permitted, '*');
+            if ($any !== false) {
+                $wildcard = $any;
+            } else {
+                // If the permit contains a wildcard, grant the permission if it's related to the permit
+                $wildcard = strpos($permitted, '*');
+            }
             if ($wildcard !== false) {
                 if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) {
                     return true;