mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-30 01:04:09 +02:00
Introduce `User::can()' for checking whether a user has a given permission
The authentication manager already has the `hasPermission()' method but it lacks wildcard support and uses stupid looping. Implementing this method on the user further saves a call to `User::getPermissions()'.
This commit is contained in:
Eric Lippmann
parent
18aad562dd
commit
af58732545
@ -187,7 +187,7 @@ class User
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return permission information for this user
|
* Get the user's permissions
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
@ -197,13 +197,17 @@ class User
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Setter for permissions
|
* Set the user's permissions
|
||||||
*
|
*
|
||||||
* @param array $permissions
|
* @param array $permissions
|
||||||
|
*
|
||||||
|
* @return $this
|
||||||
*/
|
*/
|
||||||
public function setPermissions(array $permissions)
|
public function setPermissions(array $permissions)
|
||||||
{
|
{
|
||||||
$this->permissions = $permissions;
|
natcasesort($permissions);
|
||||||
|
$this->permissions = array_combine($permissions, $permissions);
|
||||||
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -444,4 +448,31 @@ class User
|
|||||||
{
|
{
|
||||||
return (count($this->remoteUserInformation)) ? true : false;
|
return (count($this->remoteUserInformation)) ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether the user has a given permission
|
||||||
|
*
|
||||||
|
* @param string $permission
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function can($permission)
|
||||||
|
{
|
||||||
|
if (isset($this->permissions['*']) || isset($this->permissions[$permission])) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
foreach ($this->permissions as $permitted) {
|
||||||
|
$wildcard = strpos($permitted, '*');
|
||||||
|
if ($wildcard !== false) {
|
||||||
|
if (substr($permission, 0, $wildcard) === substr($permitted, 0, $wildcard)) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
if ($permission === $permitted) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -60,4 +60,19 @@ class UserTest extends BaseTestCase
|
|||||||
$user = new User('unittest');
|
$user = new User('unittest');
|
||||||
$user->setEmail('mySampleEmail at someDomain dot org');
|
$user->setEmail('mySampleEmail at someDomain dot org');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testPermissions()
|
||||||
|
{
|
||||||
|
$user = new User('test');
|
||||||
|
$user->setPermissions(array(
|
||||||
|
'test',
|
||||||
|
'test/some/specific',
|
||||||
|
'test/more/*'
|
||||||
|
));
|
||||||
|
$this->assertTrue($user->can('test'));
|
||||||
|
$this->assertTrue($user->can('test/some/specific'));
|
||||||
|
$this->assertTrue($user->can('test/more/everything'));
|
||||||
|
$this->assertFalse($user->can('not/test'));
|
||||||
|
$this->assertFalse($user->can('test/some/not/so/specific'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user