mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-27 07:44:04 +02:00
Security: Introduce AdmissionLoader::getPermissionsAndRestrictions() for loading permissins and restrictions from roles.ini
When loading from roles.ini there's currently an empty permission added which is of course a bug and will be fixed asap. refs #5647
This commit is contained in:
Eric Lippmann
parent
0c219655e0
commit
b01a9a65e0
@ -5,6 +5,7 @@
|
|||||||
namespace Icinga\Authentication;
|
namespace Icinga\Authentication;
|
||||||
|
|
||||||
use Icinga\Application\Config;
|
use Icinga\Application\Config;
|
||||||
|
use Icinga\Application\Logger;
|
||||||
use Icinga\Exception\NotReadableError;
|
use Icinga\Exception\NotReadableError;
|
||||||
use Icinga\Data\ConfigObject;
|
use Icinga\Data\ConfigObject;
|
||||||
use Icinga\User;
|
use Icinga\User;
|
||||||
@ -42,6 +43,50 @@ class AdmissionLoader
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get user permissions and restrictions
|
||||||
|
*
|
||||||
|
* @param User $user
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function getPermissionsAndRestrictions(User $user)
|
||||||
|
{
|
||||||
|
$permissions = array();
|
||||||
|
$restrictions = array();
|
||||||
|
$username = $user->getUsername();
|
||||||
|
try {
|
||||||
|
$roles = Config::app('roles');
|
||||||
|
} catch (NotReadableError $e) {
|
||||||
|
Logger::error(
|
||||||
|
'Can\'t get permissions and restrictions for user \'%s\'. An exception was thrown:',
|
||||||
|
$username,
|
||||||
|
$e
|
||||||
|
);
|
||||||
|
return array($permissions, $restrictions);
|
||||||
|
}
|
||||||
|
$userGroups = $user->getGroups();
|
||||||
|
foreach ($roles as $role) {
|
||||||
|
if ($this->match($username, $userGroups, $role)) {
|
||||||
|
$permissions = array_merge(
|
||||||
|
$permissions,
|
||||||
|
array_diff(String::trimSplit($role->permissions), $permissions)
|
||||||
|
);
|
||||||
|
$restrictionsFromRole = $role->toArray();
|
||||||
|
unset($restrictionsFromRole['users']);
|
||||||
|
unset($restrictionsFromRole['groups']);
|
||||||
|
unset($restrictionsFromRole['permissions']);
|
||||||
|
foreach ($restrictionsFromRole as $name => $restriction) {
|
||||||
|
if (! isset($restrictions[$name])) {
|
||||||
|
$restrictions[$name] = array();
|
||||||
|
}
|
||||||
|
$restrictions[$name][] = $restriction;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return array($permissions, $restrictions);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get user permissions
|
* Get user permissions
|
||||||
*
|
*
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user