tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

PrivilegeAudit: Show missing restrictions if only parents restrict

Browse Source
This commit is contained in:
Johannes Meyer 2021-04-06 16:09:45 +02:00
parent 65cfa9236c
commit b5334a063e
1 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
library/Icinga/Web/View/PrivilegeAudit.php
View File

@ -199,8 +199,8 @@ class PrivilegeAudit extends BaseHtmlElement
break; break;
} }
if (($roleRestriction = $role->getRestrictions($restriction)) !== null) { foreach ($this->collectRestrictions($role, $restriction) as $role => $roleRestriction) {
$restrictedBy[] = $role->getName(); $restrictedBy[] = $role;
$restrictions[] = $roleRestriction; $restrictions[] = $roleRestriction;
} }
} }
@ -216,13 +216,15 @@ class PrivilegeAudit extends BaseHtmlElement
'Restricted by %s and %s as well as %d others', 'Restricted by %s and %s as well as %d others',
count($restrictedBy) - 2 count($restrictedBy) - 2
), ),
$restrictedBy[0], $restrictedBy[0]->getName(),
$restrictedBy[1], $restrictedBy[1]->getName(),
count($restrictedBy) - 2 count($restrictedBy) - 2
) )
: sprintf( : sprintf(
tp('Restricted by %s', 'Restricted by %s and %s', count($restrictedBy)), tp('Restricted by %s', 'Restricted by %s and %s', count($restrictedBy)),
...$restrictedBy ...array_map(function ($role) {
return $role->getName();
}, $restrictedBy)
) )
]); ]);
} else { } else {
@ -237,7 +239,9 @@ class PrivilegeAudit extends BaseHtmlElement
new HtmlElement('span', [ new HtmlElement('span', [
'class' => 'role', 'class' => 'role',
'title' => t('All roles combined') 'title' => t('All roles combined')
], join(' | ', $restrictedBy)), ], join(' | ', array_map(function ($role) {
return $role->getName();
}, $restrictedBy))),
new HtmlElement('code', ['class' => 'restriction'], $combinedRestrictions) new HtmlElement('code', ['class' => 'restriction'], $combinedRestrictions)
]), ]),
$combinedLinks ? new HtmlElement('div', ['class' => 'previews'], [ $combinedLinks ? new HtmlElement('div', ['class' => 'previews'], [
@ -247,11 +251,7 @@ class PrivilegeAudit extends BaseHtmlElement
]); ]);
} }
foreach ($this->roles as $role) { foreach ($restrictedBy as $role) {
if (! in_array($role->getName(), $restrictedBy, true)) {
continue;
}
list($roleRestriction, $restrictionLinks) = $this->createRestrictionLinks( list($roleRestriction, $restrictionLinks) = $this->createRestrictionLinks(
$restriction, $restriction,
[$role->getRestrictions($restriction)] [$role->getRestrictions($restriction)]
@ -422,6 +422,16 @@ class PrivilegeAudit extends BaseHtmlElement
} }
} }
private function collectRestrictions(Role $role, $restrictionName)
{
do {
$restriction = $role->getRestrictions($restrictionName);
if ($restriction) {
yield $role => $restriction;
}
} while (($role = $role->getParent()) !== null);
}
private function createRestrictionLinks($restrictionName, array $restrictions) private function createRestrictionLinks($restrictionName, array $restrictions)
{ {
// TODO: Remove this hardcoded mess. Do this based on the restriction's meta data // TODO: Remove this hardcoded mess. Do this based on the restriction's meta data