From bf590ed3801e659b4dff6d38db7026b048f1990c Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Wed, 22 Jul 2015 15:01:54 +0200
Subject: [PATCH] Provide module permissions automatically

refs #9644
---
 application/forms/Security/RoleForm.php | 46 +++++++++++++++----------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php
index 114ddfc1f..970a0cc01 100644
--- a/application/forms/Security/RoleForm.php
+++ b/application/forms/Security/RoleForm.php
@@ -63,25 +63,35 @@ class RoleForm extends ConfigForm
     public function init()
     {
         $helper = new Zend_Form_Element('bogus');
-        foreach (Icinga::app()->getModuleManager()->getLoadedModules() as $module) {
-            foreach ($module->getProvidedPermissions() as $permission) {
-                /** @var object $permission */
-                $this->providedPermissions[$permission->name] = $permission->description . ' (' . $permission->name . ')';
-            }
-            foreach ($module->getProvidedRestrictions() as $restriction) {
-                /** @var object $restriction */
-                $name = $helper->filterName($restriction->name); // Zend only permits alphanumerics, the underscore,
-                                                                 // the circumflex and any ASCII character in range
-                                                                 // \x7f to \xff (127 to 255)
-                while (isset($this->providedRestrictions[$name])) {
-                    // Because Zend_Form_Element::filterName() replaces any not permitted character with the empty
-                    // string we may have duplicate names, e.g. 're/striction' and 'restriction'
-                    $name .= '_';
+        $mm = Icinga::app()->getModuleManager();
+        foreach ($mm->listInstalledModules() as $moduleName) {
+            $modulePermission = $mm::MODULE_PERMISSION_NS . $moduleName;
+            $this->providedPermissions[$modulePermission] = sprintf(
+                $this->translate('Allow access to module %s') . ' (%s)',
+                $moduleName,
+                $modulePermission
+            );
+            if ($mm->hasEnabled($moduleName)) {
+                $module = $mm->getModule($moduleName);
+                foreach ($module->getProvidedPermissions() as $permission) {
+                    /** @var object $permission */
+                    $this->providedPermissions[$permission->name] = $permission->description . ' (' . $permission->name . ')';
+                }
+                foreach ($module->getProvidedRestrictions() as $restriction) {
+                    /** @var object $restriction */
+                    $name = $helper->filterName($restriction->name); // Zend only permits alphanumerics, the underscore,
+                    // the circumflex and any ASCII character in range
+                    // \x7f to \xff (127 to 255)
+                    while (isset($this->providedRestrictions[$name])) {
+                        // Because Zend_Form_Element::filterName() replaces any not permitted character with the empty
+                        // string we may have duplicate names, e.g. 're/striction' and 'restriction'
+                        $name .= '_';
+                    }
+                    $this->providedRestrictions[$name] = array(
+                        'description' => $restriction->description,
+                        'name'        => $restriction->name
+                    );
                 }
-                $this->providedRestrictions[$name] = array(
-                    'description'   => $restriction->description,
-                    'name'          => $restriction->name
-                );
             }
         }
     }