mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-23 13:54:26 +02:00
Use lowercase username and user groups for loading user permissions and restrictions
This commit is contained in:
parent
53608c83d0
commit
cee261bf7e
@ -6,6 +6,7 @@ namespace Icinga\Authentication;
|
||||
|
||||
use Icinga\Application\Config;
|
||||
use Icinga\Exception\NotReadableError;
|
||||
use Icinga\User;
|
||||
use Icinga\Util\String;
|
||||
|
||||
/**
|
||||
@ -14,73 +15,97 @@ use Icinga\Util\String;
|
||||
class AdmissionLoader
|
||||
{
|
||||
/**
|
||||
* Match against groups
|
||||
*
|
||||
* @param string $section
|
||||
* @param string $username
|
||||
* @param array $groups
|
||||
* @param array $userGroups
|
||||
* @param mixed $section
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
private function match($section, $username, array $groups)
|
||||
protected function match($username, $userGroups, $section)
|
||||
{
|
||||
if ($section->users && in_array($username, String::trimSplit($section->users)) === true) {
|
||||
return true;
|
||||
$username = strtolower($username);
|
||||
if (! empty($section->users)) {
|
||||
$users = array_map('strtolower', String::trimSplit($section->users));
|
||||
if (in_array($username, $users)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if ($section->groups && count(array_intersect(String::trimSplit($section->groups), $groups)) > 0) {
|
||||
return true;
|
||||
if (! empty($section->groups)) {
|
||||
$groups = array_map('strtolower', String::trimSplit($section->groups));
|
||||
foreach ($userGroups as $userGroup) {
|
||||
if (in_array(strtolower($userGroup), $groups)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve permissions
|
||||
* Get user permissions
|
||||
*
|
||||
* @param string $username
|
||||
* @param array $groups
|
||||
* @param User $user
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getPermissions($username, array $groups)
|
||||
public function getPermissions(User $user)
|
||||
{
|
||||
$permissions = array();
|
||||
try {
|
||||
$config = Config::app('permissions');
|
||||
} catch (NotReadableError $e) {
|
||||
Logger::error(
|
||||
'Can\'t get permissions for user \'%s\'. An exception was thrown:',
|
||||
$user->getUsername(),
|
||||
$e
|
||||
);
|
||||
return $permissions;
|
||||
}
|
||||
$username = $user->getUsername();
|
||||
$userGroups = $user->getGroups();
|
||||
foreach ($config as $section) {
|
||||
if ($this->match($section, $username, $groups) && isset($section->permissions)) {
|
||||
$permissions += String::trimSplit($section->permissions);
|
||||
if (! empty($section->permissions)
|
||||
&& $this->match($username, $userGroups, $section)
|
||||
) {
|
||||
$permissions = array_merge(
|
||||
$permissions,
|
||||
array_diff(String::trimSplit($section->permissions), $permissions)
|
||||
);
|
||||
}
|
||||
}
|
||||
return $permissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve restrictions
|
||||
* Get user restrictions
|
||||
*
|
||||
* @param $username
|
||||
* @param array $groups
|
||||
* @param User $user
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function getRestrictions($username, array $groups)
|
||||
public function getRestrictions(User $user)
|
||||
{
|
||||
$restrictions = array();
|
||||
try {
|
||||
$config = Config::app('restrictions');
|
||||
} catch (NotReadableError $e) {
|
||||
Logger::error(
|
||||
'Can\'t get restrictions for user \'%s\'. An exception was thrown:',
|
||||
$user->getUsername(),
|
||||
$e
|
||||
);
|
||||
return $restrictions;
|
||||
}
|
||||
foreach ($config as $name => $section) {
|
||||
if ($this->match($section, $username, $groups)) {
|
||||
if (!array_key_exists($section->name, $restrictions)) {
|
||||
$restrictions[$section->name] = array();
|
||||
}
|
||||
$restrictions[$section->name][$name] = $section->restriction;
|
||||
$username = $user->getUsername();
|
||||
$userGroups = $user->getGroups();
|
||||
foreach ($config as $section) {
|
||||
if (! empty($section->restriction)
|
||||
&& $this->match($username, $userGroups, $section)
|
||||
) {
|
||||
$restrictions = array_merge(
|
||||
$restrictions,
|
||||
array_diff(String::trimSplit($section->restriction), $restrictions)
|
||||
);
|
||||
}
|
||||
}
|
||||
return $restrictions;
|
||||
|
Loading…
x
Reference in New Issue
Block a user