Use lowercase username and user groups for loading user permissions and restrictions

This commit is contained in:
Eric Lippmann 2014-10-20 13:36:37 +02:00
parent 53608c83d0
commit cee261bf7e

View File

@ -6,6 +6,7 @@ namespace Icinga\Authentication;
use Icinga\Application\Config;
use Icinga\Exception\NotReadableError;
use Icinga\User;
use Icinga\Util\String;
/**
@ -14,73 +15,97 @@ use Icinga\Util\String;
class AdmissionLoader
{
/**
* Match against groups
*
* @param string $section
* @param string $username
* @param array $groups
* @param array $userGroups
* @param mixed $section
*
* @return bool
*/
private function match($section, $username, array $groups)
protected function match($username, $userGroups, $section)
{
if ($section->users && in_array($username, String::trimSplit($section->users)) === true) {
return true;
$username = strtolower($username);
if (! empty($section->users)) {
$users = array_map('strtolower', String::trimSplit($section->users));
if (in_array($username, $users)) {
return true;
}
}
if ($section->groups && count(array_intersect(String::trimSplit($section->groups), $groups)) > 0) {
return true;
if (! empty($section->groups)) {
$groups = array_map('strtolower', String::trimSplit($section->groups));
foreach ($userGroups as $userGroup) {
if (in_array(strtolower($userGroup), $groups)) {
return true;
}
}
}
return false;
}
/**
* Retrieve permissions
* Get user permissions
*
* @param string $username
* @param array $groups
* @param User $user
*
* @return array
*/
public function getPermissions($username, array $groups)
public function getPermissions(User $user)
{
$permissions = array();
try {
$config = Config::app('permissions');
} catch (NotReadableError $e) {
Logger::error(
'Can\'t get permissions for user \'%s\'. An exception was thrown:',
$user->getUsername(),
$e
);
return $permissions;
}
$username = $user->getUsername();
$userGroups = $user->getGroups();
foreach ($config as $section) {
if ($this->match($section, $username, $groups) && isset($section->permissions)) {
$permissions += String::trimSplit($section->permissions);
if (! empty($section->permissions)
&& $this->match($username, $userGroups, $section)
) {
$permissions = array_merge(
$permissions,
array_diff(String::trimSplit($section->permissions), $permissions)
);
}
}
return $permissions;
}
/**
* Retrieve restrictions
* Get user restrictions
*
* @param $username
* @param array $groups
* @param User $user
*
* @return array
*/
public function getRestrictions($username, array $groups)
public function getRestrictions(User $user)
{
$restrictions = array();
try {
$config = Config::app('restrictions');
} catch (NotReadableError $e) {
Logger::error(
'Can\'t get restrictions for user \'%s\'. An exception was thrown:',
$user->getUsername(),
$e
);
return $restrictions;
}
foreach ($config as $name => $section) {
if ($this->match($section, $username, $groups)) {
if (!array_key_exists($section->name, $restrictions)) {
$restrictions[$section->name] = array();
}
$restrictions[$section->name][$name] = $section->restriction;
$username = $user->getUsername();
$userGroups = $user->getGroups();
foreach ($config as $section) {
if (! empty($section->restriction)
&& $this->match($username, $userGroups, $section)
) {
$restrictions = array_merge(
$restrictions,
array_diff(String::trimSplit($section->restriction), $restrictions)
);
}
}
return $restrictions;