mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-24 06:14:25 +02:00
Use lowercase username and user groups for loading user permissions and restrictions
This commit is contained in:
Eric Lippmann
parent
53608c83d0
commit
cee261bf7e
@ -6,6 +6,7 @@ namespace Icinga\Authentication;
|
|||||||
|
|
||||||
use Icinga\Application\Config;
|
use Icinga\Application\Config;
|
||||||
use Icinga\Exception\NotReadableError;
|
use Icinga\Exception\NotReadableError;
|
||||||
|
use Icinga\User;
|
||||||
use Icinga\Util\String;
|
use Icinga\Util\String;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -14,73 +15,97 @@ use Icinga\Util\String;
|
|||||||
class AdmissionLoader
|
class AdmissionLoader
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Match against groups
|
|
||||||
*
|
|
||||||
* @param string $section
|
|
||||||
* @param string $username
|
* @param string $username
|
||||||
* @param array $groups
|
* @param array $userGroups
|
||||||
|
* @param mixed $section
|
||||||
*
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
private function match($section, $username, array $groups)
|
protected function match($username, $userGroups, $section)
|
||||||
{
|
{
|
||||||
if ($section->users && in_array($username, String::trimSplit($section->users)) === true) {
|
$username = strtolower($username);
|
||||||
return true;
|
if (! empty($section->users)) {
|
||||||
|
$users = array_map('strtolower', String::trimSplit($section->users));
|
||||||
|
if (in_array($username, $users)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
if (! empty($section->groups)) {
|
||||||
if ($section->groups && count(array_intersect(String::trimSplit($section->groups), $groups)) > 0) {
|
$groups = array_map('strtolower', String::trimSplit($section->groups));
|
||||||
return true;
|
foreach ($userGroups as $userGroup) {
|
||||||
|
if (in_array(strtolower($userGroup), $groups)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve permissions
|
* Get user permissions
|
||||||
*
|
*
|
||||||
* @param string $username
|
* @param User $user
|
||||||
* @param array $groups
|
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getPermissions($username, array $groups)
|
public function getPermissions(User $user)
|
||||||
{
|
{
|
||||||
$permissions = array();
|
$permissions = array();
|
||||||
try {
|
try {
|
||||||
$config = Config::app('permissions');
|
$config = Config::app('permissions');
|
||||||
} catch (NotReadableError $e) {
|
} catch (NotReadableError $e) {
|
||||||
|
Logger::error(
|
||||||
|
'Can\'t get permissions for user \'%s\'. An exception was thrown:',
|
||||||
|
$user->getUsername(),
|
||||||
|
$e
|
||||||
|
);
|
||||||
return $permissions;
|
return $permissions;
|
||||||
}
|
}
|
||||||
|
$username = $user->getUsername();
|
||||||
|
$userGroups = $user->getGroups();
|
||||||
foreach ($config as $section) {
|
foreach ($config as $section) {
|
||||||
if ($this->match($section, $username, $groups) && isset($section->permissions)) {
|
if (! empty($section->permissions)
|
||||||
$permissions += String::trimSplit($section->permissions);
|
&& $this->match($username, $userGroups, $section)
|
||||||
|
) {
|
||||||
|
$permissions = array_merge(
|
||||||
|
$permissions,
|
||||||
|
array_diff(String::trimSplit($section->permissions), $permissions)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $permissions;
|
return $permissions;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve restrictions
|
* Get user restrictions
|
||||||
*
|
*
|
||||||
* @param $username
|
* @param User $user
|
||||||
* @param array $groups
|
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function getRestrictions($username, array $groups)
|
public function getRestrictions(User $user)
|
||||||
{
|
{
|
||||||
$restrictions = array();
|
$restrictions = array();
|
||||||
try {
|
try {
|
||||||
$config = Config::app('restrictions');
|
$config = Config::app('restrictions');
|
||||||
} catch (NotReadableError $e) {
|
} catch (NotReadableError $e) {
|
||||||
|
Logger::error(
|
||||||
|
'Can\'t get restrictions for user \'%s\'. An exception was thrown:',
|
||||||
|
$user->getUsername(),
|
||||||
|
$e
|
||||||
|
);
|
||||||
return $restrictions;
|
return $restrictions;
|
||||||
}
|
}
|
||||||
foreach ($config as $name => $section) {
|
$username = $user->getUsername();
|
||||||
if ($this->match($section, $username, $groups)) {
|
$userGroups = $user->getGroups();
|
||||||
if (!array_key_exists($section->name, $restrictions)) {
|
foreach ($config as $section) {
|
||||||
$restrictions[$section->name] = array();
|
if (! empty($section->restriction)
|
||||||
}
|
&& $this->match($username, $userGroups, $section)
|
||||||
$restrictions[$section->name][$name] = $section->restriction;
|
) {
|
||||||
|
$restrictions = array_merge(
|
||||||
|
$restrictions,
|
||||||
|
array_diff(String::trimSplit($section->restriction), $restrictions)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $restrictions;
|
return $restrictions;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user