tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AdmissionLoader: set the roles of the user 

refs #10887
This commit is contained in:
Alexander A. Klimov 2016-03-24 16:24:24 +01:00
parent 57ce39834d
commit df0d3aaf1e
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
library/Icinga/Authentication/AdmissionLoader.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Authentication;
use Icinga\Application\Config; use Icinga\Application\Config;
use Icinga\Application\Logger; use Icinga\Application\Logger;
use Icinga\Authentication\Role;
use Icinga\Exception\NotReadableError; use Icinga\Exception\NotReadableError;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\User; use Icinga\User;
@ -63,11 +64,13 @@ class AdmissionLoader
return; return;
} }
$userGroups = $user->getGroups(); $userGroups = $user->getGroups();
foreach ($roles as $role) { $roleObjs = array();
foreach ($roles as $roleName => $role) {
if ($this->match($username, $userGroups, $role)) { if ($this->match($username, $userGroups, $role)) {
$permissionsFromRole = StringHelper::trimSplit($role->permissions);
$permissions = array_merge( $permissions = array_merge(
$permissions, $permissions,
array_diff(StringHelper::trimSplit($role->permissions), $permissions) array_diff($permissionsFromRole, $permissions)
); );
$restrictionsFromRole = $role->toArray(); $restrictionsFromRole = $role->toArray();
unset($restrictionsFromRole['users']); unset($restrictionsFromRole['users']);
@ -79,10 +82,16 @@ class AdmissionLoader
} }
$restrictions[$name][] = $restriction; $restrictions[$name][] = $restriction;
} }
$roleObj = new Role();
$roleObjs[] = $roleObj
->setName($roleName)
->setPermissions($permissionsFromRole)
->setRestrictions($restrictionsFromRole);
} }
} }
$user->setPermissions($permissions); $user->setPermissions($permissions);
$user->setRestrictions($restrictions); $user->setRestrictions($restrictions);
// $user->setRoles($roles); $user->setRoles($roleObjs);
} }
} }