tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 14:54:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

User: Consider the shortest wildcard permission more important

Browse Source 
I hope we do not need a fourth attempt to get this right...

fixes #10016
This commit is contained in:
Johannes Meyer 2015-08-27 14:24:04 +02:00
parent eb30ecd776
commit f90f7b1528
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/Icinga/User.php
View File

@ -452,16 +452,19 @@ class User
if (isset($this->permissions['*']) || isset($this->permissions[$requiredPermission])) { if (isset($this->permissions['*']) || isset($this->permissions[$requiredPermission])) {
return true; return true;
} }
// If the permission to check contains a wildcard, grant the permission if any permit related to the permission
// matches $requiredWildcard = strpos($requiredPermission, '*');
$any = strpos($requiredPermission, '*');
foreach ($this->permissions as $grantedPermission) { foreach ($this->permissions as $grantedPermission) {
if ($any !== false) { if ($requiredWildcard !== false) {
$wildcard = $any; if (($grantedWildcard = strpos($grantedPermission, '*')) !== false) {
$wildcard = min($requiredWildcard, $grantedWildcard);
} else {
$wildcard = $requiredWildcard;
}
} else { } else {
// If the permit contains a wildcard, grant the permission if it's related to the permit
$wildcard = strpos($grantedPermission, '*'); $wildcard = strpos($grantedPermission, '*');
} }
if ($wildcard !== false) { if ($wildcard !== false) {
if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) { if (substr($requiredPermission, 0, $wildcard) === substr($grantedPermission, 0, $wildcard)) {
return true; return true;
@ -470,6 +473,7 @@ class User
return true; return true;
} }
} }
return false; return false;
} }
} }