2016-12-09 03:58:00 -05:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Icinga\Module\Businessprocess;
|
|
|
|
|
|
|
|
|
|
use Icinga\Application\Icinga;
|
|
|
|
|
use Icinga\Authentication\Auth;
|
|
|
|
|
use Icinga\Exception\ProgrammingError;
|
|
|
|
|
use Icinga\User;
|
|
|
|
|
|
|
|
|
|
class Metadata
|
|
|
|
|
{
|
2017-01-11 08:04:45 -05:00
|
|
|
/** @var string Configuration name */
|
2016-12-09 08:17:25 -05:00
|
|
|
protected $name;
|
|
|
|
|
|
2016-12-09 03:58:00 -05:00
|
|
|
protected $properties = array(
|
|
|
|
|
'Title' => null,
|
|
|
|
|
'Description' => null,
|
|
|
|
|
'Owner' => null,
|
|
|
|
|
'AllowedUsers' => null,
|
|
|
|
|
'AllowedGroups' => null,
|
|
|
|
|
'AllowedRoles' => null,
|
2016-12-09 08:17:25 -05:00
|
|
|
'AddToMenu' => null,
|
2016-12-09 03:58:00 -05:00
|
|
|
'Backend' => null,
|
|
|
|
|
'Statetype' => null,
|
2018-12-17 08:45:01 -05:00
|
|
|
'ManualOrder' => null,
|
2016-12-09 03:58:00 -05:00
|
|
|
// 'SLAHosts' => null
|
|
|
|
|
);
|
|
|
|
|
|
2016-12-09 08:17:25 -05:00
|
|
|
public function __construct($name)
|
|
|
|
|
{
|
|
|
|
|
$this->name = $name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getTitle()
|
|
|
|
|
{
|
|
|
|
|
if ($this->has('Title')) {
|
|
|
|
|
return $this->get('Title');
|
|
|
|
|
} else {
|
|
|
|
|
return $this->name;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getExtendedTitle()
|
|
|
|
|
{
|
|
|
|
|
$title = $this->getTitle();
|
|
|
|
|
|
|
|
|
|
if ($title === $this->name) {
|
|
|
|
|
return $title;
|
|
|
|
|
} else {
|
2016-12-23 06:47:43 -05:00
|
|
|
return sprintf('%s (%s)', $title, $this->name);
|
2016-12-09 08:17:25 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 03:58:00 -05:00
|
|
|
public function getProperties()
|
|
|
|
|
{
|
|
|
|
|
return $this->properties;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function hasKey($key)
|
|
|
|
|
{
|
|
|
|
|
return array_key_exists($key, $this->properties);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function get($key, $default = null)
|
|
|
|
|
{
|
|
|
|
|
$this->assertKeyExists($key);
|
|
|
|
|
if ($this->properties[$key] === null) {
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->properties[$key];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function set($key, $value)
|
|
|
|
|
{
|
|
|
|
|
$this->assertKeyExists($key);
|
|
|
|
|
$this->properties[$key] = $value;
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isNull($key)
|
|
|
|
|
{
|
|
|
|
|
return null === $this->get($key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function has($key)
|
|
|
|
|
{
|
|
|
|
|
return null !== $this->get($key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function assertKeyExists($key)
|
|
|
|
|
{
|
|
|
|
|
if (! $this->hasKey($key)) {
|
|
|
|
|
throw new ProgrammingError('Trying to access invalid header key: %s', $key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function hasRestrictions()
|
|
|
|
|
{
|
|
|
|
|
return ! (
|
|
|
|
|
$this->isNull('AllowedUsers')
|
|
|
|
|
&& $this->isNull('AllowedGroups')
|
|
|
|
|
&& $this->isNull('AllowedRoles')
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function getAuth()
|
|
|
|
|
{
|
|
|
|
|
return Auth::getInstance();
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 08:17:25 -05:00
|
|
|
public function canModify(Auth $auth = null)
|
|
|
|
|
{
|
|
|
|
|
if ($auth === null) {
|
|
|
|
|
if (Icinga::app()->isCli()) {
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
$auth = $this->getAuth();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->canRead($auth) && (
|
|
|
|
|
$auth->hasPermission('businessprocess/modify')
|
|
|
|
|
|| $this->ownerIs($auth->getUser()->getUsername())
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function canRead(Auth $auth = null)
|
2016-12-09 03:58:00 -05:00
|
|
|
{
|
|
|
|
|
if ($auth === null) {
|
|
|
|
|
if (Icinga::app()->isCli()) {
|
|
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
$auth = $this->getAuth();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-18 07:43:06 -05:00
|
|
|
if ($auth->hasPermission('businessprocess/showall')) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-08 10:05:06 -05:00
|
|
|
$prefixes = $auth->getRestrictions('businessprocess/prefix');
|
|
|
|
|
if (! empty($prefixes)) {
|
|
|
|
|
if (! $this->nameIsPrefixedWithOneOf($prefixes)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 03:58:00 -05:00
|
|
|
if (! $this->hasRestrictions()) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! $auth->isAuthenticated()) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 08:17:25 -05:00
|
|
|
return $this->userCanRead($auth->getUser());
|
2016-12-09 03:58:00 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-08 10:05:06 -05:00
|
|
|
public function nameIsPrefixedWithOneOf(array $prefixes)
|
|
|
|
|
{
|
|
|
|
|
foreach ($prefixes as $prefix) {
|
|
|
|
|
if (substr($this->name, 0, strlen($prefix)) === $prefix) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 08:17:25 -05:00
|
|
|
protected function userCanRead(User $user)
|
2016-12-09 03:58:00 -05:00
|
|
|
{
|
|
|
|
|
$username = $user->getUsername();
|
|
|
|
|
|
|
|
|
|
return $this->ownerIs($username)
|
|
|
|
|
|| $this->isInAllowedUserList($username)
|
|
|
|
|
|| $this->isMemberOfAllowedGroups($user)
|
|
|
|
|
|| $this->hasOneOfTheAllowedRoles($user);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function ownerIs($username)
|
|
|
|
|
{
|
|
|
|
|
return $this->get('Owner') === $username;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function listAllowedUsers()
|
|
|
|
|
{
|
|
|
|
|
// TODO: $this->get('AllowedUsers', array());
|
|
|
|
|
$list = $this->get('AllowedUsers');
|
|
|
|
|
if ($list === null) {
|
|
|
|
|
return array();
|
|
|
|
|
} else {
|
|
|
|
|
return $this->splitCommaSeparated($list);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function listAllowedGroups()
|
|
|
|
|
{
|
|
|
|
|
$list = $this->get('AllowedGroups');
|
|
|
|
|
if ($list === null) {
|
|
|
|
|
return array();
|
|
|
|
|
} else {
|
|
|
|
|
return $this->splitCommaSeparated($list);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function listAllowedRoles()
|
|
|
|
|
{
|
|
|
|
|
$list = $this->get('AllowedRoles');
|
|
|
|
|
if ($list === null) {
|
|
|
|
|
return array();
|
|
|
|
|
} else {
|
|
|
|
|
return $this->splitCommaSeparated($list);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isInAllowedUserList($username)
|
|
|
|
|
{
|
|
|
|
|
foreach ($this->listAllowedUsers() as $allowedUser) {
|
|
|
|
|
if ($username === $allowedUser) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isMemberOfAllowedGroups(User $user)
|
|
|
|
|
{
|
2017-01-27 15:04:22 -05:00
|
|
|
foreach ($this->listAllowedGroups() as $group) {
|
|
|
|
|
if ($user->isMemberOf($group)) {
|
|
|
|
|
return true;
|
2016-12-09 03:58:00 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function hasOneOfTheAllowedRoles(User $user)
|
|
|
|
|
{
|
2017-02-17 12:49:17 -05:00
|
|
|
foreach ($this->listAllowedRoles() as $roleName) {
|
|
|
|
|
foreach ($user->getRoles() as $role) {
|
|
|
|
|
if ($role->getName() === $roleName) {
|
|
|
|
|
return true;
|
2016-12-09 03:58:00 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-17 08:45:01 -05:00
|
|
|
public function isManuallyOrdered()
|
|
|
|
|
{
|
|
|
|
|
return $this->get('ManualOrder') === 'yes';
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-09 03:58:00 -05:00
|
|
|
protected function splitCommaSeparated($string)
|
|
|
|
|
{
|
|
|
|
|
return preg_split('/\s*,\s*/', $string, -1, PREG_SPLIT_NO_EMPTY);
|
|
|
|
|
}
|
|
|
|
|
}
|
