From 588542e3045c8f9b5e887f84b2de184a4f20e586 Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Fri, 9 Dec 2016 14:17:25 +0100
Subject: [PATCH] Metadata: simpler auth handling

---
 library/Businessprocess/Metadata.php | 54 ++++++++++++++++++++++++++--
 1 file changed, 51 insertions(+), 3 deletions(-)

diff --git a/library/Businessprocess/Metadata.php b/library/Businessprocess/Metadata.php
index 6efaefd..eba36e7 100644
--- a/library/Businessprocess/Metadata.php
+++ b/library/Businessprocess/Metadata.php
@@ -9,6 +9,8 @@ use Icinga\User;
 
 class Metadata
 {
+    protected $name;
+
     protected $properties = array(
         'Title'         => null,
         'Description'   => null,
@@ -16,11 +18,37 @@ class Metadata
         'AllowedUsers'  => null,
         'AllowedGroups' => null,
         'AllowedRoles'  => null,
+        'AddToMenu'     => null,
         'Backend'       => null,
         'Statetype'     => null,
         // 'SLAHosts'      => null
     );
 
+    public function __construct($name)
+    {
+        $this->name = $name;
+    }
+
+    public function getTitle()
+    {
+        if ($this->has('Title')) {
+            return $this->get('Title');
+        } else {
+            return $this->name;
+        }
+    }
+
+    public function getExtendedTitle()
+    {
+        $title = $this->getTitle();
+
+        if ($title === $this->name) {
+            return $title;
+        } else {
+            return sprint('%s (%s)', $title, $this->name);
+        }
+    }
+
     public function getProperties()
     {
         return $this->properties;
@@ -82,7 +110,7 @@ class Metadata
         return Auth::getInstance();
     }
 
-    public function permissionsAreSatisfied(Auth $auth = null)
+    public function canModify(Auth $auth = null)
     {
         if ($auth === null) {
             if (Icinga::app()->isCli()) {
@@ -92,6 +120,26 @@ class Metadata
             }
         }
 
+        return $this->canRead($auth) && (
+            $auth->hasPermission('businessprocess/modify')
+            || $this->ownerIs($auth->getUser()->getUsername())
+        );
+    }
+
+    public function canRead(Auth $auth = null)
+    {
+        if ($auth === null) {
+            if (Icinga::app()->isCli()) {
+                return true;
+            } else {
+                $auth = $this->getAuth();
+            }
+        }
+
+        if ($auth->hasPermission('businessprocess/showall')) {
+            return true;
+        }
+
         if (! $this->hasRestrictions()) {
             return true;
         }
@@ -100,10 +148,10 @@ class Metadata
             return false;
         }
 
-        return $this->userIsAllowed($auth->getUser());
+        return $this->userCanRead($auth->getUser());
     }
 
-    public function userIsAllowed(User $user)
+    protected function userCanRead(User $user)
     {
         $username = $user->getUsername();