diff options
Diffstat (limited to 'library/Icinga/User.php')
-rw-r--r-- | library/Icinga/User.php | 649 |
1 files changed, 649 insertions, 0 deletions
diff --git a/library/Icinga/User.php b/library/Icinga/User.php new file mode 100644 index 0000000..8610dd0 --- /dev/null +++ b/library/Icinga/User.php @@ -0,0 +1,649 @@ +<?php +/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */ + +namespace Icinga; + +use DateTimeZone; +use Icinga\Authentication\AdmissionLoader; +use InvalidArgumentException; +use Icinga\Application\Config; +use Icinga\Authentication\Role; +use Icinga\Exception\ProgrammingError; +use Icinga\User\Preferences; +use Icinga\Web\Navigation\Navigation; + +/** + * This class represents an authorized user + * + * You can retrieve authorization information (@TODO: Not implemented yet) or user information + */ +class User +{ + /** + * Firstname + * + * @var string + */ + protected $firstname; + + /** + * Lastname + * + * @var string + */ + protected $lastname; + + /** + * Users email address + * + * @var string + */ + protected $email; + + /** + * {@link username} without {@link domain} + * + * @var string + */ + protected $localUsername; + + /** + * Domain + * + * @var string + */ + protected $domain; + + /** + * More information about this user + * + * @var array + */ + protected $additionalInformation = array(); + + /** + * Information if the user is externally authenticated + * + * Keys: + * + * 0: origin username + * 1: origin field name + * + * @var array + */ + protected $externalUserInformation = array(); + + /** + * Whether restrictions should not apply to this user + * + * @var bool + */ + protected $unrestricted = false; + + /** + * Set of permissions + * + * @var array + */ + protected $permissions = array(); + + /** + * Set of restrictions + * + * @var array + */ + protected $restrictions = array(); + + /** + * Groups for this user + * + * @var array + */ + protected $groups = array(); + + /** + * Roles of this user + * + * @var Role[] + */ + protected $roles = array(); + + /** + * Preferences object + * + * @var Preferences + */ + protected $preferences; + + /** + * Whether the user is authenticated using a HTTP authentication mechanism + * + * @var bool + */ + protected $isHttpUser = false; + + /** + * Creates a user object given the provided information + * + * @param string $username + * @param string $firstname + * @param string $lastname + * @param string $email + */ + public function __construct($username, $firstname = null, $lastname = null, $email = null) + { + $this->setUsername($username); + + if ($firstname !== null) { + $this->setFirstname($firstname); + } + + if ($lastname !== null) { + $this->setLastname($lastname); + } + + if ($email !== null) { + $this->setEmail($email); + } + } + + /** + * Setter for preferences + * + * @param Preferences $preferences + * + * @return $this + */ + public function setPreferences(Preferences $preferences) + { + $this->preferences = $preferences; + return $this; + } + + /** + * Getter for preferences + * + * @return Preferences + */ + public function getPreferences() + { + if ($this->preferences === null) { + $this->preferences = new Preferences(); + } + + return $this->preferences; + } + + /** + * Return all groups this user belongs to + * + * @return array + */ + public function getGroups() + { + return $this->groups; + } + + /** + * Set the groups this user belongs to + * + * @param array $groups + * + * @return $this + */ + public function setGroups(array $groups) + { + $this->groups = $groups; + return $this; + } + + /** + * Return true if the user is a member of this group + * + * @param string $group + * + * @return boolean + */ + public function isMemberOf($group) + { + return in_array($group, $this->groups); + } + + /** + * Get whether restrictions should not apply to this user + * + * @return bool + */ + public function isUnrestricted() + { + return $this->unrestricted; + } + + /** + * Set whether restrictions should not apply to this user + * + * @param bool $state + * + * @return $this + */ + public function setIsUnrestricted($state) + { + $this->unrestricted = (bool) $state; + + return $this; + } + + /** + * Get the user's permissions + * + * @return array + */ + public function getPermissions() + { + return $this->permissions; + } + + /** + * Set the user's permissions + * + * @param array $permissions + * + * @return $this + */ + public function setPermissions(array $permissions) + { + if (! empty($permissions)) { + natcasesort($permissions); + $this->permissions = array_combine($permissions, $permissions); + } + return $this; + } + + /** + * Return restriction information for this user + * + * @param string $name + * + * @return array + */ + public function getRestrictions($name) + { + if (array_key_exists($name, $this->restrictions)) { + return $this->restrictions[$name]; + } + + return array(); + } + + /** + * Set the user's restrictions + * + * @param string[] $restrictions + * + * @return $this + */ + public function setRestrictions(array $restrictions) + { + $this->restrictions = $restrictions; + return $this; + } + + /** + * Get the roles of the user + * + * @return Role[] + */ + public function getRoles() + { + return $this->roles; + } + + /** + * Set the roles of the user + * + * @param Role[] $roles + * + * @return $this + */ + public function setRoles(array $roles) + { + $this->roles = $roles; + return $this; + } + + /** + * Getter for username + * + * @return string + */ + public function getUsername() + { + return $this->domain === null ? $this->localUsername : $this->localUsername . '@' . $this->domain; + } + + /** + * Setter for username + * + * @param string $name + * + * @return $this + */ + public function setUsername($name) + { + $parts = explode('\\', $name, 2); + if (count($parts) === 2) { + list($this->domain, $this->localUsername) = $parts; + } else { + $parts = explode('@', $name, 2); + if (count($parts) === 2) { + list($this->localUsername, $this->domain) = $parts; + } else { + $this->localUsername = $name; + $this->domain = null; + } + } + + return $this; + } + + /** + * Getter for firstname + * + * @return string + */ + public function getFirstname() + { + return $this->firstname; + } + + /** + * Setter for firstname + * + * @param string $name + * + * @return $this + */ + public function setFirstname($name) + { + $this->firstname = $name; + return $this; + } + + /** + * Getter for lastname + * + * @return string + */ + public function getLastname() + { + return $this->lastname; + } + + /** + * Setter for lastname + * + * @param string $name + * + * @return $this + */ + public function setLastname($name) + { + $this->lastname = $name; + return $this; + } + + /** + * Getter for email + * + * @return string + */ + public function getEmail() + { + return $this->email; + } + + /** + * Setter for mail + * + * @param string $mail + * + * @return $this + * + * @throws InvalidArgumentException When an invalid mail is provided + */ + public function setEmail($mail) + { + if ($mail !== null && !filter_var($mail, FILTER_VALIDATE_EMAIL)) { + throw new InvalidArgumentException( + sprintf('Invalid mail given for user %s: %s', $this->getUsername(), $mail) + ); + } + + $this->email = $mail; + return $this; + } + + /** + * Set the domain + * + * @param string $domain + * + * @return $this + */ + public function setDomain($domain) + { + if ($domain && ($domain = trim($domain))) { + $this->domain = $domain; + } + + return $this; + } + + /** + * Get whether the user has a domain + * + * @return bool + */ + public function hasDomain() + { + return $this->domain !== null; + } + + /** + * Get the domain + * + * @return string + * + * @throws ProgrammingError If the user does not have a domain + */ + public function getDomain() + { + if ($this->domain === null) { + throw new ProgrammingError( + 'User does not have a domain.' + . ' Use User::hasDomain() to check whether the user has a domain beforehand.' + ); + } + return $this->domain; + } + + /** + * Get the local username, ie. the username without its domain + * + * @return string + */ + public function getLocalUsername() + { + return $this->localUsername; + } + + /** + * Set additional information about user + * + * @param string $key + * @param string $value + * + * @return $this + */ + public function setAdditional($key, $value) + { + $this->additionalInformation[$key] = $value; + return $this; + } + + /** + * Getter for additional information + * + * @param string $key + * @return mixed|null + */ + public function getAdditional($key) + { + if (isset($this->additionalInformation[$key])) { + return $this->additionalInformation[$key]; + } + + return null; + } + + /** + * Retrieve the user's timezone + * + * If the user did not set a timezone, the default timezone set via config.ini is returned + * + * @return DateTimeZone + */ + public function getTimeZone() + { + $tz = $this->preferences->get('timezone'); + if ($tz === null) { + $tz = date_default_timezone_get(); + } + + return new DateTimeZone($tz); + } + + /** + * Set additional external user information + * + * @param string $username + * @param string $field + * + * @return $this + */ + public function setExternalUserInformation($username, $field) + { + $this->externalUserInformation = array($username, $field); + return $this; + } + + /** + * Get additional external user information + * + * @return array + */ + public function getExternalUserInformation() + { + return $this->externalUserInformation; + } + + /** + * Return true if user has external user information set + * + * @return bool + */ + public function isExternalUser() + { + return ! empty($this->externalUserInformation); + } + + /** + * Get whether the user is authenticated using a HTTP authentication mechanism + * + * @return bool + */ + public function getIsHttpUser() + { + return $this->isHttpUser; + } + + /** + * Set whether the user is authenticated using a HTTP authentication mechanism + * + * @param bool $isHttpUser + * + * @return $this + */ + public function setIsHttpUser($isHttpUser = true) + { + $this->isHttpUser = (bool) $isHttpUser; + return $this; + } + + /** + * Whether the user has a given permission + * + * @param string $requiredPermission + * + * @return bool + */ + public function can($requiredPermission) + { + list($permissions, $refusals) = AdmissionLoader::migrateLegacyPermissions([$requiredPermission]); + if (! empty($permissions)) { + $requiredPermission = array_pop($permissions); + } elseif (! empty($refusals)) { + throw new InvalidArgumentException( + 'Refusals are not supported anymore. Check for a grant instead!' + ); + } + + $granted = false; + foreach ($this->getRoles() as $role) { + if ($role->denies($requiredPermission)) { + return false; + } + + if (! $granted && $role->grants($requiredPermission)) { + $granted = true; + } + } + + return $granted; + } + + /** + * Load and return this user's configured navigation of the given type + * + * @param string $type + * + * @return Navigation + */ + public function getNavigation($type) + { + $config = Config::navigation($type === 'dashboard-pane' ? 'dashlet' : $type, $this->getUsername()); + + if ($type === 'dashboard-pane') { + $panes = array(); + foreach ($config as $dashletName => $dashletConfig) { + // TODO: Throw ConfigurationError if pane or url is missing + $panes[$dashletConfig->pane][$dashletName] = $dashletConfig->url; + } + + $navigation = new Navigation(); + foreach ($panes as $paneName => $dashlets) { + $navigation->addItem( + $paneName, + array( + 'type' => 'dashboard-pane', + 'dashlets' => $dashlets + ) + ); + } + } else { + $navigation = Navigation::fromConfig($config); + } + + return $navigation; + } +} |