1 files changed, 84 insertions, 0 deletions
diff --git a/library/Director/Restriction/ObjectRestriction.php b/library/Director/Restriction/ObjectRestriction.php
new file mode 100644
index 0000000..9161ebb
--- /dev/null
+++ b/library/Director/Restriction/ObjectRestriction.php
@@ -0,0 +1,84 @@
+<?php
+
+namespace Icinga\Module\Director\Restriction;
+
+use Icinga\Authentication\Auth;
+use Icinga\Exception\ProgrammingError;
+use Icinga\Module\Director\Db;
+use Icinga\Module\Director\Objects\IcingaObject;
+use Zend_Db_Select as ZfSelect;
+
+abstract class ObjectRestriction
+{
+    /** @var string */
+    protected $name;
+
+    /** @var \Zend_Db_Adapter_Abstract */
+    protected $db;
+
+    /** @var Auth */
+    protected $auth;
+
+    public function __construct(Db $connection, Auth $auth)
+    {
+        $this->db = $connection->getDbAdapter();
+        $this->auth = $auth;
+    }
+
+    abstract public function allows(IcingaObject $object);
+
+    /**
+     * Apply the restriction to the given Hosts Query
+     *
+     * We assume that the query wants to fetch hosts and that therefore the
+     * icinga_host table already exists in the given query, using the $tableAlias
+     * alias.
+     *
+     * @param ZfSelect $query
+     * @param string $tableAlias
+     */
+    abstract protected function filterQuery(ZfSelect $query, $tableAlias = 'o');
+
+    public function applyToQuery(ZfSelect $query, $tableAlias = 'o')
+    {
+        if ($this->isRestricted()) {
+            $this->filterQuery($query, $tableAlias);
+        }
+
+        return $query;
+    }
+
+    public function getName()
+    {
+        if ($this->name === null) {
+            throw new ProgrammingError('ObjectRestriction has no name');
+        }
+
+        return $this->name;
+    }
+
+    public function isRestricted()
+    {
+        $restrictions = $this->auth->getRestrictions($this->getName());
+        return ! empty($restrictions);
+    }
+
+    protected function getQueryTableByAlias(ZfSelect $query, $tableAlias)
+    {
+        $from = $query->getPart(ZfSelect::FROM);
+        if (! array_key_exists($tableAlias, $from)) {
+            throw new ProgrammingError(
+                'Cannot restrict query with alias "%s", got %s',
+                $tableAlias,
+                json_encode($from)
+            );
+        }
+
+        return $from[$tableAlias]['tableName'];
+    }
+
+    protected function gracefullySplitOnComma($string)
+    {
+        return preg_split('/\s*,\s*/', $string, -1, PREG_SPLIT_NO_EMPTY);
+    }
+}