blob: 4aa2bd210dc0ba0cc24a352bc6669b449e69dafc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
<?php
namespace Icinga\Module\Director;
use Icinga\Authentication\Auth;
use Icinga\Authentication\Role;
use Icinga\Exception\AuthenticationException;
class Acl
{
/** @var Auth */
protected $auth;
/** @var self */
private static $instance;
/**
* @return self
*/
public static function instance()
{
if (self::$instance === null) {
self::$instance = new static(Auth::getInstance());
}
return self::$instance;
}
/**
* Acl constructor
*
* @param Auth $auth
*/
public function __construct(Auth $auth)
{
$this->auth = $auth;
}
/**
* Whether the given permission is available
*
* @param $name
*
* @return bool
*/
public function hasPermission($name)
{
return $this->auth->hasPermission($name);
}
/**
* List all given roles
*
* @return array
*/
public function listRoleNames()
{
return array_map(
array($this, 'getNameForRole'),
$this->getUser()->getRoles()
);
}
/**
* Get our user object, throws auth error if not available
*
* @return \Icinga\User
* @throws AuthenticationException
*/
protected function getUser()
{
if (null === ($user = $this->auth->getUser())) {
throw new AuthenticationException('Authenticated user required');
}
return $user;
}
/**
* Get the name for a given role
*
* @param Role $role
*
* @return string
*/
protected function getNameForRole(Role $role)
{
return $role->getName();
}
}
|
