blob: 874cddde0fb5fd1ea9e0285c67c6fefe9a55d2b7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?php
namespace Icinga\Module\Director\Integration\Icingadb;
use Icinga\Module\Director\Auth\Permission;
use Icinga\Module\Director\Auth\Restriction;
use Icinga\Module\Director\Integration\BackendInterface;
use Icinga\Module\Icingadb\Common\Auth;
use Icinga\Module\Icingadb\Common\Database;
use Icinga\Module\Icingadb\Model\Host;
use Icinga\Module\Icingadb\Model\Service;
use Icinga\Web\Url;
use ipl\Orm\Query;
use ipl\Stdlib\Filter;
class IcingadbBackend implements BackendInterface
{
use Database;
use Auth;
public function hasHost(?string $hostName): bool
{
if ($hostName === null) {
return false;
}
return $this->getHostQuery($hostName)->first() !== null;
}
public function hasService(?string $hostName, ?string $serviceName): bool
{
if ($hostName === null || $serviceName === null) {
return false;
}
return $this->getServiceQuery($hostName, $serviceName)->first() !== null;
}
public function getHostUrl(?string $hostName): ?Url
{
if ($hostName === null) {
return null;
}
return Url::fromPath('icingadb/host', ['name' => $hostName]);
}
public function canModifyHost(?string $hostName): bool
{
if ($hostName === null
|| ! $this->getAuth()->hasPermission(Permission::ICINGADB_HOSTS)
) {
return false;
}
$query = $this->getHostQuery($hostName);
return $query->first() !== null;
}
public function canModifyService(?string $hostName, ?string $serviceName): bool
{
if ($hostName === null
|| $serviceName === null
|| ! $this->getAuth()->hasPermission(Permission::ICINGADB_SERVICES)
) {
return false;
}
$query = $this->getServiceQuery($hostName, $serviceName);
return $query->first() !== null;
}
/**
* Get the query for given host
*
* @param string $hostName
*
* @return Query
*/
protected function getHostQuery(string $hostName): Query
{
$query = Host::on($this->getDb())
->filter(Filter::equal('host.name', $hostName));
$this->applyDirectorRestrictions($query);
return $query;
}
/**
* Get the query for given host and service
*
* @param string $hostName
* @param string $serviceName
*
* @return Query
*/
protected function getServiceQuery(string $hostName, string $serviceName): Query
{
$query = Service::on($this->getDb())
->filter(Filter::all(
Filter::equal('service.name', $serviceName),
Filter::equal('host.name', $hostName)
));
$this->applyDirectorRestrictions($query);
return $query;
}
/**
* Apply director restrictions on the given query
*
* @param Query $query
*/
protected function applyDirectorRestrictions(Query $query): void
{
$queryFilter = Filter::any();
foreach ($this->getAuth()->getRestrictions(Restriction::ICINGADB_RW_OBJECT_FILTER) as $restriction) {
$queryFilter->add($this->parseRestriction($restriction, Restriction::ICINGADB_RW_OBJECT_FILTER));
}
$query->filter($queryFilter);
}
}
|