Utilize Auth::isGrantedOn() where appropriate

Icinga · Jan 29, 2021 · 45aec8c · 45aec8c
1 parent 75227aa
commit 45aec8c
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 22 deletions.
diff --git a/library/Icingadb/Common/CommandActions.php b/library/Icingadb/Common/CommandActions.php
@@ -33,6 +33,7 @@
 /**
  * Trait CommandActions
  *
+ * @todo Handle `Auth::isGrantedOn` for each object separately in a command's form
  * @method mixed fetchCommandTargets() Fetch command targets, \ipl\Orm\Query or \ipl\Orm\Model[]
  * @method object getFeatureStatus() Get status of toggleable features
  * @method Url getCommandTargetsUrl() Get url to view command targets, used as redirection target

diff --git a/library/Icingadb/Widget/Detail/CommentDetail.php b/library/Icingadb/Widget/Detail/CommentDetail.php
@@ -108,7 +108,7 @@ protected function assemble()
             $this->add($details);
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/comment/delete')) {
+        if ($this->isGrantedOn('monitoring/command/comment/delete', $this->comment)) {
             $this->add($this->createRemoveCommentForm());
         }
     }

diff --git a/library/Icingadb/Widget/Detail/DowntimeDetail.php b/library/Icingadb/Widget/Detail/DowntimeDetail.php
@@ -154,7 +154,7 @@ protected function assemble()
         $this->add(Html::tag('h2', t('Progress')));
         $this->add($this->createTimeline());
 
-        if ($this->getAuth()->hasPermission('monitoring/command/downtime/delete')) {
+        if ($this->isGrantedOn('monitoring/command/downtime/delete', $this->downtime)) {
             $this->add($this->createCancelDowntimeForm());
         }
     }

diff --git a/library/Icingadb/Widget/Detail/MultiselectQuickActions.php b/library/Icingadb/Widget/Detail/MultiselectQuickActions.php
@@ -41,7 +41,11 @@ protected function assemble()
 
         if (
             $this->summary->$unacknowledged > $this->summary->$acks
-            && $this->getAuth()->hasPermission('monitoring/command/acknowledge-problem')
+            && $this->isGrantedOnType(
+                'monitoring/command/acknowledge-problem',
+                $this->type,
+                $this->getBaseFilter()
+            )
         ) {
             $this->assembleAction(
                 'acknowledge',
@@ -53,7 +57,11 @@ protected function assemble()
 
         if (
             $this->summary->$acks > 0
-            && $this->getAuth()->hasPermission('monitoring/command/remove-acknowledgement')
+            && $this->isGrantedOnType(
+                'monitoring/command/remove-acknowledgement',
+                $this->type,
+                $this->getBaseFilter()
+            )
         ) {
             $removeAckForm = (new RemoveAcknowledgementCommandForm())
                 ->setAction($this->getLink('removeAcknowledgement'))
@@ -64,10 +72,14 @@ protected function assemble()
         }
 
         if (
-            $this->getAuth()->hasPermission('monitoring/command/schedule-check')
+            $this->isGrantedOnType('monitoring/command/schedule-check', $this->type, $this->getBaseFilter())
             || (
                 $this->summary->$activeChecks > 0
-                && $this->getAuth()->hasPermission('monitoring/command/schedule-check/active-only')
+                && $this->isGrantedOnType(
+                    'monitoring/command/schedule-check/active-only',
+                    $this->type,
+                    $this->getBaseFilter()
+                )
             )
         ) {
             $checkNowForm = (new CheckNowCommandForm())
@@ -76,7 +88,7 @@ protected function assemble()
             $this->add(Html::tag('li', new HtmlString($checkNowForm->render())));
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/comment/add')) {
+        if ($this->isGrantedOnType('monitoring/command/comment/add', $this->type, $this->getBaseFilter())) {
             $this->assembleAction(
                 'addComment',
                 t('Comment'),
@@ -85,7 +97,13 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/send-custom-notification')) {
+        if (
+            $this->isGrantedOnType(
+                'monitoring/command/send-custom-notification',
+                $this->type,
+                $this->getBaseFilter()
+            )
+        ) {
             $this->assembleAction(
                 'sendCustomNotification',
                 t('Notification'),
@@ -94,7 +112,7 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/downtime/schedule')) {
+        if ($this->isGrantedOnType('monitoring/command/downtime/schedule', $this->type, $this->getBaseFilter())) {
             $this->assembleAction(
                 'scheduleDowntime',
                 t('Downtime'),
@@ -104,10 +122,14 @@ protected function assemble()
         }
 
         if (
-            $this->getAuth()->hasPermission('monitoring/command/schedule-check')
+            $this->isGrantedOnType('monitoring/command/schedule-check', $this->type, $this->getBaseFilter())
             || (
                 $this->summary->$activeChecks > 0
-                && $this->getAuth()->hasPermission('monitoring/command/schedule-check/active-only')
+                && $this->isGrantedOnType(
+                    'monitoring/command/schedule-check/active-only',
+                    $this->type,
+                    $this->getBaseFilter()
+                )
             )
         ) {
             $this->assembleAction(
@@ -118,7 +140,7 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/process-check-result')) {
+        if ($this->isGrantedOnType('monitoring/command/process-check-result', $this->type, $this->getBaseFilter())) {
             $this->assembleAction(
                 'processCheckresult',
                 t('Process check result'),

diff --git a/library/Icingadb/Widget/Detail/QuickActions.php b/library/Icingadb/Widget/Detail/QuickActions.php
@@ -36,15 +36,15 @@ protected function assemble()
     {
         if ($this->object->state->is_problem) {
             if ($this->object->state->is_acknowledged) {
-                if ($this->getAuth()->hasPermission('monitoring/command/remove-acknowledgement')) {
+                if ($this->isGrantedOn('monitoring/command/remove-acknowledgement', $this->object)) {
                     $removeAckForm = (new RemoveAcknowledgementCommandForm())
                         ->setAction($this->getLink('removeAcknowledgement'))
                         ->setLabelEnabled(true)
                         ->setObjects([true]);
 
                     $this->add(Html::tag('li', new HtmlString($removeAckForm->render())));
                 }
-            } elseif ($this->getAuth()->hasPermission('monitoring/command/acknowledge-problem')) {
+            } elseif ($this->isGrantedOn('monitoring/command/acknowledge-problem', $this->object)) {
                 $this->assembleAction(
                     'acknowledge',
                     t('Acknowledge'),
@@ -55,10 +55,10 @@ protected function assemble()
         }
 
         if (
-            $this->getAuth()->hasPermission('monitoring/command/schedule-check')
+            $this->isGrantedOn('monitoring/command/schedule-check', $this->object)
             || (
                 $this->object->active_checks_enabled
-                && $this->getAuth()->hasPermission('monitoring/command/schedule-check/active-only')
+                && $this->isGrantedOn('monitoring/command/schedule-check/active-only', $this->object)
             )
         ) {
             $checkNowForm = (new CheckNowCommandForm())
@@ -67,7 +67,7 @@ protected function assemble()
             $this->add(Html::tag('li', new HtmlString($checkNowForm->render())));
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/comment/add')) {
+        if ($this->isGrantedOn('monitoring/command/comment/add', $this->object)) {
             $this->assembleAction(
                 'addComment',
                 t('Comment', 'verb'),
@@ -76,7 +76,7 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/send-custom-notification')) {
+        if ($this->isGrantedOn('monitoring/command/send-custom-notification', $this->object)) {
             $this->assembleAction(
                 'sendCustomNotification',
                 t('Notification'),
@@ -85,7 +85,7 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/downtime/schedule')) {
+        if ($this->isGrantedOn('monitoring/command/downtime/schedule', $this->object)) {
             $this->assembleAction(
                 'scheduleDowntime',
                 t('Downtime'),
@@ -95,10 +95,10 @@ protected function assemble()
         }
 
         if (
-            $this->getAuth()->hasPermission('monitoring/command/schedule-check')
+            $this->isGrantedOn('monitoring/command/schedule-check', $this->object)
             || (
                 $this->object->active_checks_enabled
-                && $this->getAuth()->hasPermission('monitoring/command/schedule-check/active-only')
+                && $this->isGrantedOn('monitoring/command/schedule-check/active-only', $this->object)
             )
         ) {
             $this->assembleAction(
@@ -109,7 +109,7 @@ protected function assemble()
             );
         }
 
-        if ($this->getAuth()->hasPermission('monitoring/command/process-check-result')) {
+        if ($this->isGrantedOn('monitoring/command/process-check-result', $this->object)) {
             $this->assembleAction(
                 'processCheckresult',
                 t('Process check result'),