Introduce native object permissions

application/forms/Command/Instance/ToggleInstanceFeaturesForm.php

@@ -41,7 +41,7 @@ public function __construct($featureStatus)
 
     protected function assembleElements()
     {
-        $disabled = ! $this->getAuth()->hasPermission('monitoring/command/feature/instance');
+        $disabled = ! $this->getAuth()->hasPermission('icingadb/command/feature/instance');
         $decorator = new IcingaFormDecorator();
 
         foreach ($this->features as $feature => $label) {

application/forms/Command/Object/AcknowledgeProblemForm.php

@@ -141,7 +141,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/acknowledge-problem', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/acknowledge-problem', $object)) {
             return null;
         }
 

application/forms/Command/Object/AddCommentForm.php

@@ -95,7 +95,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/comment/add', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/comment/add', $object)) {
             return null;
         }
 

application/forms/Command/Object/CheckNowForm.php

@@ -47,10 +47,10 @@ protected function assembleSubmitButton()
     protected function getCommand(Model $object)
     {
         if (
-            ! $this->isGrantedOn('monitoring/command/schedule-check', $object)
+            ! $this->isGrantedOn('icingadb/command/schedule-check', $object)
             && (
                 ! $object->active_checks_enabled
-                || ! $this->isGrantedOn('monitoring/command/schedule-check/active-only', $object)
+                || ! $this->isGrantedOn('icingadb/command/schedule-check/active-only', $object)
             )
         ) {
             return null;

application/forms/Command/Object/DeleteCommentForm.php

@@ -38,10 +38,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn(
-            'monitoring/command/comment/delete',
-            $object->{$object->object_type}
-        )) {
+        if (! $this->isGrantedOn('icingadb/command/comment/delete', $object->{$object->object_type})) {
             return null;
         }
 

application/forms/Command/Object/DeleteDowntimeForm.php

@@ -40,10 +40,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn(
-            'monitoring/command/downtime/delete',
-            $object->{$object->object_type}
-        )) {
+        if (! $this->isGrantedOn('icingadb/command/downtime/delete', $object->{$object->object_type})) {
             return null;
         }
 

application/forms/Command/Object/ProcessCheckResultForm.php

@@ -103,7 +103,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/process-check-result', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/process-check-result', $object)) {
             return null;
         }
 

application/forms/Command/Object/RemoveAcknowledgementForm.php

@@ -37,7 +37,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/remove-acknowledgement', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/remove-acknowledgement', $object)) {
             return null;
         }
 

application/forms/Command/Object/ScheduleCheckForm.php

@@ -75,10 +75,10 @@ protected function assembleSubmitButton()
     protected function getCommand(Model $object)
     {
         if (
-            ! $this->isGrantedOn('monitoring/command/schedule-check', $object)
+            ! $this->isGrantedOn('icingadb/command/schedule-check', $object)
             && (
                 ! $object->active_checks_enabled
-                || ! $this->isGrantedOn('monitoring/command/schedule-check/active-only', $object)
+                || ! $this->isGrantedOn('icingadb/command/schedule-check/active-only', $object)
             )
         ) {
             return null;

application/forms/Command/Object/ScheduleHostDowntimeForm.php

@@ -51,7 +51,7 @@ protected function assembleElements()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/downtime/schedule', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/downtime/schedule', $object)) {
             return null;
         }
 

application/forms/Command/Object/ScheduleServiceDowntimeForm.php

@@ -159,7 +159,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/downtime/schedule', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/downtime/schedule', $object)) {
             return null;
         }
 

application/forms/Command/Object/SendCustomNotificationForm.php

@@ -75,7 +75,7 @@ protected function assembleSubmitButton()
 
     protected function getCommand(Model $object)
     {
-        if (! $this->isGrantedOn('monitoring/command/send-custom-notification', $object)) {
+        if (! $this->isGrantedOn('icingadb/command/send-custom-notification', $object)) {
             return null;
         }
 

application/forms/Command/Object/ToggleObjectFeaturesForm.php

@@ -26,23 +26,23 @@ public function __construct($featureStatus)
         $this->features = [
             ToggleObjectFeatureCommand::FEATURE_ACTIVE_CHECKS => [
                 'label'         => t('Active Checks'),
-                'permission'    => 'monitoring/command/feature/object/active-checks'
+                'permission'    => 'icingadb/command/feature/object/active-checks'
             ],
             ToggleObjectFeatureCommand::FEATURE_PASSIVE_CHECKS => [
                 'label'         => t('Passive Checks'),
-                'permission'    => 'monitoring/command/feature/object/passive-checks'
+                'permission'    => 'icingadb/command/feature/object/passive-checks'
             ],
             ToggleObjectFeatureCommand::FEATURE_NOTIFICATIONS => [
                 'label'         => t('Notifications'),
-                'permission'    => 'monitoring/command/feature/object/notifications'
+                'permission'    => 'icingadb/command/feature/object/notifications'
             ],
             ToggleObjectFeatureCommand::FEATURE_EVENT_HANDLER => [
                 'label'         => t('Event Handler'),
-                'permission'    => 'monitoring/command/feature/object/event-handler'
+                'permission'    => 'icingadb/command/feature/object/event-handler'
             ],
             ToggleObjectFeatureCommand::FEATURE_FLAP_DETECTION => [
                 'label'         => t('Flap Detection'),
-                'permission'    => 'monitoring/command/feature/object/flap-detection'
+                'permission'    => 'icingadb/command/feature/object/flap-detection'
             ]
         ];
 

configuration.php

@@ -13,6 +13,87 @@
 
     $this->provideSetupWizard('Icinga\Module\Icingadb\Setup\IcingaDbWizard');
 
+    $this->providePermission(
+        'icingadb/command/*',
+        $this->translate('Allow all commands')
+    );
+    $this->providePermission(
+        'icingadb/command/schedule-check',
+        $this->translate('Allow to schedule host and service checks')
+    );
+    $this->providePermission(
+        'icingadb/command/schedule-check/active-only',
+        $this->translate('Allow to schedule host and service checks (Only on objects with active checks enabled)')
+    );
+    $this->providePermission(
+        'icingadb/command/acknowledge-problem',
+        $this->translate('Allow to acknowledge host and service problems')
+    );
+    $this->providePermission(
+        'icingadb/command/remove-acknowledgement',
+        $this->translate('Allow to remove problem acknowledgements')
+    );
+    $this->providePermission(
+        'icingadb/command/comment/*',
+        $this->translate('Allow to add and delete host and service comments')
+    );
+    $this->providePermission(
+        'icingadb/command/comment/add',
+        $this->translate('Allow to add host and service comments')
+    );
+    $this->providePermission(
+        'icingadb/command/comment/delete',
+        $this->translate('Allow to delete host and service comments')
+    );
+    $this->providePermission(
+        'icingadb/command/downtime/*',
+        $this->translate('Allow to schedule and delete host and service downtimes')
+    );
+    $this->providePermission(
+        'icingadb/command/downtime/schedule',
+        $this->translate('Allow to schedule host and service downtimes')
+    );
+    $this->providePermission(
+        'icingadb/command/downtime/delete',
+        $this->translate('Allow to delete host and service downtimes')
+    );
+    $this->providePermission(
+        'icingadb/command/process-check-result',
+        $this->translate('Allow to process host and service check results')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/instance',
+        $this->translate('Allow to toggle instance-wide features')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/*',
+        $this->translate('Allow to toggle all features on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/active-checks',
+        $this->translate('Allow to toggle active checks on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/passive-checks',
+        $this->translate('Allow to toggle passive checks on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/notifications',
+        $this->translate('Allow to toggle notifications on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/event-handler',
+        $this->translate('Allow to toggle event handlers on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/feature/object/flap-detection',
+        $this->translate('Allow to toggle flap detection on host and service objects')
+    );
+    $this->providePermission(
+        'icingadb/command/send-custom-notification',
+        $this->translate('Allow to send custom notifications for hosts and services')
+    );
+
     $this->provideRestriction(
         'icingadb/filter/objects',
         $this->translate('Restrict access to the Icinga objects that match the filter')

library/Icingadb/Common/CommandActions.php

@@ -153,44 +153,44 @@ protected function handleCommandForm($form)
 
     public function acknowledgeAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/acknowledge-problem');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/acknowledge-problem');
         $this->setTitle(t('Acknowledge Problem'));
         $this->handleCommandForm(AcknowledgeProblemForm::class);
     }
 
     public function addCommentAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/comment/add');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/comment/add');
         $this->setTitle(t('Add Comment'));
         $this->handleCommandForm(AddCommentForm::class);
     }
 
     public function checkNowAction()
     {
-        if (! $this->isGrantedOnCommandTargets('monitoring/command/schedule-check/active-only')) {
-            $this->assertIsGrantedOnCommandTargets('monitoring/command/schedule-check');
+        if (! $this->isGrantedOnCommandTargets('icingadb/command/schedule-check/active-only')) {
+            $this->assertIsGrantedOnCommandTargets('icingadb/command/schedule-check');
         }
 
         $this->handleCommandForm(CheckNowForm::class);
     }
 
     public function processCheckresultAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/process-check-result');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/process-check-result');
         $this->setTitle(t('Submit Passive Check Result'));
         $this->handleCommandForm(ProcessCheckResultForm::class);
     }
 
     public function removeAcknowledgementAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/remove-acknowledgement');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/remove-acknowledgement');
         $this->handleCommandForm(RemoveAcknowledgementForm::class);
     }
 
     public function scheduleCheckAction()
     {
-        if (! $this->isGrantedOnCommandTargets('monitoring/command/schedule-check/active-only')) {
-            $this->assertIsGrantedOnCommandTargets('monitoring/command/schedule-check');
+        if (! $this->isGrantedOnCommandTargets('icingadb/command/schedule-check/active-only')) {
+            $this->assertIsGrantedOnCommandTargets('icingadb/command/schedule-check');
         }
 
         $this->setTitle(t('Reschedule Check'));
@@ -199,7 +199,7 @@ public function scheduleCheckAction()
 
     public function scheduleDowntimeAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/downtime/schedule');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/downtime/schedule');
 
         switch ($this->getCommandTargetModel()->getTableName()) {
             case 'host':
@@ -215,7 +215,7 @@ public function scheduleDowntimeAction()
 
     public function sendCustomNotificationAction()
     {
-        $this->assertIsGrantedOnCommandTargets('monitoring/command/send-custom-notification');
+        $this->assertIsGrantedOnCommandTargets('icingadb/command/send-custom-notification');
         $this->setTitle(t('Send Custom Notification'));
         $this->handleCommandForm(SendCustomNotificationForm::class);
     }

library/Icingadb/Widget/Detail/CommentDetail.php

@@ -85,10 +85,12 @@ protected function assemble()
             $this->add($details);
         }
 
-        if ($this->isGrantedOn(
-            'monitoring/command/comment/delete',
-             $this->comment->{$this->comment->object_type}
-        )) {
+        if (
+            $this->isGrantedOn(
+                'icingadb/command/comment/delete',
+                $this->comment->{$this->comment->object_type}
+            )
+        ) {
             $this->add($this->createRemoveCommentForm());
         }
     }

library/Icingadb/Widget/Detail/DowntimeDetail.php

@@ -135,10 +135,12 @@ protected function assemble()
         $this->add(Html::tag('h2', t('Progress')));
         $this->add($this->createTimeline());
 
-        if ($this->isGrantedOn(
-            'monitoring/command/downtime/delete',
-             $this->downtime->{$this->downtime->object_type}
-        )) {
+        if (
+            $this->isGrantedOn(
+                'icingadb/command/downtime/delete',
+                $this->downtime->{$this->downtime->object_type}
+            )
+        ) {
             $this->add($this->createCancelDowntimeForm());
         }
     }