NavigationConfigForm: Apply share restrictions for users and groups

refs #5600
Icinga · Sep 16, 2015 · 4385d74 · 4385d74
1 parent 0cff2ca
commit 4385d74
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/application/forms/Navigation/NavigationConfigForm.php b/application/forms/Navigation/NavigationConfigForm.php
@@ -5,6 +5,7 @@
 
 use InvalidArgumentException;
 use Icinga\Application\Config;
+use Icinga\Authentication\Auth;
 use Icinga\Exception\IcingaException;
 use Icinga\Exception\NotFoundError;
 use Icinga\Forms\ConfigForm;
@@ -427,6 +428,63 @@ public function onRequest()
         }
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function isValid($formData)
+    {
+        if (! parent::isValid($formData)) {
+            return false;
+        }
+
+        $valid = true;
+        if (isset($formData['users']) && $formData['users']) {
+            $parsedUserRestrictions = array();
+            foreach (Auth::getInstance()->getRestrictions('application/share/users') as $userRestriction) {
+                $parsedUserRestrictions[] = array_map('trim', explode(',', $userRestriction));
+            }
+
+            if (! empty($parsedUserRestrictions)) {
+                $desiredUsers = array_map('trim', explode(',', $formData['users']));
+                array_unshift($parsedUserRestrictions, $desiredUsers);
+                $forbiddenUsers = call_user_func_array('array_diff', $parsedUserRestrictions);
+                if (! empty($forbiddenUsers)) {
+                    $valid = false;
+                    $this->getElement('users')->addError(
+                        $this->translate(sprintf(
+                            'You are not permitted to share this navigation item with the following users: %s',
+                            implode(', ', $forbiddenUsers)
+                        ))
+                    );
+                }
+            }
+        }
+
+        if (isset($formData['groups']) && $formData['groups']) {
+            $parsedGroupRestrictions = array();
+            foreach (Auth::getInstance()->getRestrictions('application/share/groups') as $groupRestriction) {
+                $parsedGroupRestrictions[] = array_map('trim', explode(',', $groupRestriction));
+            }
+
+            if (! empty($parsedGroupRestrictions)) {
+                $desiredGroups = array_map('trim', explode(',', $formData['groups']));
+                array_unshift($parsedGroupRestrictions, $desiredGroups);
+                $forbiddenGroups = call_user_func_array('array_diff', $parsedGroupRestrictions);
+                if (! empty($forbiddenGroups)) {
+                    $valid = false;
+                    $this->getElement('groups')->addError(
+                        $this->translate(sprintf(
+                            'You are not permitted to share this navigation item with the following groups: %s',
+                            implode(', ', $forbiddenGroups)
+                        ))
+                    );
+                }
+            }
+        }
+
+        return $valid;
+    }
+
     /**
      * {@inheritdoc}
      */