From 7c53e6f7bee0424cf315d6f8af3cf73838d370b9 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 29 Sep 2014 11:31:59 +0200
Subject: [PATCH] Improve page permission handling

refs #7163
---
 library/Icinga/Web/Wizard.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/library/Icinga/Web/Wizard.php b/library/Icinga/Web/Wizard.php
index 1e0c8c49dc..3a69caf159 100644
--- a/library/Icinga/Web/Wizard.php
+++ b/library/Icinga/Web/Wizard.php
@@ -224,7 +224,7 @@ public function handleRequest(Request $request = null)
                 if ($isValid) {
                     $pageData = & $this->getPageData();
                     $pageData[$page->getName()] = $page->getValues();
-                    $this->setCurrentPage($this->getNewPage($requestedPage));
+                    $this->setCurrentPage($this->getNewPage($requestedPage, $page));
                     $page->getResponse()->redirectAndExit($page->getRedirectUrl());
                 }
             } else {
@@ -281,20 +281,30 @@ protected function getDirection(Request $request = null)
     /**
      * Return the new page to set as current page
      *
+     * Permission is checked by verifying that the requested page's previous page has page data available.
+     * The requested page is automatically permitted without any checks if the origin page is its previous
+     * page or one that occurs later in order.
+     *
      * @param   string  $requestedPage      The name of the requested page
+     * @param   Form    $originPage         The origin page
      *
      * @return  Form                        The new page
      *
      * @throws  InvalidArgumentException    In case the requested page does not exist or is not permitted yet
      */
-    protected function getNewPage($requestedPage)
+    protected function getNewPage($requestedPage, Form $originPage)
     {
         if (($page = $this->getPage($requestedPage)) !== null) {
             $permitted = true;
 
             $pages = $this->getPages();
             if (($index = array_search($page, $pages, true)) > 0) {
-                $permitted = $this->hasPageData($pages[$index - 1]->getName());
+                $previousPage = $pages[$index - 1];
+                if ($originPage === null || ($previousPage->getName() !== $originPage->getName()
+                    && array_search($originPage, $pages, true) < $index))
+                {
+                    $permitted = $this->hasPageData($previousPage->getName());
+                }
             }
 
             if ($permitted) {