mvc: sync missing hasPrivilege()

PR: https://forum.opnsense.org/index.php?topic=12323.0
opnsense · Apr 5, 2019 · 039ba3c · 039ba3c
1 parent 401c05e
commit 039ba3c
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php b/src/opnsense/mvc/app/models/OPNsense/Core/ACL.php
@@ -268,6 +268,62 @@ public function isPageAccessible($username, $url)
         return false;
     }
 
+    /**
+     * test if a user has a certain privilege set.
+     * (transition method, should be replaced by group membership)
+     * @param string $username user name
+     * @param string $reqpriv privilege name
+     * @return bool
+     */
+    public function hasPrivilege($username, $reqpriv)
+    {
+        $uid = null;
+        $privs = array();
+        $groups = array();
+        $config = Config::getInstance()->object();
+        if ($config->system->count() > 0) {
+            foreach ($config->system->children() as $key => $node) {
+                if ($key == 'user' && (string)$node->name == $username) {
+                    foreach ($node->priv as $priv) {
+                        $privs[] = (string)$priv;
+                    }
+                    $uid = (string)$node->uid;
+                }
+            }
+            foreach ($config->system->children() as $key => $groupNode) {
+                if ($key == 'group') {
+                    $group_privs = array();
+                    $userInGrp = false;
+                    foreach ($groupNode->children() as $itemKey => $node) {
+                        if ($node->getName() == "member" && (string)$node == $uid) {
+                            $userInGrp = true;
+                        } elseif ($node->getName() == "priv") {
+                            $group_privs[] = (string)$node;
+                        }
+                    }
+                    if ($userInGrp) {
+                        $privs = array_merge($privs, $group_privs);
+                    }
+                }
+            }
+        }
+        return in_array($reqpriv, $privs);
+    }
+
+    /**
+     * check if user has group membership
+     * @param string $username user name
+     * @param string $groupname group name
+     * @return bool|null|string|string[]
+     */
+    public function inGroup($username, $groupname)
+    {
+        if (!empty($this->userDatabase[$username])) {
+            return in_array($groupname, $this->userDatabase[$username]['groups']);
+        }
+        return false;
+    }
+
     /**
      * get user preferred landing page
      * @param string $username user name