summaryrefslogtreecommitdiffstats
path: root/lib/icinga/usergroup.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 11:32:39 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 11:32:39 +0000
commit56ae875861ab260b80a030f50c4aff9f9dc8fff0 (patch)
tree531412110fc901a5918c7f7442202804a83cada9 /lib/icinga/usergroup.cpp
parentInitial commit. (diff)
downloadicinga2-56ae875861ab260b80a030f50c4aff9f9dc8fff0.tar.xz
icinga2-56ae875861ab260b80a030f50c4aff9f9dc8fff0.zip
Adding upstream version 2.14.2.upstream/2.14.2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--lib/icinga/usergroup.cpp128
1 files changed, 128 insertions, 0 deletions
diff --git a/lib/icinga/usergroup.cpp b/lib/icinga/usergroup.cpp
new file mode 100644
index 0000000..27ae45b
--- /dev/null
+++ b/lib/icinga/usergroup.cpp
@@ -0,0 +1,128 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "icinga/usergroup.hpp"
+#include "icinga/usergroup-ti.cpp"
+#include "icinga/notification.hpp"
+#include "config/objectrule.hpp"
+#include "config/configitem.hpp"
+#include "base/configtype.hpp"
+#include "base/objectlock.hpp"
+#include "base/logger.hpp"
+#include "base/context.hpp"
+#include "base/workqueue.hpp"
+
+using namespace icinga;
+
+REGISTER_TYPE(UserGroup);
+
+INITIALIZE_ONCE([]() {
+ ObjectRule::RegisterType("UserGroup");
+});
+
+bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)
+{
+ String groupName = group->GetName();
+
+ CONTEXT("Evaluating rule for group '" << groupName << "'");
+
+ ScriptFrame frame(true);
+ if (group->GetScope())
+ group->GetScope()->CopyTo(frame.Locals);
+ frame.Locals->Set("user", user);
+
+ if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())
+ return false;
+
+ Log(LogDebug, "UserGroup")
+ << "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";
+
+ Array::Ptr groups = user->GetGroups();
+
+ if (groups && !groups->Contains(groupName))
+ groups->Add(groupName);
+
+ return true;
+}
+
+void UserGroup::EvaluateObjectRules(const User::Ptr& user)
+{
+ CONTEXT("Evaluating group membership for user '" << user->GetName() << "'");
+
+ for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))
+ {
+ if (!group->GetFilter())
+ continue;
+
+ EvaluateObjectRule(user, group);
+ }
+}
+
+std::set<User::Ptr> UserGroup::GetMembers() const
+{
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ return m_Members;
+}
+
+void UserGroup::AddMember(const User::Ptr& user)
+{
+ user->AddGroup(GetName());
+
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ m_Members.insert(user);
+}
+
+void UserGroup::RemoveMember(const User::Ptr& user)
+{
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ m_Members.erase(user);
+}
+
+std::set<Notification::Ptr> UserGroup::GetNotifications() const
+{
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ return m_Notifications;
+}
+
+void UserGroup::AddNotification(const Notification::Ptr& notification)
+{
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ m_Notifications.insert(notification);
+}
+
+void UserGroup::RemoveNotification(const Notification::Ptr& notification)
+{
+ std::unique_lock<std::mutex> lock(m_UserGroupMutex);
+ m_Notifications.erase(notification);
+}
+
+bool UserGroup::ResolveGroupMembership(const User::Ptr& user, bool add, int rstack) {
+
+ if (add && rstack > 20) {
+ Log(LogWarning, "UserGroup")
+ << "Too many nested groups for group '" << GetName() << "': User '"
+ << user->GetName() << "' membership assignment failed.";
+
+ return false;
+ }
+
+ Array::Ptr groups = GetGroups();
+
+ if (groups && groups->GetLength() > 0) {
+ ObjectLock olock(groups);
+
+ for (const String& name : groups) {
+ UserGroup::Ptr group = UserGroup::GetByName(name);
+
+ if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
+ return false;
+ }
+ }
+
+ if (add)
+ AddMember(user);
+ else
+ RemoveMember(user);
+
+ return true;
+}
+