blob: 27ae45bb43620122c1c56ea08778918a52600e19 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "icinga/usergroup.hpp"
#include "icinga/usergroup-ti.cpp"
#include "icinga/notification.hpp"
#include "config/objectrule.hpp"
#include "config/configitem.hpp"
#include "base/configtype.hpp"
#include "base/objectlock.hpp"
#include "base/logger.hpp"
#include "base/context.hpp"
#include "base/workqueue.hpp"
using namespace icinga;
REGISTER_TYPE(UserGroup);
INITIALIZE_ONCE([]() {
ObjectRule::RegisterType("UserGroup");
});
bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)
{
String groupName = group->GetName();
CONTEXT("Evaluating rule for group '" << groupName << "'");
ScriptFrame frame(true);
if (group->GetScope())
group->GetScope()->CopyTo(frame.Locals);
frame.Locals->Set("user", user);
if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())
return false;
Log(LogDebug, "UserGroup")
<< "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";
Array::Ptr groups = user->GetGroups();
if (groups && !groups->Contains(groupName))
groups->Add(groupName);
return true;
}
void UserGroup::EvaluateObjectRules(const User::Ptr& user)
{
CONTEXT("Evaluating group membership for user '" << user->GetName() << "'");
for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))
{
if (!group->GetFilter())
continue;
EvaluateObjectRule(user, group);
}
}
std::set<User::Ptr> UserGroup::GetMembers() const
{
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
return m_Members;
}
void UserGroup::AddMember(const User::Ptr& user)
{
user->AddGroup(GetName());
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
m_Members.insert(user);
}
void UserGroup::RemoveMember(const User::Ptr& user)
{
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
m_Members.erase(user);
}
std::set<Notification::Ptr> UserGroup::GetNotifications() const
{
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
return m_Notifications;
}
void UserGroup::AddNotification(const Notification::Ptr& notification)
{
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
m_Notifications.insert(notification);
}
void UserGroup::RemoveNotification(const Notification::Ptr& notification)
{
std::unique_lock<std::mutex> lock(m_UserGroupMutex);
m_Notifications.erase(notification);
}
bool UserGroup::ResolveGroupMembership(const User::Ptr& user, bool add, int rstack) {
if (add && rstack > 20) {
Log(LogWarning, "UserGroup")
<< "Too many nested groups for group '" << GetName() << "': User '"
<< user->GetName() << "' membership assignment failed.";
return false;
}
Array::Ptr groups = GetGroups();
if (groups && groups->GetLength() > 0) {
ObjectLock olock(groups);
for (const String& name : groups) {
UserGroup::Ptr group = UserGroup::GetByName(name);
if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
return false;
}
}
if (add)
AddMember(user);
else
RemoveMember(user);
return true;
}
|
