icinga2/lib/icinga/usergroup.cpp

/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */

#include "icinga/usergroup.hpp"
#include "icinga/usergroup-ti.cpp"
#include "icinga/notification.hpp"
#include "config/objectrule.hpp"
#include "config/configitem.hpp"
#include "base/configtype.hpp"
#include "base/objectlock.hpp"
#include "base/logger.hpp"
#include "base/context.hpp"
#include "base/workqueue.hpp"

using namespace icinga;

REGISTER_TYPE(UserGroup);

INITIALIZE_ONCE([]() {
	ObjectRule::RegisterType("UserGroup");
});

bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)
{
	String groupName = group->GetName();

	CONTEXT("Evaluating rule for group '" << groupName << "'");

	ScriptFrame frame(true);
	if (group->GetScope())
		group->GetScope()->CopyTo(frame.Locals);
	frame.Locals->Set("user", user);

	if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())
		return false;

	Log(LogDebug, "UserGroup")
		<< "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";

	Array::Ptr groups = user->GetGroups();

	if (groups && !groups->Contains(groupName))
		groups->Add(groupName);

	return true;
}

void UserGroup::EvaluateObjectRules(const User::Ptr& user)
{
	CONTEXT("Evaluating group membership for user '" << user->GetName() << "'");

	for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))
	{
		if (!group->GetFilter())
			continue;

		EvaluateObjectRule(user, group);
	}
}

std::set<User::Ptr> UserGroup::GetMembers() const
{
	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	return m_Members;
}

void UserGroup::AddMember(const User::Ptr& user)
{
	user->AddGroup(GetName());

	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	m_Members.insert(user);
}

void UserGroup::RemoveMember(const User::Ptr& user)
{
	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	m_Members.erase(user);
}

std::set<Notification::Ptr> UserGroup::GetNotifications() const
{
	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	return m_Notifications;
}

void UserGroup::AddNotification(const Notification::Ptr& notification)
{
	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	m_Notifications.insert(notification);
}

void UserGroup::RemoveNotification(const Notification::Ptr& notification)
{
	std::unique_lock<std::mutex> lock(m_UserGroupMutex);
	m_Notifications.erase(notification);
}

bool UserGroup::ResolveGroupMembership(const User::Ptr& user, bool add, int rstack) {

	if (add && rstack > 20) {
		Log(LogWarning, "UserGroup")
			<< "Too many nested groups for group '" << GetName() << "': User '"
			<< user->GetName() << "' membership assignment failed.";

		return false;
	}

	Array::Ptr groups = GetGroups();

	if (groups && groups->GetLength() > 0) {
		ObjectLock olock(groups);

		for (String name : groups) {
			UserGroup::Ptr group = UserGroup::GetByName(name);

			if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
				return false;
		}
	}

	if (add)
		AddMember(user);
	else
		RemoveMember(user);

	return true;
}
Replace Copyright header with a short version, part I CLion -> replace in path 2019-02-25 08:48:22 -05:00			`/* Icinga 2 \| (c) 2012 Icinga GmbH \| GPLv2+ */`
Implemented user groups. 2013-02-27 15:49:03 -05:00
Rename C++ header files. Fixes #6291 2014-05-25 10:23:35 -04:00			`#include "icinga/usergroup.hpp"`
Fix compatibility with CMake < 3.1 2018-01-18 07:50:38 -05:00			`#include "icinga/usergroup-ti.cpp"`
Add missing include to fix non-unity builds This commit fixes the following build error: [ 55%] Building CXX object lib/icinga/CMakeFiles/icinga.dir/usergroup.cpp.o lib/icinga/usergroup.cpp:79:24: error: incomplete type ‘icinga::Notification’ used in nested name specifier 79 \| std::set<Notification::Ptr> UserGroup::GetNotifications() const \| ^~~ 2021-11-17 10:11:15 -05:00			`#include "icinga/notification.hpp"`
Rename C++ header files. Fixes #6291 2014-05-25 10:23:35 -04:00			`#include "config/objectrule.hpp"`
Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`#include "config/configitem.hpp"`
Rename DynamicObject/DynamicType to ConfigObject/ConfigType fixes #9914 2015-08-15 14:28:05 -04:00			`#include "base/configtype.hpp"`
Rename C++ header files. Fixes #6291 2014-05-25 10:23:35 -04:00			`#include "base/objectlock.hpp"`
Remove logger_fwd.hpp 2014-10-19 08:21:12 -04:00			`#include "base/logger.hpp"`
Rename C++ header files. Fixes #6291 2014-05-25 10:23:35 -04:00			`#include "base/context.hpp"`
			`#include "base/workqueue.hpp"`
Implemented user groups. 2013-02-27 15:49:03 -05:00
			`using namespace icinga;`

Refactored object locking code. 2013-03-01 06:07:52 -05:00			`REGISTER_TYPE(UserGroup);`
Implemented user groups. 2013-02-27 15:49:03 -05:00
Use lambda functions for INITIALIZE_ONCE fixes #12562 2016-08-27 03:35:08 -04:00			`INITIALIZE_ONCE([]() {`
Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`ObjectRule::RegisterType("UserGroup");`
Use lambda functions for INITIALIZE_ONCE fixes #12562 2016-08-27 03:35:08 -04:00			`});`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00			`{`
Ensure that added group members are unique refs #4732 2018-05-09 11:15:44 -04:00			`String groupName = group->GetName();`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
CONTEXT: use << everywhere to unify usages 2022-11-24 06:40:36 -05:00			`CONTEXT("Evaluating rule for group '" << groupName << "'");`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
Build fix for Debian wheezy 2018-01-03 04:19:24 -05:00			`ScriptFrame frame(true);`
Refactor the stack frame handling for scripts fixes #7748 2014-11-22 06:21:28 -05:00			`if (group->GetScope())`
			`group->GetScope()->CopyTo(frame.Locals);`
			`frame.Locals->Set("user", user);`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
Implement the 'continue' and 'break' keywords fixes #8394 2015-02-19 06:57:52 -05:00			`if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00			`return false;`

Refactor logging code 2014-10-19 11:52:17 -04:00			`Log(LogDebug, "UserGroup")`
Ensure that added group members are unique refs #4732 2018-05-09 11:15:44 -04:00			`<< "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
Split DynamicObject::OnConfigLoaded into two separate events refs #7780 2014-11-21 12:31:37 -05:00			`Array::Ptr groups = user->GetGroups();`
Ensure that added group members are unique refs #4732 2018-05-09 11:15:44 -04:00
			`if (groups && !groups->Contains(groupName))`
			`groups->Add(groupName);`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00
			`return true;`
			`}`

Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`void UserGroup::EvaluateObjectRules(const User::Ptr& user)`
Execute apply/object rules in parallel. Fixes #6223 2014-05-17 14:13:25 -04:00			`{`
CONTEXT: use << everywhere to unify usages 2022-11-24 06:40:36 -05:00			`CONTEXT("Evaluating group membership for user '" << user->GetName() << "'");`
Execute apply/object rules in parallel. Fixes #6223 2014-05-17 14:13:25 -04:00
Allow expressions for the type in object/template declarations 2017-05-11 08:21:30 -04:00			`for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))`
Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`{`
			`if (!group->GetFilter())`
			`continue;`
Execute apply/object rules in parallel. Fixes #6223 2014-05-17 14:13:25 -04:00
Refactor apply/object rules fixes #7700 2014-11-16 10:20:39 -05:00			`EvaluateObjectRule(user, group);`
Add group assign/ignore rules. Fixes #5910 2014-04-23 06:44:36 -04:00			`}`
			`}`

Apply clang-tidy fix 'modernize-redundant-void-arg' 2018-01-03 22:25:35 -05:00			`std::set<User::Ptr> UserGroup::GetMembers() const`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`{`
Use std::mutex, not boost::mutex 2021-02-02 04:16:04 -05:00			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
Remove the replication feature and clean up the code. 2013-08-20 05:06:04 -04:00			`return m_Members;`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`}`

Remove the replication feature and clean up the code. 2013-08-20 05:06:04 -04:00			`void UserGroup::AddMember(const User::Ptr& user)`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`{`
Fix "assign where" for nested groups fixes #7475 2014-10-28 13:58:22 -04:00			`user->AddGroup(GetName());`

Use std::mutex, not boost::mutex 2021-02-02 04:16:04 -05:00			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
Remove the replication feature and clean up the code. 2013-08-20 05:06:04 -04:00			`m_Members.insert(user);`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`}`

Remove the replication feature and clean up the code. 2013-08-20 05:06:04 -04:00			`void UserGroup::RemoveMember(const User::Ptr& user)`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`{`
Use std::mutex, not boost::mutex 2021-02-02 04:16:04 -05:00			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
Remove the replication feature and clean up the code. 2013-08-20 05:06:04 -04:00			`m_Members.erase(user);`
Implemented user groups. 2013-02-27 15:49:03 -05:00			`}`
Add nested group support for {Host,Service,User}Group. Fixes #5858 2014-04-14 14:59:41 -04:00
Icinga DB: Make sure object relationships are handled correctly 2021-10-08 10:43:09 -04:00			`std::set<Notification::Ptr> UserGroup::GetNotifications() const`
			`{`
			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
			`return m_Notifications;`
			`}`

			`void UserGroup::AddNotification(const Notification::Ptr& notification)`
			`{`
			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
			`m_Notifications.insert(notification);`
			`}`

			`void UserGroup::RemoveNotification(const Notification::Ptr& notification)`
			`{`
			`std::unique_lock<std::mutex> lock(m_UserGroupMutex);`
			`m_Notifications.erase(notification);`
			`}`

Fix code style 2014-10-28 13:04:51 -04:00			`bool UserGroup::ResolveGroupMembership(const User::Ptr& user, bool add, int rstack) {`
Add nested group support for {Host,Service,User}Group. Fixes #5858 2014-04-14 14:59:41 -04:00
			`if (add && rstack > 20) {`
Refactor logging code 2014-10-19 11:52:17 -04:00			`Log(LogWarning, "UserGroup")`
Whitespace fix What does this change? * Remove use of spaces for formatting These could be found by using `grep -r -l -P '^\t+ +[^]' Removal of training whitespaces * A few lines longer than 120 chars 2017-12-19 09:50:05 -05:00			`<< "Too many nested groups for group '" << GetName() << "': User '"`
			`<< user->GetName() << "' membership assignment failed.";`
Add nested group support for {Host,Service,User}Group. Fixes #5858 2014-04-14 14:59:41 -04:00
			`return false;`
			`}`

			`Array::Ptr groups = GetGroups();`

			`if (groups && groups->GetLength() > 0) {`
			`ObjectLock olock(groups);`

Fix compiler warnings by (copy-)constructing loop variables explicitly for (const T& needle : haystack) creates the illusion that haystack is a container of T and we're just borrowing needle. In these cases that's not true. 2023-03-31 06:36:37 -04:00			`for (String name : groups) {`
Add nested group support for {Host,Service,User}Group. Fixes #5858 2014-04-14 14:59:41 -04:00			`UserGroup::Ptr group = UserGroup::GetByName(name);`

			`if (group && !group->ResolveGroupMembership(user, add, rstack + 1))`
			`return false;`
			`}`
			`}`

			`if (add)`
			`AddMember(user);`
			`else`
			`RemoveMember(user);`

			`return true;`
			`}`