Johannes Meyer
93869319b3
Auth: Apply filter/hosts and filter/services to dependency queries
...
refs #1242
2025-07-14 15:49:14 +02:00
Johannes Meyer
e66661196b
usergroups: Rename to contactgroups
2025-04-10 15:04:41 +02:00
Johannes Meyer
9ea5d70512
users: Rename to contacts
2025-04-10 15:04:41 +02:00
Sukhwinder Dhillon
9e77c5f1ad
Auth::applyRestrictions(): Don't take redundancy_group into account
...
Otherwise, redundany_group objects are not visible.
- New filter : Either the host/service is null (the object is a redundancy group) or given restrictions match
2025-02-04 13:48:32 +01:00
raviks789
a8f891fefa
Avoid leakage of state.check_commandline to restricted users
...
Users who do not have permission to see the object's `Source` tab, must be
restricted from accessing the object's `state.check_commandline` column.
2023-06-22 13:32:28 +02:00
Eric Lippmann
d8c5e41586
Rename blacklist to denylist
2022-06-27 13:22:08 +02:00
Eric Lippmann
ebc6735270
Use Query::columns() instead of ::setColumns()
...
Query::columns() is no longer additive and ::setColumns() will therefore
be removed.
2022-06-02 14:24:52 +02:00
Johannes Meyer
105842658e
Auth: Explicitly select flatname from customvar_flat
...
The `*` was just a lazy fix. Should be bullet proof now.
(fingers crossed)
2022-06-02 14:24:51 +02:00
Johannes Meyer
5b026f8f26
Adjust usages of ipl\Stdlib\Filter::equal() and ::unequal()
2022-05-24 12:02:51 +02:00
Yonas Habteab
a052b9a466
Auth: Force query optimization on union queries
...
Forces the given restriction/filter to be wrapped in a subquery if there is a restriction applied
to `*/services` or `*/hosts` with `hostgroup.name` or `servicegroup.name`. If `hostgroup.name` is
used for services restriction, it is automatically wrapped to a subquery, because service model
has no direct relation to `hostgroup` and it is the same with host model and `servicegroup.name`.
2022-04-07 16:58:39 +02:00
Yonas Habteab
aefd0e1f7d
Add PHP 7 argument & return type declarations to all member methods
2021-11-03 16:06:59 +01:00
Johannes Meyer
8276cc7ace
Auth: Allow user and usergroup filters in restrictions
2021-10-04 12:53:13 +02:00
Yonas Habteab
9f99637153
Introduce matchesOn & isMatchedOn methods
2021-10-01 15:30:06 +02:00
Johannes Meyer
b67b7cd13a
Auth: Add method isPermittedRoute()
2021-05-03 14:57:27 +02:00
Johannes Meyer
38720697eb
Cleanup usages of filter property noOptimization
2021-05-03 14:49:30 +02:00
Johannes Meyer
416d4a4021
Auth: Bail out early for unrestricted users in isGrantedOn[Type]()
2021-03-22 17:16:03 +01:00
Johannes Meyer
c384c3198a
ObjectAuthorization: Perform check on all objects in grantsOnType()
...
`grantsOnType()` will now perform the permission check it is asked for
on every object that matches the filter. It will then cache all
individual results so that any subsequent call to `grantsOn()` will
hit the cache instead of triggering another query.
2021-03-19 15:47:57 +01:00
Johannes Meyer
47cc59e3e1
Introduce class ObjectAuthorization
2021-03-19 15:47:57 +01:00
Johannes Meyer
18f009c55f
Utilize ipl\Orm\Query::filter() where appropriate
2021-03-19 15:42:15 +01:00
Johannes Meyer
aae4c01cbf
Auth: Prevent filter optimizations for variable blacklists
...
This depends upon https://github.com/Icinga/ipl-orm/pull/13
2021-03-12 11:27:46 +01:00
Johannes Meyer
73f0b39b17
Auth: Prefer !=* check instead of IsNull condition
2021-03-12 11:27:46 +01:00
Johannes Meyer
5a808ae6d2
Apply custom variable restrictions when necessary
2021-03-12 11:27:46 +01:00
Johannes Meyer
dadc02dd1b
Auth: Don't apply restrictions if the user is unrestricted
2021-03-09 11:27:50 +01:00
Johannes Meyer
e500de5f00
Auth: Add method applyRestrictions()
2021-03-09 09:21:31 +01:00
Johannes Meyer
5e441c93a0
Add license note to every file
2020-03-13 10:36:24 +01:00
Johannes Meyer
bc9ebd0b11
Auth: Put opening brace on the next line after the definition
2020-01-17 16:04:01 +01:00
Johannes Meyer
2b71a20a38
Introduce trait Auth
2019-12-10 10:56:18 +01:00
