granicus.if.org Git - icinga2/blob - lib/icinga/usergroup.cpp

   1 /* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
   2
   3 #include "icinga/usergroup.hpp"
   4 #include "icinga/usergroup-ti.cpp"
   5 #include "config/objectrule.hpp"
   6 #include "config/configitem.hpp"
   7 #include "base/configtype.hpp"
   8 #include "base/objectlock.hpp"
   9 #include "base/logger.hpp"
  10 #include "base/context.hpp"
  11 #include "base/workqueue.hpp"
  12
  13 using namespace icinga;
  14
  15 REGISTER_TYPE(UserGroup);
  16
  17 INITIALIZE_ONCE([]() {
  18         ObjectRule::RegisterType("UserGroup");
  19 });
  20
  21 bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)
  22 {
  23         String groupName = group->GetName();
  24
  25         CONTEXT("Evaluating rule for group '" + groupName + "'");
  26
  27         ScriptFrame frame(true);
  28         if (group->GetScope())
  29                 group->GetScope()->CopyTo(frame.Locals);
  30         frame.Locals->Set("user", user);
  31
  32         if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())
  33                 return false;
  34
  35         Log(LogDebug, "UserGroup")
  36                 << "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";
  37
  38         Array::Ptr groups = user->GetGroups();
  39
  40         if (groups && !groups->Contains(groupName))
  41                 groups->Add(groupName);
  42
  43         return true;
  44 }
  45
  46 void UserGroup::EvaluateObjectRules(const User::Ptr& user)
  47 {
  48         CONTEXT("Evaluating group membership for user '" + user->GetName() + "'");
  49
  50         for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))
  51         {
  52                 if (!group->GetFilter())
  53                         continue;
  54
  55                 EvaluateObjectRule(user, group);
  56         }
  57 }
  58
  59 std::set<User::Ptr> UserGroup::GetMembers() const
  60 {
  61         boost::mutex::scoped_lock lock(m_UserGroupMutex);
  62         return m_Members;
  63 }
  64
  65 void UserGroup::AddMember(const User::Ptr& user)
  66 {
  67         user->AddGroup(GetName());
  68
  69         boost::mutex::scoped_lock lock(m_UserGroupMutex);
  70         m_Members.insert(user);
  71 }
  72
  73 void UserGroup::RemoveMember(const User::Ptr& user)
  74 {
  75         boost::mutex::scoped_lock lock(m_UserGroupMutex);
  76         m_Members.erase(user);
  77 }
  78
  79 bool UserGroup::ResolveGroupMembership(const User::Ptr& user, bool add, int rstack) {
  80
  81         if (add && rstack > 20) {
  82                 Log(LogWarning, "UserGroup")
  83                         << "Too many nested groups for group '" << GetName() << "': User '"
  84                         << user->GetName() << "' membership assignment failed.";
  85
  86                 return false;
  87         }
  88
  89         Array::Ptr groups = GetGroups();
  90
  91         if (groups && groups->GetLength() > 0) {
  92                 ObjectLock olock(groups);
  93
  94                 for (const String& name : groups) {
  95                         UserGroup::Ptr group = UserGroup::GetByName(name);
  96
  97                         if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
  98                                 return false;
  99                 }
 100         }
 101
 102         if (add)
 103                 AddMember(user);
 104         else
 105                 RemoveMember(user);
 106
 107         return true;
 108 }
 109