-/******************************************************************************
- * Icinga 2 *
- * Copyright (C) 2012-2014 Icinga Development Team (http://www.icinga.org) *
- * *
- * This program is free software; you can redistribute it and/or *
- * modify it under the terms of the GNU General Public License *
- * as published by the Free Software Foundation; either version 2 *
- * of the License, or (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software Foundation *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "icinga/usergroup.hpp"
+#include "icinga/usergroup-ti.cpp"
#include "config/objectrule.hpp"
-#include "base/dynamictype.hpp"
+#include "config/configitem.hpp"
+#include "base/configtype.hpp"
#include "base/objectlock.hpp"
#include "base/logger.hpp"
#include "base/context.hpp"
#include "base/workqueue.hpp"
-#include <boost/foreach.hpp>
using namespace icinga;
REGISTER_TYPE(UserGroup);
-INITIALIZE_ONCE(&UserGroup::RegisterObjectRuleHandler);
+INITIALIZE_ONCE([]() {
+ ObjectRule::RegisterType("UserGroup");
+});
-void UserGroup::RegisterObjectRuleHandler(void)
+bool UserGroup::EvaluateObjectRule(const User::Ptr& user, const ConfigItem::Ptr& group)
{
- ObjectRule::RegisterType("UserGroup", &UserGroup::EvaluateObjectRules);
-}
-
-bool UserGroup::EvaluateObjectRuleOne(const User::Ptr& user, const ObjectRule& rule)
-{
- DebugInfo di = rule.GetDebugInfo();
+ String groupName = group->GetName();
- std::ostringstream msgbuf;
- msgbuf << "Evaluating 'object' rule (" << di << ")";
- CONTEXT(msgbuf.str());
+ CONTEXT("Evaluating rule for group '" + groupName + "'");
- Dictionary::Ptr locals = make_shared<Dictionary>();
- locals->Set("user", user);
+ ScriptFrame frame(true);
+ if (group->GetScope())
+ group->GetScope()->CopyTo(frame.Locals);
+ frame.Locals->Set("user", user);
- if (!rule.EvaluateFilter(locals))
+ if (!group->GetFilter()->Evaluate(frame).GetValue().ToBool())
return false;
Log(LogDebug, "UserGroup")
- << "Assigning membership for group '" << rule.GetName() << "' to user '" << user->GetName() << "' for rule " << di;
+ << "Assigning membership for group '" << groupName << "' to user '" << user->GetName() << "'";
- String group_name = rule.GetName();
- UserGroup::Ptr group = UserGroup::GetByName(group_name);
-
- if (!group) {
- Log(LogCritical, "UserGroup")
- << "Invalid membership assignment. Group '" << group_name << "' does not exist.";
- return false;
- }
+ Array::Ptr groups = user->GetGroups();
- /* assign user group membership */
- group->ResolveGroupMembership(user, true);
+ if (groups && !groups->Contains(groupName))
+ groups->Add(groupName);
return true;
}
-void UserGroup::EvaluateObjectRule(const ObjectRule& rule)
+void UserGroup::EvaluateObjectRules(const User::Ptr& user)
{
- BOOST_FOREACH(const User::Ptr& user, DynamicType::GetObjectsByType<User>()) {
- CONTEXT("Evaluating group membership in '" + rule.GetName() + "' for user '" + user->GetName() + "'");
+ CONTEXT("Evaluating group membership for user '" + user->GetName() + "'");
- EvaluateObjectRuleOne(user, rule);
- }
-}
+ for (const ConfigItem::Ptr& group : ConfigItem::GetItems(UserGroup::TypeInstance))
+ {
+ if (!group->GetFilter())
+ continue;
-void UserGroup::EvaluateObjectRules(const std::vector<ObjectRule>& rules)
-{
- ParallelWorkQueue upq;
-
- BOOST_FOREACH(const ObjectRule& rule, rules) {
- upq.Enqueue(boost::bind(UserGroup::EvaluateObjectRule, boost::cref(rule)));
+ EvaluateObjectRule(user, group);
}
-
- upq.Join();
}
-std::set<User::Ptr> UserGroup::GetMembers(void) const
+std::set<User::Ptr> UserGroup::GetMembers() const
{
boost::mutex::scoped_lock lock(m_UserGroupMutex);
return m_Members;
if (add && rstack > 20) {
Log(LogWarning, "UserGroup")
- << "Too many nested groups for group '" << GetName() << "': User '"
- << user->GetName() << "' membership assignment failed.";
+ << "Too many nested groups for group '" << GetName() << "': User '"
+ << user->GetName() << "' membership assignment failed.";
return false;
}
if (groups && groups->GetLength() > 0) {
ObjectLock olock(groups);
- BOOST_FOREACH(const String& name, groups) {
+ for (const String& name : groups) {
UserGroup::Ptr group = UserGroup::GetByName(name);
if (group && !group->ResolveGroupMembership(user, add, rstack + 1))
projects / icinga2 / blobdiff