tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FilterUtility: Outsource permission matching from CheckPermission() to a separate method

This commit is contained in:
Yonas Habteab 2022-10-05 17:49:02 +02:00
parent 14e4f6b921
commit 1bb2d65a8d
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/remote/filterutility.cpp
View File

@ -124,13 +124,27 @@ static void FilteredAddTarget(ScriptFrame& permissionFrame, Expression *permissi
}
}
void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
/**
* Checks whether the given API user is granted the given permission
*
* When you desire an exception to be raised when the given user doesn't have the given permission,
* you need to use FilterUtility::CheckPermission().
*
* @param user ApiUser pointer to the user object you want to check the permission of
* @param permission The actual permission you want to check the user permission against
* @param permissionFilter Expression pointer that is used as an output buffer for all the filter expressions of the
* individual permissions of the given user to be evaluated. It's up to the caller to delete
* this pointer when it's not needed any more.
*
* @return bool
*/
bool FilterUtility::HasPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
{
if (permissionFilter)
*permissionFilter = nullptr;
if (permission.IsEmpty())
return;
return true;
bool foundPermission = false;
String requiredPermission = permission.ToLower();
@ -172,8 +186,15 @@ void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& perm
if (!foundPermission) {
Log(LogWarning, "FilterUtility")
<< "Missing permission: " << requiredPermission;
}
BOOST_THROW_EXCEPTION(ScriptError("Missing permission: " + requiredPermission));
return foundPermission;
}
void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
{
if (!HasPermission(user, permission, permissionFilter)) {
BOOST_THROW_EXCEPTION(ScriptError("Missing permission: " + permission.ToLower()));
}
}

1
lib/remote/filterutility.hpp
View File

@ -52,6 +52,7 @@ class FilterUtility
public:
static Type::Ptr TypeFromPluralName(const String& pluralName);
static void CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **filter = nullptr);
static bool HasPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter = nullptr);
static std::vector<Value> GetFilterTargets(const QueryDescription& qd, const Dictionary::Ptr& query,
const ApiUser::Ptr& user, const String& variableName = String());
static bool EvaluateFilter(ScriptFrame& frame, Expression *filter,