mirror of https://github.com/Icinga/icinga2.git
FilterUtility: Replace some nested raw pointers by our `unique_ptr<X>*`
This commit is contained in:
Yonas Habteab
parent
ae32b3cbbd
commit
c1f73fbc1d
|
|
@ -10,6 +10,7 @@
|
|||
#include "base/logger.hpp"
|
||||
#include "base/utility.hpp"
|
||||
#include <boost/algorithm/string/case_conv.hpp>
|
||||
#include <memory>
|
||||
|
||||
using namespace icinga;
|
||||
|
||||
|
|
@ -138,7 +139,7 @@ static void FilteredAddTarget(ScriptFrame& permissionFrame, Expression *permissi
|
|||
*
|
||||
* @return bool
|
||||
*/
|
||||
bool FilterUtility::HasPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
|
||||
bool FilterUtility::HasPermission(const ApiUser::Ptr& user, const String& permission, std::unique_ptr<Expression>* permissionFilter)
|
||||
{
|
||||
if (permissionFilter)
|
||||
*permissionFilter = nullptr;
|
||||
|
|
@ -176,9 +177,9 @@ bool FilterUtility::HasPermission(const ApiUser::Ptr& user, const String& permis
|
|||
FunctionCallExpression *fexpr = new FunctionCallExpression(std::move(indexer), std::move(args));
|
||||
|
||||
if (!*permissionFilter)
|
||||
*permissionFilter = fexpr;
|
||||
permissionFilter->reset(fexpr);
|
||||
else
|
||||
*permissionFilter = new LogicalOrExpression(std::unique_ptr<Expression>(*permissionFilter), std::unique_ptr<Expression>(fexpr));
|
||||
*permissionFilter = std::make_unique<LogicalOrExpression>(std::move(*permissionFilter), std::unique_ptr<Expression>(fexpr));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -191,7 +192,7 @@ bool FilterUtility::HasPermission(const ApiUser::Ptr& user, const String& permis
|
|||
return foundPermission;
|
||||
}
|
||||
|
||||
void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
|
||||
void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, std::unique_ptr<Expression>* permissionFilter)
|
||||
{
|
||||
if (!HasPermission(user, permission, permissionFilter)) {
|
||||
BOOST_THROW_EXCEPTION(ScriptError("Missing permission: " + permission.ToLower()));
|
||||
|
|
@ -209,7 +210,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
|
|||
else
|
||||
provider = new ConfigObjectTargetProvider();
|
||||
|
||||
Expression *permissionFilter;
|
||||
std::unique_ptr<Expression> permissionFilter;
|
||||
CheckPermission(user, qd.Permission, &permissionFilter);
|
||||
|
||||
Namespace::Ptr permissionFrameNS = new Namespace();
|
||||
|
|
@ -226,7 +227,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
|
|||
String name = HttpUtility::GetLastParameter(query, attr);
|
||||
Object::Ptr target = provider->GetTargetByName(type, name);
|
||||
|
||||
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName))
|
||||
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter.get(), target, variableName))
|
||||
BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
|
||||
|
||||
result.emplace_back(std::move(target));
|
||||
|
|
@ -242,7 +243,7 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
|
|||
for (const String& name : names) {
|
||||
Object::Ptr target = provider->GetTargetByName(type, name);
|
||||
|
||||
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName))
|
||||
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter.get(), target, variableName))
|
||||
BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
|
||||
|
||||
result.emplace_back(std::move(target));
|
||||
|
|
@ -279,15 +280,15 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
|
|||
}
|
||||
}
|
||||
|
||||
provider->FindTargets(type, [&permissionFrame, permissionFilter, &frame, &ufilter, &result, variableName](const Object::Ptr& target) {
|
||||
FilteredAddTarget(permissionFrame, permissionFilter, frame, &*ufilter, result, variableName, target);
|
||||
provider->FindTargets(type, [&permissionFrame, &permissionFilter, &frame, &ufilter, &result, variableName](const Object::Ptr& target) {
|
||||
FilteredAddTarget(permissionFrame, permissionFilter.get(), frame, &*ufilter, result, variableName, target);
|
||||
});
|
||||
} else {
|
||||
/* Ensure to pass a nullptr as filter expression.
|
||||
* GCC 8.1.1 on F28 causes problems, see GH #6533.
|
||||
*/
|
||||
provider->FindTargets(type, [&permissionFrame, permissionFilter, &frame, &result, variableName](const Object::Ptr& target) {
|
||||
FilteredAddTarget(permissionFrame, permissionFilter, frame, nullptr, result, variableName, target);
|
||||
provider->FindTargets(type, [&permissionFrame, &permissionFilter, &frame, &result, variableName](const Object::Ptr& target) {
|
||||
FilteredAddTarget(permissionFrame, permissionFilter.get(), frame, nullptr, result, variableName, target);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,8 +51,8 @@ class FilterUtility
|
|||
{
|
||||
public:
|
||||
static Type::Ptr TypeFromPluralName(const String& pluralName);
|
||||
static void CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **filter = nullptr);
|
||||
static bool HasPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter = nullptr);
|
||||
static void CheckPermission(const ApiUser::Ptr& user, const String& permission, std::unique_ptr<Expression>* filter = nullptr);
|
||||
static bool HasPermission(const ApiUser::Ptr& user, const String& permission, std::unique_ptr<Expression>* permissionFilter = nullptr);
|
||||
static std::vector<Value> GetFilterTargets(const QueryDescription& qd, const Dictionary::Ptr& query,
|
||||
const ApiUser::Ptr& user, const String& variableName = String());
|
||||
static bool EvaluateFilter(ScriptFrame& frame, Expression *filter,
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ bool ObjectQueryHandler::HandleRequest(
|
|||
joinAttrs.insert(field.Name);
|
||||
}
|
||||
|
||||
std::unordered_map<Type*, std::pair<bool, Expression::Ptr>> typePermissions;
|
||||
std::unordered_map<Type*, std::pair<bool, std::unique_ptr<Expression>>> typePermissions;
|
||||
std::unordered_map<Object*, bool> objectAccessAllowed;
|
||||
|
||||
for (const ConfigObject::Ptr& obj : objs) {
|
||||
|
|
@ -262,23 +262,21 @@ bool ObjectQueryHandler::HandleRequest(
|
|||
continue;
|
||||
|
||||
Type::Ptr reflectionType = joinedObj->GetReflectionType();
|
||||
Expression::Ptr permissionFilter;
|
||||
|
||||
auto it = typePermissions.find(reflectionType.get());
|
||||
bool granted;
|
||||
|
||||
if (it == typePermissions.end()) {
|
||||
String permission = "objects/query/" + reflectionType->GetName();
|
||||
|
||||
Expression *filter = nullptr;
|
||||
granted = FilterUtility::HasPermission(user, permission, &filter);
|
||||
permissionFilter = filter;
|
||||
std::unique_ptr<Expression> permissionFilter;
|
||||
granted = FilterUtility::HasPermission(user, permission, &permissionFilter);
|
||||
|
||||
typePermissions.insert({reflectionType.get(), std::make_pair(granted, permissionFilter)});
|
||||
} else {
|
||||
std::tie(granted, permissionFilter) = it->second;
|
||||
it = typePermissions.insert({reflectionType.get(), std::make_pair(granted, std::move(permissionFilter))}).first;
|
||||
}
|
||||
|
||||
granted = it->second.first;
|
||||
const std::unique_ptr<Expression>& permissionFilter = it->second.second;
|
||||
|
||||
if (!granted) {
|
||||
// Not authorized
|
||||
continue;
|
||||
|
|
|
|||
Loading…
Reference in New Issue