GroupMembershipResolver: respect own groups and...
...inherited ones fixes #1464 fixes #1449
This commit is contained in:
Thomas Gelf
parent
e115c1503b
commit
c6de458235
|
|
@ -14,6 +14,8 @@ before switching to a new version.
|
|||
* FEATURE: Showing the executed SQL query now requires the `showsql` permission
|
||||
* FEATURE: Grant access to Service Set in a controlled way
|
||||
* FIX: do not allow a user to create hosts he wouldn't be allowed to see #1451
|
||||
* FIX: Hostgroup-based restrictions worked fine when applied, bug was buggy in
|
||||
combination with directly assigned or inherited groups (#1464)
|
||||
|
||||
### Icinga Configuration
|
||||
* FEATURE: Add 'is false (or not set)' condition for apply rules (#1436)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ namespace Icinga\Module\Director\Objects;
|
|||
use Icinga\Application\Benchmark;
|
||||
use Icinga\Data\Filter\Filter;
|
||||
use Icinga\Module\Director\Db;
|
||||
use InvalidArgumentException;
|
||||
use LogicException;
|
||||
use Zend_Db_Select as ZfSelect;
|
||||
|
||||
|
|
@ -44,6 +45,8 @@ abstract class GroupMembershipResolver
|
|||
/** @var bool */
|
||||
protected $useTransactions = false;
|
||||
|
||||
protected $groupMap;
|
||||
|
||||
public function __construct(Db $connection)
|
||||
{
|
||||
$this->connection = $connection;
|
||||
|
|
@ -269,6 +272,24 @@ abstract class GroupMembershipResolver
|
|||
);
|
||||
}
|
||||
|
||||
protected function getGroupId($name)
|
||||
{
|
||||
if ($this->groupMap === null) {
|
||||
$this->groupMap = $this->db->fetchPairs(
|
||||
$this->db->select()->from('icinga_hostgroup', ['object_name', 'id'])
|
||||
);
|
||||
}
|
||||
|
||||
if (array_key_exists($name, $this->groupMap)) {
|
||||
return $this->groupMap[$name];
|
||||
} else {
|
||||
throw new InvalidArgumentException(
|
||||
'Unable to lookup the group name for "%s"',
|
||||
$name
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
protected function removeOutdatedMappings()
|
||||
{
|
||||
$diff = $this->getDifference($this->existingMappings, $this->newMappings);
|
||||
|
|
@ -328,6 +349,9 @@ abstract class GroupMembershipResolver
|
|||
return $diff;
|
||||
}
|
||||
|
||||
/**
|
||||
* This fetches already resolved memberships
|
||||
*/
|
||||
protected function fetchStoredMappings()
|
||||
{
|
||||
$mappings = array();
|
||||
|
|
@ -342,7 +366,6 @@ abstract class GroupMembershipResolver
|
|||
);
|
||||
$this->addMembershipWhere($query, "${type}_id", $this->objects);
|
||||
$this->addMembershipWhere($query, "${type}group_id", $this->groups);
|
||||
|
||||
foreach ($this->db->fetchAll($query) as $row) {
|
||||
$groupId = $row->group_id;
|
||||
$objectId = $row->object_id;
|
||||
|
|
@ -402,20 +425,34 @@ abstract class GroupMembershipResolver
|
|||
continue;
|
||||
}
|
||||
$mt = microtime(true);
|
||||
$id = $object->get('id');
|
||||
|
||||
// TODO: fix this last hard host dependency
|
||||
$resolver = HostApplyMatches::prepare($object);
|
||||
foreach ($groups as $groupId => $filter) {
|
||||
if ($resolver->matchesFilter($filter)) {
|
||||
if (! array_key_exists($groupId, $mappings)) {
|
||||
$mappings[$groupId] = array();
|
||||
$mappings[$groupId] = [];
|
||||
}
|
||||
|
||||
$id = $object->get('id');
|
||||
$mappings[$groupId][$id] = $id;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$groupNames = $object->get('groups');
|
||||
if (empty($groupNames)) {
|
||||
$groupNames = $object->listInheritedGroupNames();
|
||||
}
|
||||
foreach ($groupNames as $name) {
|
||||
$groupId = $this->getGroupId($name);
|
||||
if (! array_key_exists($groupId, $mappings)) {
|
||||
$mappings[$groupId] = [];
|
||||
}
|
||||
|
||||
$mappings[$groupId][$id] = $id;
|
||||
}
|
||||
|
||||
$times[] = (microtime(true) - $mt) * 1000;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue