bool FilterUtility::EvaluateFilter(ScriptFrame& frame, Expression *filter,
const Object::Ptr& target, const String& variableName)
{
if (!filter)
return true;
Type::Ptr type = target->GetReflectionType();
String varName;
if (variableName.IsEmpty())
varName = type->GetName().ToLower();
else
varName = variableName;
Namespace::Ptr frameNS;
if (frame.Self.IsEmpty()) {
frameNS = new Namespace();
frame.Self = frameNS;
} else {
/* Enforce a namespace object for 'frame.self'. */
ASSERT(frame.Self.IsObjectType<Namespace>());
frameNS = frame.Self;
}
frameNS->Set("obj", target);
frameNS->Set(varName, target);
for (int fid = 0; fid < type->GetFieldCount(); fid++) {
Field field = type->GetFieldInfo(fid);
if ((field.Attributes & FANavigation) == 0)
continue;
Object::Ptr joinedObj = target->NavigateField(fid);
if (field.NavigationName)
frameNS->Set(field.NavigationName, joinedObj);
else
frameNS->Set(field.Name, joinedObj);
}
return Convert::ToBool(filter->Evaluate(frame));
}
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/
#include "base/dictionary.hpp"
#include "base/function.hpp"
#include "base/functionwrapper.hpp"
#include "base/scriptframe.hpp"
#include "base/initialize.hpp"
#include "base/json.hpp"
using namespace icinga;
static String JsonEncodeShim(const Value& value)
{
return JsonEncode(value);
}
INITIALIZE_ONCE([]() {
auto jsonNSBehavior = new ConstNamespaceBehavior();
Namespace::Ptr jsonNS = new Namespace(jsonNSBehavior);
/* Methods */
jsonNS->Set("encode", new Function("Json#encode", JsonEncodeShim, { "value" }, true));
jsonNS->Set("decode", new Function("Json#decode", JsonDecode, { "value" }, true));
jsonNSBehavior->Freeze();
Namespace::Ptr systemNS = ScriptGlobal::Get("System");
systemNS->SetAttribute("Json", std::make_shared<ConstEmbeddedNamespaceValue>(jsonNS));
});
std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, const Dictionary::Ptr& query, const ApiUser::Ptr& user, const String& variableName)
{
std::vector<Value> result;
TargetProvider::Ptr provider;
if (qd.Provider)
provider = qd.Provider;
else
provider = new ConfigObjectTargetProvider();
Expression *permissionFilter;
CheckPermission(user, qd.Permission, &permissionFilter);
ScriptFrame permissionFrame(true);
for (const String& type : qd.Types) {
String attr = type;
boost::algorithm::to_lower(attr);
if (attr == "type")
attr = "name";
if (query && query->Contains(attr)) {
String name = HttpUtility::GetLastParameter(query, attr);
Object::Ptr target = provider->GetTargetByName(type, name);
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName))
BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
result.emplace_back(std::move(target));
}
attr = provider->GetPluralName(type);
boost::algorithm::to_lower(attr);
if (query && query->Contains(attr)) {
Array::Ptr names = query->Get(attr);
if (names) {
ObjectLock olock(names);
for (const String& name : names) {
Object::Ptr target = provider->GetTargetByName(type, name);
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, target, variableName))
BOOST_THROW_EXCEPTION(ScriptError("Access denied to object '" + name + "' of type '" + type + "'"));
result.emplace_back(std::move(target));
}
}
}
}
if ((query && query->Contains("filter")) || result.empty()) {
if (!query->Contains("type"))
BOOST_THROW_EXCEPTION(std::invalid_argument("Type must be specified when using a filter."));
String type = HttpUtility::GetLastParameter(query, "type");
if (!provider->IsValidType(type))
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid type specified."));
if (qd.Types.find(type) == qd.Types.end())
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid type specified for this query."));
ScriptFrame frame(true);
frame.Sandboxed = true;
Namespace::Ptr frameNS = new Namespace();
if (query->Contains("filter")) {
String filter = HttpUtility::GetLastParameter(query, "filter");
std::unique_ptr<Expression> ufilter = ConfigCompiler::CompileText("<API query>", filter);
Dictionary::Ptr filter_vars = query->Get("filter_vars");
if (filter_vars) {
ObjectLock olock(filter_vars);
for (const Dictionary::Pair& kv : filter_vars) {
frameNS->Set(kv.first, kv.second);
}
}
frame.Self = frameNS;
provider->FindTargets(type, std::bind(&FilteredAddTarget,
std::ref(permissionFrame), permissionFilter,
std::ref(frame), &*ufilter, std::ref(result), variableName, _1));
} else {
/* Ensure to pass a nullptr as filter expression.
* GCC 8.1.1 on F28 causes problems, see GH #6533.
*/
provider->FindTargets(type, std::bind(&FilteredAddTarget,
std::ref(permissionFrame), permissionFilter,
std::ref(frame), nullptr, std::ref(result), variableName, _1));
}
}
return result;
}