From c6d8e5c62ca6a3891327edc436ec4e0e4d4c4cfb Mon Sep 17 00:00:00 2001 From: Sukhwinder Dhillon Date: Mon, 3 Feb 2025 11:48:01 +0100 Subject: [PATCH] `Auth::applyRestrictions()`: Don't take `redundancy_group` into account Otherwise, redundany_group objects are not visible. - New filter : Either the host/service is null (the object is a redundancy group) or given restrictions match --- library/Icingadb/Common/Auth.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/library/Icingadb/Common/Auth.php b/library/Icingadb/Common/Auth.php index d25526e65..0cabff7bc 100644 --- a/library/Icingadb/Common/Auth.php +++ b/library/Icingadb/Common/Auth.php @@ -168,8 +168,14 @@ public function applyRestrictions(Query $query) } if ($customVarRelationName === false || count($relations) > 1) { - if (($restriction = $role->getRestrictions('icingadb/filter/objects'))) { - $roleFilter->add($this->parseRestriction($restriction, 'icingadb/filter/objects')); + if ($restriction = $role->getRestrictions('icingadb/filter/objects')) { + $roleFilter->add(Filter::any( + Filter::all( + Filter::unlike('host.id', '*'), + Filter::unlike('service.id', '*') + ), + $this->parseRestriction($restriction, 'icingadb/filter/objects') + )); } if ($applyHostRestriction && ($restriction = $role->getRestrictions('icingadb/filter/hosts'))) { @@ -178,7 +184,7 @@ public function applyRestrictions(Query $query) $this->forceQueryOptimization($hostFilter, 'hostgroup.name'); } - $roleFilter->add($hostFilter); + $roleFilter->add(Filter::any(Filter::unlike('host.id', '*'), $hostFilter)); } if (