Auth::applyRestrictions(): Don't take redundancy_group into account

sukhwinder33445 · sukhwinder33445 · commit c6d8e5c62ca6 · 2025-02-03T12:37:18.000+01:00
Otherwise, redundany_group objects are not visible.

- New filter : Either the host/service is null (the object is a redundancy group) or given restrictions match
diff --git a/library/Icingadb/Common/Auth.php b/library/Icingadb/Common/Auth.php
@@ -168,8 +168,14 @@ public function applyRestrictions(Query $query)
                 }
 
                 if ($customVarRelationName === false || count($relations) > 1) {
-                    if (($restriction = $role->getRestrictions('icingadb/filter/objects'))) {
-                        $roleFilter->add($this->parseRestriction($restriction, 'icingadb/filter/objects'));
+                    if ($restriction = $role->getRestrictions('icingadb/filter/objects')) {
+                        $roleFilter->add(Filter::any(
+                            Filter::all(
+                                Filter::unlike('host.id', '*'),
+                                Filter::unlike('service.id', '*')
+                            ),
+                            $this->parseRestriction($restriction, 'icingadb/filter/objects')
+                        ));
                     }
 
                     if ($applyHostRestriction && ($restriction = $role->getRestrictions('icingadb/filter/hosts'))) {
@@ -178,7 +184,7 @@ public function applyRestrictions(Query $query)
                             $this->forceQueryOptimization($hostFilter, 'hostgroup.name');
                         }
 
-                        $roleFilter->add($hostFilter);
+                        $roleFilter->add(Filter::any(Filter::unlike('host.id', '*'), $hostFilter));
                     }
 
                     if (

Original file line number	Diff line number	Diff line change
`@@ -168,8 +168,14 @@ public function applyRestrictions(Query $query)`
`168`	`168`	`}`
`169`	`169`
`170`	`170`	`if ($customVarRelationName === false \|\| count($relations) > 1) {`
`171`		`- if (($restriction = $role->getRestrictions('icingadb/filter/objects'))) {`
`172`		`- $roleFilter->add($this->parseRestriction($restriction, 'icingadb/filter/objects'));`
	`171`	`+ if ($restriction = $role->getRestrictions('icingadb/filter/objects')) {`
	`172`	`+ $roleFilter->add(Filter::any(`
	`173`	`+ Filter::all(`
	`174`	`+ Filter::unlike('host.id', '*'),`
	`175`	`+ Filter::unlike('service.id', '*')`
	`176`	`+ ),`
	`177`	`+ $this->parseRestriction($restriction, 'icingadb/filter/objects')`
	`178`	`+ ));`
`173`	`179`	`}`
`174`	`180`
`175`	`181`	`if ($applyHostRestriction && ($restriction = $role->getRestrictions('icingadb/filter/hosts'))) {`
`@@ -178,7 +184,7 @@ public function applyRestrictions(Query $query)`
`178`	`184`	`$this->forceQueryOptimization($hostFilter, 'hostgroup.name');`
`179`	`185`	`}`
`180`	`186`
`181`		`- $roleFilter->add($hostFilter);`
	`187`	`+ $roleFilter->add(Filter::any(Filter::unlike('host.id', '*'), $hostFilter));`
`182`	`188`	`}`
`183`	`189`
`184`	`190`	`if (`