This was easy because only README.md and doc/01-About.md were redacted manually, everything else via:
git ls-files -z |xargs -0 perl -pi -e 's/Icinga GmbH \| GPLv2/Icinga GmbH | GPLv2+/'
This is legal because we have only merged PRs with label:cla/signed or made by Icinga staff:
https://github.com/Icinga/icingadb-web/pulls?page=1&q=is%3Apr+is%3Aclosed+-label%3Acla%2Fsigned+-author%3Anilmerg
This has no risk for us in people distributing their own version under GPLv3 only.
After all, we won't take their patches anyway, unless they sign our CLA.
This is the cleanest solution for having e.g. these in one address space:
* Icinga Web, GPLv2+
* K8s Web, AGPLv3
* Thirdparty, some LGPLv3 and Apache-2.0
Apropos, K8s Web is even v3-licensed on purpose, to have a stronger protection against cloud ops.
* Auth: Add method `assertColumnRestrictions`
* ObjectSuggestions: Do not suggest protected variables
`assertColumnRestrictions` does not allow to use them
anymore, hence we should not suggest them in searches
as well to not to let the user run into an error by
accepting a suggestion. Though, when fetching values
as well, we still have to obfuscate, otherwise protected
vars won't show up in details anymore.
* Introduce Icinga\Module\Icingadb\Common\Model
Must be used as base for all models, to ensure
column restrictions are asserted on filters.
* Utilize `Icinga\Module\Icingadb\Common\Model` where applicable
Otherwise, redundany_group objects are not visible.
- New filter : Either the host/service is null (the object is a redundancy group) or given restrictions match
Forces the given restriction/filter to be wrapped in a subquery if there is a restriction applied
to `*/services` or `*/hosts` with `hostgroup.name` or `servicegroup.name`. If `hostgroup.name` is
used for services restriction, it is automatically wrapped to a subquery, because service model
has no direct relation to `hostgroup` and it is the same with host model and `servicegroup.name`.
`grantsOnType()` will now perform the permission check it is asked for
on every object that matches the filter. It will then cache all
individual results so that any subsequent call to `grantsOn()` will
hit the cache instead of triggering another query.
