Add user object to the filter namespace

[wolneykien]

The current evaluation context of the filter function defined for an ApiUser doesn't provide any way to access the user object itself.

With the patch applied the problem of having an ApiUser per Host (see https://community.icinga.com/t/per-host-api-user-for-passive-check-submission/9053/3 , for instance) can be solved by first defining a template like this:

template ApiUser "usersync" {
  permissions = [{
    permission = "actions/process-check-result"
    filter = () => {
      return host.name == user.client_cn
    }
  }]
}

And then by creating an ApiUser that imports it, possibly using the REST API. I. e.:

curl ... -X PUT 'https://localhost:5665/v1/objects/apiusers/userforhost1' -d '{"attrs": {"client_cn": "host1"}, "templates": ["usersync"]}'

[cla-bot[bot]]

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: Paul Wolneykien. This is most likely caused by a git client misconfiguration; please make sure to:

1. check if your git client is configured with an email to sign commits git config --list | grep email
2. If not, set it up using git config --global user.email [email protected]
3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

[Al2Klimov]

Didn't test, but I could imagine that it also works like this:

• At the beginning of the template get the user: var user = this
• Capture that var in the filter closure: use(user)

[wolneykien]

Didn't test, but I could imagine that it also works like this:

* At the beginning of the template get the user: `var user = this`

* Capture that var in the filter closure: `use(user)`

Wow, thanks. It seems to work. I'll re-test today on a "vanilla" icinga2 instance.

[wolneykien]

The closure approach works well. And this is the project where the mentioned ApiUser template is used: https://github.com/wolneykien/icinga2-usersyncd .