proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-12 10:02:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check_sdn_bridge: correctly handle noerr

Browse Source 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2023-06-07 11:33:39 +02:00
parent a5616d5c6e
commit 3c97bee53c
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/PVE/RPCEnvironment.pm
View File

@ -324,6 +324,7 @@ sub check_full {
} }
} }
# check for any fashion of access to vnet/bridge
sub check_sdn_bridge { sub check_sdn_bridge {
my ($self, $username, $zone, $bridge, $privs, $noerr) = @_; my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
@ -331,14 +332,19 @@ sub check_sdn_bridge {
my $cfg = $self->{user_cfg}; my $cfg = $self->{user_cfg};
my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path); my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
if ($bridge_acl) { if ($bridge_acl) {
# check access to VLANs
my $vlans = $bridge_acl->{children}; my $vlans = $bridge_acl->{children};
for my $vlan (keys %$vlans) { for my $vlan (keys %$vlans) {
my $vlanpath = "$path/$vlan"; my $vlanpath = "$path/$vlan";
return 1 if $self->check_any($username, $vlanpath, $privs, $noerr); return 1 if $self->check_any($username, $vlanpath, $privs, 1);
} }
# check access to bridge itself # check access to bridge itself
return 1 if $self->check_any($username, $path, $privs, $noerr); return 1 if $self->check_any($username, $path, $privs, 1);
} }
# repeat check, but fatal
$self->check_any($username, $path, $privs, 0) if !$noerr;
return; return;
} }