mirror of
https://git.proxmox.com/git/pve-access-control
synced 2025-08-06 02:24:03 +00:00
access-control: remove check_permissions/permission
they have been handled by PVE::RPCEnvironment for quite some time already, and the versions there are the complete ones that should be actually used. manager switched over their last use not long ago, in 6.0-9, so record a Breaks to that version. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
369851ac6d
commit
9efcb56129
@ -1275,43 +1275,6 @@ sub roles {
|
||||
return @ra;
|
||||
}
|
||||
|
||||
sub permission {
|
||||
my ($cfg, $user, $path) = @_;
|
||||
|
||||
$user = PVE::Auth::Plugin::verify_username($user, 1);
|
||||
return {} if !$user;
|
||||
|
||||
my @ra = roles($cfg, $user, $path);
|
||||
|
||||
my $privs = {};
|
||||
|
||||
foreach my $role (@ra) {
|
||||
if (my $privset = $cfg->{roles}->{$role}) {
|
||||
foreach my $p (keys %$privset) {
|
||||
$privs->{$p} = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#print "priviledges $user $path = " . Dumper ($privs);
|
||||
|
||||
return $privs;
|
||||
}
|
||||
|
||||
sub check_permissions {
|
||||
my ($username, $path, $privlist) = @_;
|
||||
|
||||
$path = normalize_path($path);
|
||||
my $usercfg = cfs_read_file('user.cfg');
|
||||
my $perm = permission($usercfg, $username, $path);
|
||||
|
||||
foreach my $priv (split_list($privlist)) {
|
||||
return undef if !$perm->{$priv};
|
||||
};
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub remove_vm_access {
|
||||
my ($vmid) = @_;
|
||||
my $delVMaccessFn = sub {
|
||||
|
1
debian/control
vendored
1
debian/control
vendored
@ -31,6 +31,7 @@ Depends: libauthen-pam-perl,
|
||||
pve-cluster (>= 5.0-35),
|
||||
${misc:Depends},
|
||||
${perl:Depends},
|
||||
Breaks: pve-manager (<= 6.0-9),
|
||||
Description: Proxmox VE access control library
|
||||
This package contains the role based user management and access
|
||||
control function used by Proxmox VE.
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/usr/bin/perl -w
|
||||
|
||||
use strict;
|
||||
use PVE::AccessControl;
|
||||
use PVE::RPCEnvironment;
|
||||
use Getopt::Long;
|
||||
use Data::Dumper;
|
||||
|
||||
@ -23,18 +23,14 @@ if (!($username && $path)) {
|
||||
|
||||
my $cfg;
|
||||
|
||||
my $rpcenv = PVE::RPCEnvironment->init('cli');
|
||||
if ($opt_file) {
|
||||
|
||||
my $fh = IO::File->new ($opt_file, 'r') ||
|
||||
die "can't open file $opt_file - $!\n";
|
||||
|
||||
$cfg = PVE::AccessControl::parse_config ($opt_file, $fh);
|
||||
$fh->close();
|
||||
|
||||
$rpcenv->init_request(userconfig => $opt_file);
|
||||
} else {
|
||||
$cfg = PVE::AccessControl::load_user_config();
|
||||
$rpcenv->init_request();
|
||||
}
|
||||
my $perm = PVE::AccessControl::permission($cfg, $username, $path);
|
||||
|
||||
my $perm = $rpcenv->permissions($username, $path);
|
||||
|
||||
print "permission for user '$username' on '$path':\n";
|
||||
print join(',', keys %$perm) . "\n";
|
||||
|
@ -26,7 +26,7 @@ sub check_roles {
|
||||
sub check_permission {
|
||||
my ($user, $path, $expected_result) = @_;
|
||||
|
||||
my $perm = PVE::AccessControl::permission($rpcenv->{user_cfg}, $user, $path);
|
||||
my $perm = $rpcenv->permissions($user, $path);
|
||||
my $res = join(',', sort keys %$perm);
|
||||
|
||||
die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
|
||||
|
Loading…
Reference in New Issue
Block a user