proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-06 02:24:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

access-control: remove check_permissions/permission

Browse Source 
they have been handled by PVE::RPCEnvironment for quite some time
already, and the versions there are the complete ones that should be
actually used.

manager switched over their last use not long ago, in 6.0-9, so
record a Breaks to that version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2019-11-21 15:43:22 +01:00 committed by Thomas Lamprecht
parent 369851ac6d
commit 9efcb56129
4 changed files with 8 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
PVE/AccessControl.pm
View File

@ -1275,43 +1275,6 @@ sub roles {
return @ra;
}
sub permission {
my ($cfg, $user, $path) = @_;
$user = PVE::Auth::Plugin::verify_username($user, 1);
return {} if !$user;
my @ra = roles($cfg, $user, $path);
my $privs = {};
foreach my $role (@ra) {
if (my $privset = $cfg->{roles}->{$role}) {
foreach my $p (keys %$privset) {
$privs->{$p} = 1;
}
}
}
#print "priviledges $user $path = " . Dumper ($privs);
return $privs;
}
sub check_permissions {
my ($username, $path, $privlist) = @_;
$path = normalize_path($path);
my $usercfg = cfs_read_file('user.cfg');
my $perm = permission($usercfg, $username, $path);
foreach my $priv (split_list($privlist)) {
return undef if !$perm->{$priv};
};
return 1;
}
sub remove_vm_access {
my ($vmid) = @_;
my $delVMaccessFn = sub {

1
debian/control vendored
View File

@ -31,6 +31,7 @@ Depends: libauthen-pam-perl,
pve-cluster (>= 5.0-35),
${misc:Depends},
${perl:Depends},
Breaks: pve-manager (<= 6.0-9),
Description: Proxmox VE access control library
This package contains the role based user management and access
control function used by Proxmox VE.

16
test/dump-perm.pl
View File

@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
use PVE::AccessControl;
use PVE::RPCEnvironment;
use Getopt::Long;
use Data::Dumper;
@ -23,18 +23,14 @@ if (!($username && $path)) {
my $cfg;
my $rpcenv = PVE::RPCEnvironment->init('cli');
if ($opt_file) {
my $fh = IO::File->new ($opt_file, 'r') ||
die "can't open file $opt_file - $!\n";
$cfg = PVE::AccessControl::parse_config ($opt_file, $fh);
$fh->close();
$rpcenv->init_request(userconfig => $opt_file);
} else {
$cfg = PVE::AccessControl::load_user_config();
$rpcenv->init_request();
}
my $perm = PVE::AccessControl::permission($cfg, $username, $path);
my $perm = $rpcenv->permissions($username, $path);
print "permission for user '$username' on '$path':\n";
print join(',', keys %$perm) . "\n";

2
test/perm-test1.pl
View File

@ -26,7 +26,7 @@ sub check_roles {
sub check_permission {
my ($user, $path, $expected_result) = @_;
my $perm = PVE::AccessControl::permission($rpcenv->{user_cfg}, $user, $path);
my $perm = $rpcenv->permissions($user, $path);
my $res = join(',', sort keys %$perm);
die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"