proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-08 14:23:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

access-control: remove check_permissions/permission

Browse Source 
they have been handled by PVE::RPCEnvironment for quite some time
already, and the versions there are the complete ones that should be
actually used.

manager switched over their last use not long ago, in 6.0-9, so
record a Breaks to that version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2019-11-21 15:43:22 +01:00 committed by Thomas Lamprecht
parent 369851ac6d
commit 9efcb56129
4 changed files with 8 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
PVE/AccessControl.pm
View File

@ -1275,43 +1275,6 @@ sub roles {
return @ra; return @ra;
} }
sub permission {
my ($cfg, $user, $path) = @_;
$user = PVE::Auth::Plugin::verify_username($user, 1);
return {} if !$user;
my @ra = roles($cfg, $user, $path);
my $privs = {};
foreach my $role (@ra) {
if (my $privset = $cfg->{roles}->{$role}) {
foreach my $p (keys %$privset) {
$privs->{$p} = 1;
}
}
}
#print "priviledges $user $path = " . Dumper ($privs);
return $privs;
}
sub check_permissions {
my ($username, $path, $privlist) = @_;
$path = normalize_path($path);
my $usercfg = cfs_read_file('user.cfg');
my $perm = permission($usercfg, $username, $path);
foreach my $priv (split_list($privlist)) {
return undef if !$perm->{$priv};
};
return 1;
}
sub remove_vm_access { sub remove_vm_access {
my ($vmid) = @_; my ($vmid) = @_;
my $delVMaccessFn = sub { my $delVMaccessFn = sub {

1
debian/control vendored
View File

@ -31,6 +31,7 @@ Depends: libauthen-pam-perl,
pve-cluster (>= 5.0-35), pve-cluster (>= 5.0-35),
${misc:Depends}, ${misc:Depends},
${perl:Depends}, ${perl:Depends},
Breaks: pve-manager (<= 6.0-9),
Description: Proxmox VE access control library Description: Proxmox VE access control library
This package contains the role based user management and access This package contains the role based user management and access
control function used by Proxmox VE. control function used by Proxmox VE.

16
test/dump-perm.pl
View File

@ -1,7 +1,7 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
use strict; use strict;
use PVE::AccessControl; use PVE::RPCEnvironment;
use Getopt::Long; use Getopt::Long;
use Data::Dumper; use Data::Dumper;
@ -23,18 +23,14 @@ if (!($username && $path)) {
my $cfg; my $cfg;
my $rpcenv = PVE::RPCEnvironment->init('cli');
if ($opt_file) { if ($opt_file) {
$rpcenv->init_request(userconfig => $opt_file);
my $fh = IO::File->new ($opt_file, 'r') ||
die "can't open file $opt_file - $!\n";
$cfg = PVE::AccessControl::parse_config ($opt_file, $fh);
$fh->close();
} else { } else {
$cfg = PVE::AccessControl::load_user_config(); $rpcenv->init_request();
} }
my $perm = PVE::AccessControl::permission($cfg, $username, $path);
my $perm = $rpcenv->permissions($username, $path);
print "permission for user '$username' on '$path':\n"; print "permission for user '$username' on '$path':\n";
print join(',', keys %$perm) . "\n"; print join(',', keys %$perm) . "\n";

2
test/perm-test1.pl
View File

@ -26,7 +26,7 @@ sub check_roles {
sub check_permission { sub check_permission {
my ($user, $path, $expected_result) = @_; my ($user, $path, $expected_result) = @_;
my $perm = PVE::AccessControl::permission($rpcenv->{user_cfg}, $user, $path); my $perm = $rpcenv->permissions($user, $path);
my $res = join(',', sort keys %$perm); my $res = join(',', sort keys %$perm);
die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"