proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-06-08 06:23:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

simplify filter_groups

Browse Source
This commit is contained in:
Dietmar Maurer 2012-01-23 09:58:03 +01:00
parent 37d45debb1
commit b9180ed235
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PVE/API2/AccessControl.pm
View File

@ -248,7 +248,7 @@ __PACKAGE__->register_method ({
my $privs = [ 'Sys.UserMod', 'Sys.UserAdd' ]; my $privs = [ 'Sys.UserMod', 'Sys.UserAdd' ];
if (!$rpcenv->check_any($authuser, "/access", $privs, 1)) { if (!$rpcenv->check_any($authuser, "/access", $privs, 1)) {
my $groups = $rpcenv->filter_groups($authuser, sub { return "/access/groups/" . shift; }, $privs, 1); my $groups = $rpcenv->filter_groups($authuser, $privs, 1);
my $allowed_users = $rpcenv->group_member_join([keys %$groups]); my $allowed_users = $rpcenv->group_member_join([keys %$groups]);
raise_perm_exc() if !$allowed_users->{$userid}; raise_perm_exc() if !$allowed_users->{$userid};
} }

2
PVE/API2/User.pm
View File

@ -70,7 +70,7 @@ __PACKAGE__->register_method ({
my $privs = [ 'Sys.UserMod', 'Sys.UserAdd' ]; my $privs = [ 'Sys.UserMod', 'Sys.UserAdd' ];
my $canUserMod = $rpcenv->check_any($authuser, "/access", $privs, 1); my $canUserMod = $rpcenv->check_any($authuser, "/access", $privs, 1);
my $groups = $rpcenv->filter_groups($authuser, sub { return "/access/groups/" . shift; }, $privs, 1); my $groups = $rpcenv->filter_groups($authuser, $privs, 1);
my $allowed_users = $rpcenv->group_member_join([keys %$groups]); my $allowed_users = $rpcenv->group_member_join([keys %$groups]);
foreach my $user (keys %{$usercfg->{users}}) { foreach my $user (keys %{$usercfg->{users}}) {

7
PVE/RPCEnvironment.pm
View File

@ -216,18 +216,19 @@ sub is_group_member {
} }
sub filter_groups { sub filter_groups {
my ($self, $user, $getPath, $privs, $any) = @_; my ($self, $user, $privs, $any) = @_;
my $cfg = $self->{user_cfg}; my $cfg = $self->{user_cfg};
my $groups = {}; my $groups = {};
foreach my $group (keys %{$cfg->{groups}}) { foreach my $group (keys %{$cfg->{groups}}) {
my $path = "/access/groups/$group";
if ($any) { if ($any) {
if ($self->check_any($user, &$getPath($group), $privs, 1)) { if ($self->check_any($user, $path, $privs, 1)) {
$groups->{$group} = $cfg->{groups}->{$group}; $groups->{$group} = $cfg->{groups}->{$group};
} }
} else { } else {
if ($self->check($user, &$getPath($group), $privs, 1)) { if ($self->check($user, $path, $privs, 1)) {
$groups->{$group} = $cfg->{groups}->{$group}; $groups->{$group} = $cfg->{groups}->{$group};
} }
} }