mirror of
https://git.proxmox.com/git/pve-access-control
synced 2026-01-02 22:30:24 +00:00
return set of privileges on login - can be used to adopt GUI
This commit is contained in:
Dietmar Maurer
parent
533219a122
commit
dd2cfee072
2
Makefile
2
Makefile
@ -2,7 +2,7 @@ RELEASE=2.0
|
||||
|
||||
VERSION=1.0
|
||||
PACKAGE=libpve-access-control
|
||||
PKGREL=18
|
||||
PKGREL=19
|
||||
|
||||
DESTDIR=
|
||||
PREFIX=/usr
|
||||
|
||||
@ -131,6 +131,71 @@ my $create_ticket = sub {
|
||||
};
|
||||
};
|
||||
|
||||
my $compute_api_permission = sub {
|
||||
my ($rpcenv, $authuser) = @_;
|
||||
|
||||
my $usercfg = $rpcenv->{user_cfg};
|
||||
|
||||
my $nodelist = PVE::Cluster::get_nodelist();
|
||||
my $vmlist = PVE::Cluster::get_vmlist() || {};
|
||||
my $idlist = $vmlist->{ids} || {};
|
||||
|
||||
my $cfg = PVE::Storage::config();
|
||||
my @sids = PVE::Storage::storage_ids ($cfg);
|
||||
|
||||
my $res = {
|
||||
vms => {},
|
||||
storage => {},
|
||||
access => {},
|
||||
nodes => {},
|
||||
dc => {},
|
||||
};
|
||||
|
||||
foreach my $vmid (keys %$idlist, '__phantom__') {
|
||||
my $perm = $rpcenv->permissions($authuser, "/vms/$vmid");
|
||||
foreach my $priv (keys %$perm) {
|
||||
next if !($priv eq 'Permissions.Modify' ||$priv =~ m/^VM\./);
|
||||
$res->{vms}->{$priv} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $storeid (@sids, '__phantom__') {
|
||||
my $perm = $rpcenv->permissions($authuser, "/storage/$storeid");
|
||||
foreach my $priv (keys %$perm) {
|
||||
next if !($priv eq 'Permissions.Modify' || $priv =~ m/^Datastore\./);
|
||||
$res->{storage}->{$priv} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $path (('/access/groups')) {
|
||||
my $perm = $rpcenv->permissions($authuser, $path);
|
||||
foreach my $priv (keys %$perm) {
|
||||
next if $priv !~ m/^(User|Group)\./;
|
||||
$res->{access}->{$priv} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $group (keys %{$usercfg->{users}->{$authuser}->{groups}}, '__phantom__') {
|
||||
my $perm = $rpcenv->permissions($authuser, "/access/groups/$group");
|
||||
if ($perm->{'User.Modify'}) {
|
||||
$res->{access}->{'User.Modify'} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $node (@$nodelist) {
|
||||
my $perm = $rpcenv->permissions($authuser, "/nodes/$node");
|
||||
foreach my $priv (keys %$perm) {
|
||||
next if $priv !~ m/^Sys\./;
|
||||
$res->{nodes}->{$priv} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
my $perm = $rpcenv->permissions($authuser, "/");
|
||||
$res->{dc}->{'Sys.Audit'} = 1 if $perm->{'Sys.Audit'};
|
||||
|
||||
return $res;
|
||||
};
|
||||
|
||||
__PACKAGE__->register_method ({
|
||||
name => 'create_ticket',
|
||||
path => 'ticket',
|
||||
@ -207,6 +272,8 @@ __PACKAGE__->register_method ({
|
||||
die $err;
|
||||
}
|
||||
|
||||
$res->{cap} = &$compute_api_permission($rpcenv, $username);
|
||||
|
||||
PVE::Cluster::log_msg('info', 'root@pam', "successful auth for user '$username'");
|
||||
|
||||
return $res;
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
libpve-access-control (1.0-19) unstable; urgency=low
|
||||
|
||||
* return set of privileges on login - can be used to adopt GUI
|
||||
|
||||
-- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
|
||||
|
||||
libpve-access-control (1.0-18) unstable; urgency=low
|
||||
|
||||
* fix bug #151: corretly parse username inside ticket
|
||||
|
||||
Loading…
Reference in New Issue
Block a user