mirror of
https://git.proxmox.com/git/pve-manager
synced 2025-08-16 03:03:18 +00:00
implement PasswordEdit dialog
And cleanup permission check code.
This commit is contained in:
Dietmar Maurer
parent
2d6e2f4d49
commit
e4d554ba9b
@ -106,7 +106,7 @@ __PACKAGE__->register_method({
|
||||
my $max = $param->{max} || 0;
|
||||
my $user = $rpcenv->get_user();
|
||||
|
||||
my $admin = $rpcenv->check($user, "/", [ 'Sys.Syslog' ]);
|
||||
my $admin = $rpcenv->check($user, "/", [ 'Sys.Syslog' ], 1);
|
||||
|
||||
my $loguser = $admin ? '' : $user;
|
||||
|
||||
@ -162,7 +162,7 @@ __PACKAGE__->register_method({
|
||||
my $data = $idlist->{$vmid};
|
||||
|
||||
|
||||
next if !$rpcenv->check($user, "/vms/$vmid", [ 'VM.Audit' ]);
|
||||
next if !$rpcenv->check($user, "/vms/$vmid", [ 'VM.Audit' ], 1);
|
||||
|
||||
my $entry = {
|
||||
id => "$data->{type}/$vmid",
|
||||
@ -221,7 +221,7 @@ __PACKAGE__->register_method({
|
||||
|
||||
foreach my $storeid (@sids) {
|
||||
my $scfg = PVE::Storage::storage_config($cfg, $storeid);
|
||||
next if !$rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Audit' ]);
|
||||
next if !$rpcenv->check($user, "/storage/$storeid", [ 'Datastore.Audit' ], 1);
|
||||
# we create a entry for each node
|
||||
foreach my $node (@$nodelist) {
|
||||
next if !PVE::Storage::storage_check_enabled($cfg, $storeid, $node, 1);
|
||||
@ -276,7 +276,7 @@ __PACKAGE__->register_method({
|
||||
|
||||
return $res if !$tlist;
|
||||
|
||||
my $all = $rpcenv->check($user, "/", [ 'Sys.Audit' ]);
|
||||
my $all = $rpcenv->check($user, "/", [ 'Sys.Audit' ], 1);
|
||||
|
||||
foreach my $task (@$tlist) {
|
||||
push @$res, $task if $all || ($task->{user} eq $user);
|
||||
|
||||
@ -75,7 +75,7 @@ __PACKAGE__->register_method({
|
||||
my $count = 0;
|
||||
my $line;
|
||||
|
||||
my $auditor = $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
|
||||
my $auditor = $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ], 1);
|
||||
|
||||
my $parse_line = sub {
|
||||
if ($line =~ m/^(\S+)(\s([0-9A-Za-z]{8})(\s(\S.*))?)?$/) {
|
||||
@ -175,9 +175,9 @@ __PACKAGE__->register_method({
|
||||
my $user = $rpcenv->get_user();
|
||||
my $node = $param->{node};
|
||||
|
||||
my $sysadmin = $rpcenv->check($user, "/nodes/$node", [ 'Sys.Console' ]);
|
||||
die "Permission check failed\n"
|
||||
if !($sysadmin || $user eq $task->{user});
|
||||
if ($user ne $task->{user}) {
|
||||
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Console' ]);
|
||||
}
|
||||
|
||||
PVE::RPCEnvironment::check_worker($param->{upid}, 1);
|
||||
|
||||
@ -237,9 +237,9 @@ __PACKAGE__->register_method({
|
||||
my $user = $rpcenv->get_user();
|
||||
my $node = $param->{node};
|
||||
|
||||
my $auditor = $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
|
||||
die "Permission check failed\n"
|
||||
if !($auditor || $user eq $task->{user});
|
||||
if ($user ne $task->{user}) {
|
||||
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
|
||||
}
|
||||
|
||||
my $fh = IO::File->new($filename, "r");
|
||||
raise_param_exc({ upid => "no such task - unable to open file - $!" }) if !$fh;
|
||||
@ -309,9 +309,9 @@ __PACKAGE__->register_method({
|
||||
my $user = $rpcenv->get_user();
|
||||
my $node = $param->{node};
|
||||
|
||||
my $auditor = $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
|
||||
die "Permission check failed\n"
|
||||
if !($auditor || $user eq $task->{user});
|
||||
if ($user ne $task->{user}) {
|
||||
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
|
||||
}
|
||||
|
||||
my $pstart = PVE::ProcFSTools::read_proc_starttime($task->{pid});
|
||||
$task->{status} = ($pstart && ($pstart == $task->{pstart})) ?
|
||||
|
||||
24
PVE/REST.pm
24
PVE/REST.pm
@ -15,6 +15,7 @@ use LWP::UserAgent;
|
||||
use HTTP::Request::Common;
|
||||
use HTTP::Status qw(:constants :is status_message);
|
||||
use HTML::Entities;
|
||||
use PVE::Exception qw(raise raise_perm_exc);
|
||||
use PVE::JSONSchema;
|
||||
use PVE::AccessControl;
|
||||
use PVE::RPCEnvironment;
|
||||
@ -275,11 +276,11 @@ my $check_permissions = sub {
|
||||
|
||||
return 1 if !$username && $perm->{user} eq 'world';
|
||||
|
||||
return 0 if !$username;
|
||||
raise_perm_exc("user != null") if !$username;
|
||||
|
||||
return 1 if $username eq 'root@pam';
|
||||
|
||||
die "permission check failed (user != root)\n" if !$perm;
|
||||
raise_perm_exc('user != root@pam') if !$perm;
|
||||
|
||||
return 1 if $perm->{user} && $perm->{user} eq 'all';
|
||||
|
||||
@ -288,14 +289,11 @@ my $check_permissions = sub {
|
||||
|
||||
if ($perm->{path} && $perm->{privs}) {
|
||||
my $path = PVE::Tools::template_replace($perm->{path}, $param);
|
||||
if (!$rpcenv->check($username, $path, $perm->{privs})) {
|
||||
my $privstr = join(',', @{$perm->{privs}});
|
||||
die "Permission check failed ($path, $privstr)\n";
|
||||
}
|
||||
$rpcenv->check($username, $path, $perm->{privs});
|
||||
return 1;
|
||||
}
|
||||
|
||||
die "Permission check failed\n";
|
||||
raise_perm_exc();
|
||||
};
|
||||
|
||||
sub rest_handler {
|
||||
@ -332,7 +330,7 @@ sub rest_handler {
|
||||
my ($node, $storeid) = ($1, $2);
|
||||
my $perm = {
|
||||
path => "/storage/$storeid",
|
||||
privs => [ 'abc' ],
|
||||
privs => [ 'Datastore.AllocateSpace' ],
|
||||
};
|
||||
&$check_permissions($rpcenv, $perm, $username, {});
|
||||
$isUpload = 1;
|
||||
@ -347,7 +345,7 @@ sub rest_handler {
|
||||
if (my $err = $@) {
|
||||
return {
|
||||
status => HTTP_UNAUTHORIZED,
|
||||
message => $err,
|
||||
message => "$err", # always convert exception to string
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -392,7 +390,7 @@ sub rest_handler {
|
||||
if (my $err = $@) {
|
||||
return {
|
||||
status => HTTP_FORBIDDEN,
|
||||
message => $err,
|
||||
message => "$err", # always convert exception to string
|
||||
};
|
||||
}
|
||||
|
||||
@ -411,7 +409,7 @@ sub rest_handler {
|
||||
if (my $err = $@) {
|
||||
return {
|
||||
status => HTTP_INTERNAL_SERVER_ERROR,
|
||||
message => $err,
|
||||
message => "$err", # always convert exception to string
|
||||
};
|
||||
}
|
||||
if ($remip) {
|
||||
@ -446,11 +444,11 @@ sub rest_handler {
|
||||
if ($err) {
|
||||
if (ref($err) eq "PVE::Exception") {
|
||||
$resp->{status} = $err->{code} || HTTP_INTERNAL_SERVER_ERROR;
|
||||
$resp->{message} = $err->{msg} || $@;
|
||||
$resp->{errors} = $err->{errors} if $err->{errors};
|
||||
$resp->{message} = $err->{msg};
|
||||
} else {
|
||||
$resp->{status} = HTTP_INTERNAL_SERVER_ERROR;
|
||||
$resp->{message} = $@;
|
||||
$resp->{message} = "$err";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -178,6 +178,8 @@ Ext.define('PVE.dc.ACLView', {
|
||||
}
|
||||
});
|
||||
|
||||
PVE.Utils.monStoreErrors(me, store);
|
||||
|
||||
Ext.apply(me, {
|
||||
store: store,
|
||||
selModel: sm,
|
||||
|
||||
@ -75,6 +75,8 @@ Ext.define('PVE.dc.GroupView', {
|
||||
edit_btn, remove_btn
|
||||
];
|
||||
|
||||
PVE.Utils.monStoreErrors(me, store);
|
||||
|
||||
Ext.apply(me, {
|
||||
store: store,
|
||||
selModel: sm,
|
||||
|
||||
@ -26,6 +26,8 @@ Ext.define('PVE.dc.RoleView', {
|
||||
return value.replace(/\,/g, ' ');
|
||||
};
|
||||
|
||||
PVE.Utils.monStoreErrors(me, store);
|
||||
|
||||
Ext.apply(me, {
|
||||
store: store,
|
||||
stateful: false,
|
||||
|
||||
@ -136,9 +136,7 @@ Ext.define('PVE.dc.UserEdit', {
|
||||
},
|
||||
submitValue: false
|
||||
});
|
||||
} else {
|
||||
update_passwd_field(me.userid.match(/@([^@]+)$/)[1]);
|
||||
}
|
||||
}
|
||||
|
||||
var ipanel = Ext.create('PVE.panel.InputPanel', {
|
||||
column1: column1,
|
||||
|
||||
@ -1,3 +1,53 @@
|
||||
Ext.define('PVE.window.PasswordEdit', {
|
||||
extend: 'PVE.window.Edit',
|
||||
|
||||
initComponent : function() {
|
||||
var me = this;
|
||||
|
||||
if (!me.userid) {
|
||||
throw "no userid specified";
|
||||
}
|
||||
|
||||
var validate_pw = function() {
|
||||
if (verifypw.getValue() !== pwfield.getValue()) {
|
||||
return gettext("Passwords does not match");
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
||||
var verifypw = Ext.createWidget('textfield', {
|
||||
inputType: 'password',
|
||||
fieldLabel: gettext('Verify Password'),
|
||||
name: 'verifypassword',
|
||||
submitValue: false,
|
||||
validator: validate_pw
|
||||
});
|
||||
|
||||
var pwfield = Ext.createWidget('textfield', {
|
||||
inputType: 'password',
|
||||
fieldLabel: gettext('Password'),
|
||||
minLength: 5,
|
||||
name: 'password',
|
||||
validator: validate_pw
|
||||
});
|
||||
|
||||
Ext.apply(me, {
|
||||
subject: gettext('Password'),
|
||||
url: '/api2/extjs/access/password',
|
||||
items: [
|
||||
pwfield, verifypw,
|
||||
{
|
||||
xtype: 'hiddenfield',
|
||||
name: 'userid',
|
||||
value: me.userid,
|
||||
}
|
||||
]
|
||||
});
|
||||
|
||||
me.callParent();
|
||||
}
|
||||
});
|
||||
|
||||
Ext.define('PVE.dc.UserView', {
|
||||
extend: 'Ext.grid.GridPanel',
|
||||
|
||||
@ -69,6 +119,19 @@ Ext.define('PVE.dc.UserView', {
|
||||
handler: run_editor
|
||||
});
|
||||
|
||||
var pwchange_btn = new PVE.button.Button({
|
||||
text: gettext('Password'),
|
||||
disabled: true,
|
||||
selModel: sm,
|
||||
handler: function(btn, event, rec) {
|
||||
var win = Ext.create('PVE.window.PasswordEdit',{
|
||||
userid: rec.data.userid
|
||||
});
|
||||
win.on('destroy', reload);
|
||||
win.show();
|
||||
}
|
||||
});
|
||||
|
||||
var tbar = [
|
||||
{
|
||||
text: gettext('Create'),
|
||||
@ -79,7 +142,7 @@ Ext.define('PVE.dc.UserView', {
|
||||
win.show();
|
||||
}
|
||||
},
|
||||
edit_btn, remove_btn
|
||||
edit_btn, remove_btn, pwchange_btn
|
||||
];
|
||||
|
||||
var render_full_name = function(firstname, metaData, record) {
|
||||
|
||||
@ -5,7 +5,7 @@ Ext.define('PVE.window.NotesEdit', {
|
||||
var me = this;
|
||||
|
||||
Ext.apply(me, {
|
||||
title: "Notes",
|
||||
title: gettext('Notes'),
|
||||
width: 600,
|
||||
layout: 'fit',
|
||||
items: {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user