[pdm-devel] [PATCH proxmox 1/4] access-control: add more types to prepare for api feature
Shannon Sterz
s.sterz at proxmox.com
Thu Apr 3 16:17:58 CEST 2025
this includes:
- `ACL_PATH_SCHEMA`: describes the format of valid acl paths
- `ACL_PROPAGATE_SCHEMA`: describes whether an acl entry propagates to
its child paths
- `AclUgidType`: which type an acl entry refers to, either a user or a
group
- `AclListItem`: describes an entry of the ACL
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
proxmox-access-control/Cargo.toml | 3 ++
proxmox-access-control/src/types.rs | 59 ++++++++++++++++++++++++++++-
2 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/proxmox-access-control/Cargo.toml b/proxmox-access-control/Cargo.toml
index 9c355344..23be7fcb 100644
--- a/proxmox-access-control/Cargo.toml
+++ b/proxmox-access-control/Cargo.toml
@@ -13,10 +13,13 @@ rust-version.workspace = true
[dependencies]
anyhow.workspace = true
+const_format.workspace = true
nix = { workspace = true, optional = true }
openssl = { workspace = true, optional = true }
+regex.workspace = true
serde.workspace = true
serde_json = { workspace = true, optional = true }
+serde_plain.workspace = true
proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
proxmox-config-digest = { workspace = true, optional = true, features = [ "openssl" ] }
diff --git a/proxmox-access-control/src/types.rs b/proxmox-access-control/src/types.rs
index ae6de7cf..01d078de 100644
--- a/proxmox-access-control/src/types.rs
+++ b/proxmox-access-control/src/types.rs
@@ -1,10 +1,12 @@
use serde::{Deserialize, Serialize};
+use const_format::concatcp;
+
use proxmox_auth_api::types::{Authid, Userid, PROXMOX_TOKEN_ID_SCHEMA};
use proxmox_schema::{
api,
- api_types::{COMMENT_SCHEMA, SINGLE_LINE_COMMENT_FORMAT},
- BooleanSchema, IntegerSchema, Schema, StringSchema, Updater,
+ api_types::{COMMENT_SCHEMA, SAFE_ID_REGEX_STR, SINGLE_LINE_COMMENT_FORMAT},
+ const_regex, ApiStringFormat, BooleanSchema, IntegerSchema, Schema, StringSchema, Updater,
};
pub const ENABLE_USER_SCHEMA: Schema = BooleanSchema::new(
@@ -38,6 +40,23 @@ pub const EMAIL_SCHEMA: Schema = StringSchema::new("E-Mail Address.")
.max_length(64)
.schema();
+const_regex! {
+ pub ACL_PATH_REGEX = concatcp!(r"^(?:/|", r"(?:/", SAFE_ID_REGEX_STR, ")+", r")$");
+}
+
+pub const ACL_PATH_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&ACL_PATH_REGEX);
+
+pub const ACL_PATH_SCHEMA: Schema = StringSchema::new("Access control path.")
+ .format(&ACL_PATH_FORMAT)
+ .min_length(1)
+ .max_length(128)
+ .schema();
+
+pub const ACL_PROPAGATE_SCHEMA: Schema =
+ BooleanSchema::new("Allow to propagate (inherit) permissions.")
+ .default(true)
+ .schema();
+
#[api(
properties: {
user: {
@@ -192,3 +211,39 @@ impl User {
true
}
}
+
+#[api]
+/// Type of the 'ugid' property in the ACL entry list.
+#[derive(Clone, Copy, Debug, Eq, PartialEq, Deserialize, Serialize, Hash)]
+#[serde(rename_all = "lowercase")]
+pub enum AclUgidType {
+ /// An entry for a user (or token).
+ User,
+ /// An entry for a group.
+ Group,
+}
+
+serde_plain::derive_display_from_serialize!(AclUgidType);
+serde_plain::derive_fromstr_from_deserialize!(AclUgidType);
+
+#[api(
+ properties: {
+ propagate: { schema: ACL_PROPAGATE_SCHEMA, },
+ path: { schema: ACL_PATH_SCHEMA, },
+ ugid_type: { type: AclUgidType },
+ ugid: {
+ type: String,
+ description: "User or Group ID.",
+ },
+ }
+)]
+#[derive(Serialize, Deserialize, PartialEq, Clone, Hash)]
+/// Access control list entry.
+pub struct AclListItem {
+ pub path: String,
+ pub ugid: String,
+ pub ugid_type: AclUgidType,
+ pub propagate: bool,
+ /// A role represented as a string.
+ pub roleid: String,
+}
--
2.39.5
More information about the pdm-devel
mailing list