[pdm-devel] [PATCH proxmox v2 3/6] access-control: add comments to roles function of AccessControlConfig
Shannon Sterz
s.sterz at proxmox.com
Fri Apr 11 15:44:27 CEST 2025
this will allow us to implement a generic `roles()` endpoint similar
to the one proxmox backup server already has at `/access/roles` and
that proxmox-yew-comp's `RoleSelector` already relies on.
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
this was moved from pbs:
- pbs: /src/api2/access/role.rs
proxmox-access-control/src/acl.rs | 12 ++++++------
proxmox-access-control/src/cached_user_info.rs | 4 ++--
proxmox-access-control/src/init.rs | 5 +++--
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/proxmox-access-control/src/acl.rs b/proxmox-access-control/src/acl.rs
index b8041688..270292ac 100644
--- a/proxmox-access-control/src/acl.rs
+++ b/proxmox-access-control/src/acl.rs
@@ -647,11 +647,11 @@ mod test {
#[derive(Debug)]
struct TestAcmConfig<'a> {
- roles: HashMap<&'a str, u64>,
+ roles: HashMap<&'a str, (u64, &'a str)>,
}
impl AccessControlConfig for TestAcmConfig<'_> {
- fn roles(&self) -> &HashMap<&str, u64> {
+ fn roles(&self) -> &HashMap<&str, (u64, &str)> {
&self.roles
}
@@ -672,10 +672,10 @@ mod test {
static ACL_CONFIG: OnceLock<TestAcmConfig> = OnceLock::new();
let config = ACL_CONFIG.get_or_init(|| {
let mut roles = HashMap::new();
- roles.insert("NoAccess", 0);
- roles.insert("Admin", u64::MAX);
- roles.insert("DatastoreBackup", 4);
- roles.insert("DatastoreReader", 8);
+ roles.insert("NoAccess", (0, "comment"));
+ roles.insert("Admin", (u64::MAX, "comment"));
+ roles.insert("DatastoreBackup", (4, "comment"));
+ roles.insert("DatastoreReader", (8, "comment"));
TestAcmConfig { roles }
});
diff --git a/proxmox-access-control/src/cached_user_info.rs b/proxmox-access-control/src/cached_user_info.rs
index 4d011f00..f5ed2858 100644
--- a/proxmox-access-control/src/cached_user_info.rs
+++ b/proxmox-access-control/src/cached_user_info.rs
@@ -150,7 +150,7 @@ impl CachedUserInfo {
if self.is_superuser(auth_id) {
let acm_config = access_conf();
if let Some(admin) = acm_config.role_admin() {
- if let Some(admin) = acm_config.roles().get(admin) {
+ if let Some((admin, _)) = acm_config.roles().get(admin) {
return (*admin, *admin);
}
}
@@ -160,7 +160,7 @@ impl CachedUserInfo {
let mut privs: u64 = 0;
let mut propagated_privs: u64 = 0;
for (role, propagate) in roles {
- if let Some(role_privs) = access_conf().roles().get(role.as_str()) {
+ if let Some((role_privs, _)) = access_conf().roles().get(role.as_str()) {
if propagate {
propagated_privs |= role_privs;
}
diff --git a/proxmox-access-control/src/init.rs b/proxmox-access-control/src/init.rs
index a6d36780..c219a78e 100644
--- a/proxmox-access-control/src/init.rs
+++ b/proxmox-access-control/src/init.rs
@@ -16,8 +16,9 @@ pub trait AccessControlConfig: Send + Sync {
/// Returns a mapping of all recognized privileges and their corresponding `u64` value.
fn privileges(&self) -> &HashMap<&str, u64>;
- /// Returns a mapping of all recognized roles and their corresponding `u64` value.
- fn roles(&self) -> &HashMap<&str, u64>;
+ /// Returns a mapping of all recognized roles and their corresponding `u64` value as well as
+ /// a comment.
+ fn roles(&self) -> &HashMap<&str, (u64, &str)>;
/// Checks whether an `Authid` has super user privileges or not.
///
--
2.39.5
More information about the pdm-devel
mailing list