[pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp v3 00/10] add support for checking acl permissions in (yew) front-ends

Shannon Sterz s.sterz at proxmox.com
Thu Nov 6 15:38:26 CET 2025 

this patch series adds support for querying acl entries from the
front-end. it also makes it possible to reactively render ui components
depending on the user's privileges and refreshes this information every
time a new ticket is set.

the first four patches make it possible to use the AclTree by itself in
the ui. first by creating a new feature that exposes only it and some
types to dependent crates. then some functions that basically just query
the AclTree are moved to the AclTree itself to make it easier to re-use
them. the fourth patch derives Debug and PartialEq on the AclTree and
AclTreeNode to make it easier to handle these types in the ui. finally
the last commit allows to query all of a user's acl entries via the
API_METHOD_READ_ACL endpoint.

the next two patches first add an AclContext and AclContextProvider
implementation to proxmox-yew-comp. these allow applications to provide
acl information that components can hook into and get reactively
re-rendered. it also triggers reloading the acl information every time a
user logs in or a ticket gets refreshed.

lastly, proxmox-datacenter-manager is adapted to use this new
functionality. the seventh commit moves the AccessControlConfig to the
shared api types crate, so we can re-use it in the front-end. then an
AclContextProvider is added to the main ui component. this allows
components to retrieve said AclContext and use it to conditionally
render ui components. the last commit adds just such functionality to
the notes section of the pdm ui.

Follow-up
---------

if this series is applied, more ui components will need to be hooked
into the context to more widely use this functionality accross the
application.

Changelog
---------

note that there was already a v2 [1] of this series, but this was a mistake
and should be considered a v1. sorry for the confusion.

changes since v2:

- combine impl only functions into private modules and impl blocks to
  more cleanly separate them out (thanks @ Wolfgang Bumiller)
- add a small clean up commit for in-lining format string variables

changes since v1:

- move removing a use line to the right commit (thanks @ Dominik Csapak)
- instead of adapting the NodesView, simply avoid setting an on_submit
  callback if the user doesn't have the permissions (thanks @ Dominik
  Csapak)


proxmox:

Shannon Sterz (5):
  access-control: add acl feature to only expose types and the AclTree
  access-control: use format strings where possible
  access-control: move functions querying privileges to the AclTree
  access-control: derive Debug and PartialEq on AclTree and AclTreeNode
  access-control: allow reading all acls of the current authid

 proxmox-access-control/Cargo.toml             |   5 +-
 proxmox-access-control/src/acl.rs             | 509 +++++++++++-------
 proxmox-access-control/src/api/acl.rs         |  37 +-
 .../src/cached_user_info.rs                   |  91 +---
 proxmox-access-control/src/init.rs            |  91 ++--
 proxmox-access-control/src/lib.rs             |   4 +-
 proxmox-access-control/src/token_shadow.rs    |   2 +-
 proxmox-access-control/src/user.rs            |   3 +-
 8 files changed, 415 insertions(+), 327 deletions(-)


proxmox-yew-comp:

Shannon Sterz (2):
  acl_context: add AclContext and AclContextProvider
  http_helpers: reload LocalAclTree when logging in or refreshing a
    ticket

 Cargo.toml          |   2 +-
 src/acl_context.rs  | 204 ++++++++++++++++++++++++++++++++++++++++++++
 src/http_helpers.rs |   5 ++
 src/lib.rs          |   3 +
 4 files changed, 213 insertions(+), 1 deletion(-)
 create mode 100644 src/acl_context.rs


proxmox-datacenter-manager:

Shannon Sterz (3):
  server/api-types: move AccessControlConfig to shared api types
  ui: add an AclContext via the AclContextProvider to the main app ui
  ui: main menu: use the AclContext to hide the Notes if appropriate

 lib/pdm-api-types/Cargo.toml |   1 +
 lib/pdm-api-types/src/acl.rs | 158 ++++++++++++++++++++++++++++++++++
 server/src/acl.rs            | 162 +----------------------------------
 ui/Cargo.toml                |   1 +
 ui/src/main.rs               |  14 ++-
 ui/src/main_menu.rs          |  68 ++++++++++-----
 6 files changed, 221 insertions(+), 183 deletions(-)


Summary over all repositories:
  18 files changed, 849 insertions(+), 511 deletions(-)

--
Generated by git-murpp 0.8.1

More information about the pdm-devel mailing list