[pdm-devel] [PATCH proxmox-datacenter-manager 4/9] api: allow acl paths longer than 4 segments in sdn
Gabriel Goller
g.goller at proxmox.com
Wed Nov 12 14:20:21 CET 2025
When setting granular permissions on SDN zones, vnets or controllers,
the path includes both the resource type and name. This results in
5 path segments (e.g., `/sdn/zones/{zone}`), exceeding the previous
4-segment limit.
Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
---
server/src/acl.rs | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/server/src/acl.rs b/server/src/acl.rs
index 52a1f972b9a9..709c7ca073b0 100644
--- a/server/src/acl.rs
+++ b/server/src/acl.rs
@@ -99,7 +99,7 @@ impl proxmox_access_control::init::AccessControlConfig for AccessControlConfig {
if components_len <= 2 {
return Ok(());
}
- // `/resource/{remote-id}/{resource-type=guest,storage}/{resource-id}`
+ // `/resource/{remote-id}/{resource-type=guest,storage}/...`
match components[2] {
"guest" | "storage" => {
// /resource/{remote-id}/{resource-type}
@@ -108,6 +108,13 @@ impl proxmox_access_control::init::AccessControlConfig for AccessControlConfig {
return Ok(());
}
}
+ "sdn" => {
+ // /resource/{remote-id}/sdn
+ // /resource/{remote-id}/sdn/{sdn-type}/{sdn-id}
+ if components_len <= 5 {
+ return Ok(());
+ }
+ }
_ => {}
}
}
--
2.47.3
More information about the pdm-devel
mailing list