[pve-devel] r5541 - in pve-manager/pve2: . lib/PVE

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Feb 16 07:46:08 CET 2011


Author: dietmar
Date: 2011-02-16 07:46:08 +0100 (Wed, 16 Feb 2011)
New Revision: 5541

Modified:
   pve-manager/pve2/ChangeLog
   pve-manager/pve2/lib/PVE/REST.pm
Log:
* lib/PVE/REST.pm (rest_handler): use new PVE::RPCEnvironment
	methods instead on ACLCache.


Modified: pve-manager/pve2/ChangeLog
===================================================================
--- pve-manager/pve2/ChangeLog	2011-02-16 06:37:11 UTC (rev 5540)
+++ pve-manager/pve2/ChangeLog	2011-02-16 06:46:08 UTC (rev 5541)
@@ -1,3 +1,8 @@
+2011-02-16  Proxmox Support Team  <support at proxmox.com>
+
+	* lib/PVE/REST.pm (rest_handler): use new PVE::RPCEnvironment
+	methods instead on ACLCache.
+
 2011-02-15  Proxmox Support Team  <support at proxmox.com>
 
 	* lib/PVE/REST.pm (rest_handler): check access permissions using

Modified: pve-manager/pve2/lib/PVE/REST.pm
===================================================================
--- pve-manager/pve2/lib/PVE/REST.pm	2011-02-16 06:37:11 UTC (rev 5540)
+++ pve-manager/pve2/lib/PVE/REST.pm	2011-02-16 06:46:08 UTC (rev 5541)
@@ -17,7 +17,7 @@
 use HTML::Entities;
 use PVE::JSONSchema;
 use PVE::AccessControl;
-use PVE::ACLCache;
+use PVE::RPCEnvironment;
 
 use Data::Dumper; # fixme: remove
 
@@ -263,37 +263,24 @@
     return OK;
 }
 
-my $aclcache;
-my $aclversion;
-
 sub rest_handler {
     my ($method, $abs_uri, $rel_uri, $ticket, $params) = @_;
- 
-    PVE::Cluster::cfs_update();
 
-    my $ucvers = PVE::Cluster::cfs_file_version('user.cfg'); 
-    if (!$aclcache || !defined($aclversion) || !defined($ucvers) || 
-	($ucvers ne $aclversion)) {
-	$aclversion = $ucvers;
-	eval {
-	    my $cfg = PVE::Cluster::cfs_read_file('user.cfg');
-	    $aclcache = PVE::ACLCache->new($cfg);
-	};
-	if (my $err = $@) {
-	    my $msg = "Unable to load access control list: $err";
-	    syslog('err', $msg);
-	    return { status => HTTP_INTERNAL_SERVER_ERROR,
-		     message =>  $msg};
-	}
-    }
+    my $rpcenv = PVE::RPCEnvironment::get();
 
+    eval { $rpcenv->init_request(); };
+    if (my $err = $@) {
+	syslog('err', $err);
+	return { status => HTTP_INTERNAL_SERVER_ERROR, message => $err };
+    }
+ 
     my $euid = $>;
    
     if ($rel_uri eq '/ticket') {
 	my $user = $params->{username} || '';
 	my $pw = $params->{password} || '';
 
-	if (!$aclcache->user_enabled($user)) {
+	if (!$rpcenv->user_enabled($user)) {
 	    return { 
 		status => HTTP_FORBIDDEN,
 		message => "No such user (user not enabled).",
@@ -314,7 +301,7 @@
 	if (defined($params->{path}) || defined($params->{permissions})) {
 	    my @privs = PVE::Tools::split_list($params->{permissions});
 	    if (!($params->{path} && $params->{permissions} &&
-		  $aclcache->check($user, $params->{path}, \@privs))) {
+		  $rpcenv->check($user, $params->{path}, \@privs))) {
 
 		return { 
 		    status => HTTP_FORBIDDEN,
@@ -356,7 +343,7 @@
 
     # check access permissions
     if (my $perm = $info->{permissions}) {
-	if (!$aclcache->check($username, $perm->{path}, $perm->{privs})) {
+	if (!$rpcenv->check($username, $perm->{path}, $perm->{privs})) {
 	    my $privstr = join(',', @{$perm->{privs}});
 	    my $path = PVE::Tools::template_replace($perm->{path}, $uri_param);
 	    return { 
@@ -397,8 +384,7 @@
     # methods to other hosts?
     return { proxy => 'localhost' } if $info->{protected} && ($euid != 0);
 
-    # setup environment
-    my $rpcenv = PVE::RPCEnvironment::get();
+    # set environment variables
     $rpcenv->set_language('C'); # fixme:
     $rpcenv->set_user($username);
 



More information about the pve-devel mailing list