[pve-devel] r5572 - pve-access-control/trunk/PVE

[svn-commits at proxmox.com]

Author: dietmar
Date: 2011-02-21 08:06:41 +0100 (Mon, 21 Feb 2011)
New Revision: 5572

Modified:
   pve-access-control/trunk/PVE/AccessControl.pm
Log:
split out audit priv - define Auditor role


Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-21 07:05:54 UTC (rev 5571)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-21 07:06:41 UTC (rev 5572)
@@ -461,10 +461,12 @@
 	    'Permissions.Modify',
 	],
 	user => [
-	    'VM.Audit',
 	    'VM.Console', 
 	    'VM.PowerMgmt',
 	],
+	audit => [ 
+	    'VM.Audit' 
+	],
     },
     Sys => {
 	root => [
@@ -472,10 +474,12 @@
 	],
 	admin => [
 	    'Sys.Console',    
-	    'Sys.Audit',
 	    'Sys.Syslog',
 	],
 	user => [],
+	audit => [
+	    'Sys.Audit',
+	],
     },
     Datastore => {
 	root => [
@@ -485,6 +489,8 @@
 	admin => [],
 	user => [
 	    'Datastore.AllocateSpace',
+	],
+	audit => [
 	    'Datastore.Audit',
 	],
     },
@@ -501,18 +507,23 @@
 
     foreach my $cat (keys %$privgroups) {
 	my $cd = $privgroups->{$cat};
-	foreach my $p (@{$cd->{root}}, @{$cd->{admin}}, @{$cd->{user}}) {
+	foreach my $p (@{$cd->{root}}, @{$cd->{admin}}, 
+		       @{$cd->{user}}, @{$cd->{audit}}) {
 	    $valid_privs->{$p} = 1;
 	}
-	foreach my $p (@{$cd->{admin}}, @{$cd->{user}}) {
+	foreach my $p (@{$cd->{admin}}, @{$cd->{user}}, @{$cd->{audit}}) {
+
 	    $special_roles->{"PVE${cat}Admin"}->{$p} = 1;
 	    $special_roles->{"PVEAdmin"}->{$p} = 1;
 	}
 	if (scalar(@{$cd->{user}})) {
-	    foreach my $p (@{$cd->{user}}) {
+	    foreach my $p (@{$cd->{user}}, @{$cd->{audit}}) {
 		$special_roles->{"PVE${cat}User"}->{$p} = 1;
 	    }
 	}
+	foreach my $p (@{$cd->{audit}}) {
+	    $special_roles->{"PVEAuditor"}->{$p} = 1;
+	}
     }
 };