[pve-devel] r5617 - in pve-access-control/trunk: PVE test
svn-commits at proxmox.com
svn-commits at proxmox.com
Thu Feb 24 15:44:29 CET 2011
Author: dietmar
Date: 2011-02-24 15:44:29 +0100 (Thu, 24 Feb 2011)
New Revision: 5617
Added:
pve-access-control/trunk/test/perm-test4.pl
pve-access-control/trunk/test/test4.cfg
Modified:
pve-access-control/trunk/PVE/AccessControl.pm
pve-access-control/trunk/test/Makefile
Log:
fix permissions - more tests
Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm 2011-02-24 14:36:04 UTC (rev 5616)
+++ pve-access-control/trunk/PVE/AccessControl.pm 2011-02-24 14:44:29 UTC (rev 5617)
@@ -1127,17 +1127,20 @@
#print "CHECKACL $path $p\n";
#print "ACL $path = " . Dumper ($acl);
-
if (my $ri = $acl->{users}->{$user}) {
- my $new = {};
+ my $new;
foreach my $role (keys %$ri) {
my $propagate = $ri->{$role};
if ($final || $propagate) {
#print "APPLY ROLE $p $user $role\n";
+ $new = {} if !$new;
$new->{$role} = 1;
}
}
- $perm->{user} = $new; # overwrite previous settings
+ if ($new) {
+ $perm = $new; # overwrite previous settings
+ next; # user privs always override group privs
+ }
}
my $new;
@@ -1154,20 +1157,19 @@
}
}
}
- $perm->{group} = $new if $new; # overwrite previous settings
+ if ($new) {
+ $perm = $new; # overwrite previous settings
+ next;
+ }
+
+ #die "what herea?";
}
my $res = {};
- if (defined ($perm->{user})) {
- if (!defined ($perm->{user}->{NoAccess})) {
- $res = $perm->{user};
- }
- } elsif ($perm->{group}) {
- if (!defined ($perm->{group}->{NoAccess})) {
- $res = $perm->{group};
- }
+ if (!defined ($perm->{NoAccess})) {
+ $res = $perm;
}
-
+
#print "permission $user $path = " . Dumper ($perm);
my @ra = keys %$res;
Modified: pve-access-control/trunk/test/Makefile
===================================================================
--- pve-access-control/trunk/test/Makefile 2011-02-24 14:36:04 UTC (rev 5616)
+++ pve-access-control/trunk/test/Makefile 2011-02-24 14:44:29 UTC (rev 5617)
@@ -6,4 +6,5 @@
perl -I.. perm-test1.pl
perl -I.. perm-test2.pl
perl -I.. perm-test3.pl
+ perl -I.. perm-test4.pl
Added: pve-access-control/trunk/test/perm-test4.pl
===================================================================
--- pve-access-control/trunk/test/perm-test4.pl (rev 0)
+++ pve-access-control/trunk/test/perm-test4.pl 2011-02-24 14:44:29 UTC (rev 5617)
@@ -0,0 +1,32 @@
+#!/usr/bin/perl -w
+
+use strict;
+use PVE::Tools;
+use PVE::AccessControl;
+use PVE::RPCEnvironment;
+use Getopt::Long;
+
+my $rpcenv = PVE::RPCEnvironment->init('cli');
+
+my $cfgfn = "test4.cfg";
+$rpcenv->init_request(userconfig => $cfgfn);
+
+sub check_roles {
+ my ($user, $path, $expected_result) = @_;
+
+ my @ra = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
+ my $res = join(',', sort @ra);
+
+ die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
+ if $res ne $expected_result;
+
+ print "ROLES:$path:$user:$res\n";
+}
+
+
+check_roles('User1 at pve', '/vms/300', 'Role1');
+check_roles('User2 at pve', '/vms/300', '');
+
+print "all tests passed\n";
+
+exit (0);
Property changes on: pve-access-control/trunk/test/perm-test4.pl
___________________________________________________________________
Added: svn:executable
+ *
Added: pve-access-control/trunk/test/test4.cfg
===================================================================
--- pve-access-control/trunk/test/test4.cfg (rev 0)
+++ pve-access-control/trunk/test/test4.cfg 2011-02-24 14:44:29 UTC (rev 5617)
@@ -0,0 +1,11 @@
+user:User1 at pve:1:
+user:User2 at pve:1:
+
+group:GroupA:User1 at pve,User2 at pve:
+group:GroupB:User1 at pve,User2 at pve:
+
+role:Role1:VM.PowerMgmt:
+role:Role2:VM.Console:
+
+acl:1:/vms:@GroupA:Role1:
+acl:1:/vms:User2 at pve:NoAccess:
More information about the pve-devel
mailing list