[pve-devel] r5617 - in pve-access-control/trunk: PVE test

svn-commits at proxmox.com svn-commits at proxmox.com
Thu Feb 24 15:44:29 CET 2011


Author: dietmar
Date: 2011-02-24 15:44:29 +0100 (Thu, 24 Feb 2011)
New Revision: 5617

Added:
   pve-access-control/trunk/test/perm-test4.pl
   pve-access-control/trunk/test/test4.cfg
Modified:
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/test/Makefile
Log:
fix permissions - more tests


Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-24 14:36:04 UTC (rev 5616)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-24 14:44:29 UTC (rev 5617)
@@ -1127,17 +1127,20 @@
 	#print "CHECKACL $path $p\n";
 	#print "ACL $path = " . Dumper ($acl);
 
-
 	if (my $ri = $acl->{users}->{$user}) {
-	    my $new = {};
+	    my $new;
 	    foreach my $role (keys %$ri) {
 		my $propagate = $ri->{$role};
 		if ($final || $propagate) {
 		    #print "APPLY ROLE $p $user $role\n";
+		    $new = {} if !$new;
 		    $new->{$role} = 1;
 		}
 	    }
-	    $perm->{user} = $new; # overwrite previous settings
+	    if ($new) {
+		$perm = $new; # overwrite previous settings
+		next; # user privs always override group privs
+	    }
 	}
 
 	my $new;
@@ -1154,20 +1157,19 @@
 		}
 	    }
 	}
-	$perm->{group} = $new if $new; # overwrite previous settings
+	if ($new) {
+	    $perm = $new; # overwrite previous settings
+	    next;
+	}
+
+	#die "what herea?";
     }
 
     my $res = {};
-    if (defined ($perm->{user})) {
-	if (!defined ($perm->{user}->{NoAccess})) {
-	    $res = $perm->{user}; 
-	}
-    } elsif ($perm->{group}) {
-	if (!defined ($perm->{group}->{NoAccess})) {
-	    $res = $perm->{group}; 
-	}
+    if (!defined ($perm->{NoAccess})) {
+	$res = $perm; 
     }
-    
+   
     #print "permission $user $path = " . Dumper ($perm);
 
     my @ra = keys %$res;

Modified: pve-access-control/trunk/test/Makefile
===================================================================
--- pve-access-control/trunk/test/Makefile	2011-02-24 14:36:04 UTC (rev 5616)
+++ pve-access-control/trunk/test/Makefile	2011-02-24 14:44:29 UTC (rev 5617)
@@ -6,4 +6,5 @@
 	perl -I.. perm-test1.pl
 	perl -I.. perm-test2.pl
 	perl -I.. perm-test3.pl
+	perl -I.. perm-test4.pl
 

Added: pve-access-control/trunk/test/perm-test4.pl
===================================================================
--- pve-access-control/trunk/test/perm-test4.pl	                        (rev 0)
+++ pve-access-control/trunk/test/perm-test4.pl	2011-02-24 14:44:29 UTC (rev 5617)
@@ -0,0 +1,32 @@
+#!/usr/bin/perl -w
+
+use strict;
+use PVE::Tools;
+use PVE::AccessControl;
+use PVE::RPCEnvironment;
+use Getopt::Long;
+
+my $rpcenv = PVE::RPCEnvironment->init('cli');
+
+my $cfgfn = "test4.cfg";
+$rpcenv->init_request(userconfig => $cfgfn);
+
+sub check_roles {
+    my ($user, $path, $expected_result) = @_;
+
+    my @ra = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
+    my $res = join(',', sort @ra);
+
+    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
+	if $res ne $expected_result;
+
+    print "ROLES:$path:$user:$res\n";
+}
+
+
+check_roles('User1 at pve', '/vms/300', 'Role1');
+check_roles('User2 at pve', '/vms/300', '');
+
+print "all tests passed\n";
+
+exit (0);


Property changes on: pve-access-control/trunk/test/perm-test4.pl
___________________________________________________________________
Added: svn:executable
   + *

Added: pve-access-control/trunk/test/test4.cfg
===================================================================
--- pve-access-control/trunk/test/test4.cfg	                        (rev 0)
+++ pve-access-control/trunk/test/test4.cfg	2011-02-24 14:44:29 UTC (rev 5617)
@@ -0,0 +1,11 @@
+user:User1 at pve:1:
+user:User2 at pve:1:
+
+group:GroupA:User1 at pve,User2 at pve:
+group:GroupB:User1 at pve,User2 at pve:
+
+role:Role1:VM.PowerMgmt:
+role:Role2:VM.Console:
+
+acl:1:/vms:@GroupA:Role1:
+acl:1:/vms:User2 at pve:NoAccess:



More information about the pve-devel mailing list