[pve-devel] applied: [PATCH access-control] fix #1998: correct return properties for read_role
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Nov 23 14:32:52 CET 2018
On 11/23/18 2:11 PM, Dominik Csapak wrote:
> we have each privilege as property of the return object,
> so we generate it from $valid_privs
>
> this has the advantage that all privileges are well documented
> with that api call
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> PVE/API2/Role.pm | 4 +---
> PVE/AccessControl.pm | 11 +++++++++++
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
> index 80959b0..83e4a9d 100644
> --- a/PVE/API2/Role.pm
> +++ b/PVE/API2/Role.pm
> @@ -163,9 +163,7 @@ __PACKAGE__->register_method ({
> returns => {
> type => "object",
> additionalProperties => 0,
> - properties => {
> - privs => get_standard_option('role-privs'),
> - },
> + properties => PVE::AccessControl::create_priv_properties(),
> },
> code => sub {
> my ($param) = @_;
> diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
> index 44fc0aa..bdadfd2 100644
> --- a/PVE/AccessControl.pm
> +++ b/PVE/AccessControl.pm
> @@ -499,6 +499,17 @@ sub create_roles {
>
> create_roles();
>
> +sub create_priv_properties {
> + my $properties = {};
> + foreach my $priv (keys %$valid_privs) {
> + $properties->{$priv} = {
> + type => 'boolean',
> + optional => 1,
> + };
> + }
> + return $properties;
> +}
> +
> sub role_is_special {
> my ($role) = @_;
> return (exists $special_roles->{$role}) ? 1 : 0;
>
applied
More information about the pve-devel
mailing list