[pve-devel] applied: [PATCH access-control] fix #1998: correct return properties for read_role

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Nov 23 14:32:52 CET 2018


On 11/23/18 2:11 PM, Dominik Csapak wrote:
> we have each privilege as property of the return object,
> so we generate it from $valid_privs
> 
> this has the advantage that all privileges are well documented
> with that api call
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/API2/Role.pm     |  4 +---
>  PVE/AccessControl.pm | 11 +++++++++++
>  2 files changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
> index 80959b0..83e4a9d 100644
> --- a/PVE/API2/Role.pm
> +++ b/PVE/API2/Role.pm
> @@ -163,9 +163,7 @@ __PACKAGE__->register_method ({
>      returns => {
>  	type => "object",
>  	additionalProperties => 0,
> -	properties => {
> -	    privs =>  get_standard_option('role-privs'),
> -	},
> +	properties => PVE::AccessControl::create_priv_properties(),
>      },
>      code => sub {
>  	my ($param) = @_;
> diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
> index 44fc0aa..bdadfd2 100644
> --- a/PVE/AccessControl.pm
> +++ b/PVE/AccessControl.pm
> @@ -499,6 +499,17 @@ sub create_roles {
>  
>  create_roles();
>  
> +sub create_priv_properties {
> +    my $properties = {};
> +    foreach my $priv (keys %$valid_privs) {
> +	$properties->{$priv} = {
> +	    type => 'boolean',
> +	    optional => 1,
> +	};
> +    }
> +    return $properties;
> +}
> +
>  sub role_is_special {
>      my ($role) = @_;
>      return (exists $special_roles->{$role}) ? 1 : 0;
> 

applied




More information about the pve-devel mailing list