[pve-devel] [PATCH v2 pve-network 11/15] add permissions

Alexandre Derumier aderumier at odiso.com
Tue Nov 26 10:00:26 CET 2019


Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/API2/Network/SDN.pm               |  8 +++---
 PVE/API2/Network/SDN/Controllers.pm   | 36 +++++++++++++--------------
 PVE/API2/Network/SDN/Vnets.pm         | 36 +++++++++++++--------------
 PVE/API2/Network/SDN/Zones.pm         | 36 +++++++++++++--------------
 PVE/API2/Network/SDN/Zones/Content.pm |  6 ++---
 PVE/API2/Network/SDN/Zones/Status.pm  |  6 ++---
 6 files changed, 64 insertions(+), 64 deletions(-)

diff --git a/PVE/API2/Network/SDN.pm b/PVE/API2/Network/SDN.pm
index 66856c5..2d76b2e 100644
--- a/PVE/API2/Network/SDN.pm
+++ b/PVE/API2/Network/SDN.pm
@@ -37,7 +37,7 @@ __PACKAGE__->register_method({
     method => 'GET',
     description => "Directory index.",
     permissions => {
-	check => ['perm', '/', [ 'Sys.Audit' ]],
+	check => ['perm', '/', [ 'SDN.Audit' ]],
     },
     parameters => {
     	additionalProperties => 0,
@@ -82,9 +82,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'PUT',
     description => "Apply sdn controller changes && reload.",
-#    permissions => {
-#       check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-#    },
+    permissions => {
+       check => ['perm', '/sdn', ['SDN.Allocate']],
+    },
     parameters => {
         additionalProperties => 0,
     },
diff --git a/PVE/API2/Network/SDN/Controllers.pm b/PVE/API2/Network/SDN/Controllers.pm
index a740dbd..70ecd60 100644
--- a/PVE/API2/Network/SDN/Controllers.pm
+++ b/PVE/API2/Network/SDN/Controllers.pm
@@ -38,7 +38,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "SDN controllers index.",
     permissions => {
-	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/controllers/<controller>'",
+	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/controllers/<controller>'",
 	user => 'all',
     },
     parameters => {
@@ -74,8 +74,8 @@ __PACKAGE__->register_method ({
 	my @sids = PVE::Network::SDN::Controllers::sdn_controllers_ids($cfg);
 	my $res = [];
 	foreach my $id (@sids) {
-#	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-#	    next if !$rpcenv->check_any($authuser, "/cluster/sdn/controllers/$id", $privs, 1);
+	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+	    next if !$rpcenv->check_any($authuser, "/sdn/controllers/$id", $privs, 1);
 
 	    my $scfg = &$api_sdn_controllers_config($cfg, $id);
 	    next if $param->{type} && $param->{type} ne $scfg->{type};
@@ -93,9 +93,9 @@ __PACKAGE__->register_method ({
     path => '{controller}',
     method => 'GET',
     description => "Read sdn controller configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/controllers/{controller}', ['SDN.Allocate']],
-#   },
+    permissions => {
+	check => ['perm', '/sdn/controllers/{controller}', ['SDN.Allocate']],
+   },
 
     parameters => {
     	additionalProperties => 0,
@@ -118,9 +118,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'POST',
     description => "Create a new sdn controller object.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::Controllers::Plugin->createSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -158,9 +158,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'DELETE',
     description => "Revert sdn controller changes.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+    },
     parameters => {
 	additionalProperties => 0,
     },
@@ -180,9 +180,9 @@ __PACKAGE__->register_method ({
     path => '{controller}',
     method => 'PUT',
     description => "Update sdn controller object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::Controllers::Plugin->updateSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -222,9 +222,9 @@ __PACKAGE__->register_method ({
     path => '{controller}',
     method => 'DELETE',
     description => "Delete sdn controller object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+    },
     parameters => {
     	additionalProperties => 0,
 	properties => {
diff --git a/PVE/API2/Network/SDN/Vnets.pm b/PVE/API2/Network/SDN/Vnets.pm
index bb3415f..d66cd14 100644
--- a/PVE/API2/Network/SDN/Vnets.pm
+++ b/PVE/API2/Network/SDN/Vnets.pm
@@ -33,7 +33,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "SDN vnets index.",
     permissions => {
-	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/vnets/<vnet>'",
+	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/vnets/<vnet>'",
 	user => 'all',
     },
     parameters => {
@@ -59,8 +59,8 @@ __PACKAGE__->register_method ({
 	my @sids = PVE::Network::SDN::Vnets::sdn_vnets_ids($cfg);
 	my $res = [];
 	foreach my $id (@sids) {
-#	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-#	    next if !$rpcenv->check_any($authuser, "/cluster/sdn/vnets/$id", $privs, 1);
+	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+	    next if !$rpcenv->check_any($authuser, "/sdn/vnets/$id", $privs, 1);
 
 	    my $scfg = &$api_sdn_vnets_config($cfg, $id);
 	    push @$res, $scfg;
@@ -74,9 +74,9 @@ __PACKAGE__->register_method ({
     path => '{vnet}',
     method => 'GET',
     description => "Read sdn vnet configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/vnets/{vnet}', ['SDN.Allocate']],
-#   },
+    permissions => {
+	check => ['perm', '/sdn/vnets/{vnet}', ['SDN.Allocate']],
+   },
 
     parameters => {
         additionalProperties => 0,
@@ -101,9 +101,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'POST',
     description => "Create a new sdn vnet object.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::VnetPlugin->createSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -139,9 +139,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'DELETE',
     description => "Revert sdn vnet changes.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+    },
     parameters => {
 	additionalProperties => 0,
     },
@@ -161,9 +161,9 @@ __PACKAGE__->register_method ({
     path => '{vnet}',
     method => 'PUT',
     description => "Update sdn vnet object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::VnetPlugin->updateSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -201,9 +201,9 @@ __PACKAGE__->register_method ({
     path => '{vnet}',
     method => 'DELETE',
     description => "Delete sdn vnet object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+    },
     parameters => {
     	additionalProperties => 0,
 	properties => {
diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm
index 00380dc..d149290 100644
--- a/PVE/API2/Network/SDN/Zones.pm
+++ b/PVE/API2/Network/SDN/Zones.pm
@@ -45,7 +45,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "SDN zones index.",
     permissions => {
-	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/zones/<zone>'",
+	description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/zones/<zone>'",
 	user => 'all',
     },
     parameters => {
@@ -81,8 +81,8 @@ __PACKAGE__->register_method ({
 	my @sids = PVE::Network::SDN::Zones::sdn_zones_ids($cfg);
 	my $res = [];
 	foreach my $id (@sids) {
-#	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-#	    next if !$rpcenv->check_any($authuser, "/cluster/sdn/zones/$id", $privs, 1);
+	    my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+	    next if !$rpcenv->check_any($authuser, "/sdn/zones/$id", $privs, 1);
 
 	    my $scfg = &$api_sdn_zones_config($cfg, $id);
 	    next if $param->{type} && $param->{type} ne $scfg->{type};
@@ -100,9 +100,9 @@ __PACKAGE__->register_method ({
     path => '{zone}',
     method => 'GET',
     description => "Read sdn zone configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/zones/{zone}', ['SDN.Allocate']],
-#   },
+    permissions => {
+	check => ['perm', '/sdn/zones/{zone}', ['SDN.Allocate']],
+   },
 
     parameters => {
     	additionalProperties => 0,
@@ -125,9 +125,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'POST',
     description => "Create a new sdn zone object.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::Zones::Plugin->createSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -166,9 +166,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'DELETE',
     description => "Revert sdn zone changes.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+    },
     parameters => {
 	additionalProperties => 0,
     },
@@ -188,9 +188,9 @@ __PACKAGE__->register_method ({
     path => '{zone}',
     method => 'PUT',
     description => "Update sdn zone object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+    },
     parameters => PVE::Network::SDN::Zones::Plugin->updateSchema(),
     returns => { type => 'null' },
     code => sub {
@@ -231,9 +231,9 @@ __PACKAGE__->register_method ({
     path => '{zone}',
     method => 'DELETE',
     description => "Delete sdn zone object configuration.",
-#    permissions => {
-#	check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+    },
     parameters => {
     	additionalProperties => 0,
 	properties => {
diff --git a/PVE/API2/Network/SDN/Zones/Content.pm b/PVE/API2/Network/SDN/Zones/Content.pm
index 94536fb..f391201 100644
--- a/PVE/API2/Network/SDN/Zones/Content.pm
+++ b/PVE/API2/Network/SDN/Zones/Content.pm
@@ -21,9 +21,9 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "List zone content.",
-#    permissions => {
-#	check => ['perm', '/sdn/{sdn}', ['SDN.Audit'], any => 1],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones/{zone}', ['SDN.Audit'], any => 1],
+    },
     protected => 1,
     proxyto => 'node',
     parameters => {
diff --git a/PVE/API2/Network/SDN/Zones/Status.pm b/PVE/API2/Network/SDN/Zones/Status.pm
index ee44f18..b543a17 100644
--- a/PVE/API2/Network/SDN/Zones/Status.pm
+++ b/PVE/API2/Network/SDN/Zones/Status.pm
@@ -78,9 +78,9 @@ __PACKAGE__->register_method ({
     path => '{zone}',
     method => 'GET',
     description => "",
-#    permissions => {
-#	check => ['perm', '/sdn/{sdn}', ['SDN.Audit'], any => 1],
-#    },
+    permissions => {
+	check => ['perm', '/sdn/zones/{zone}', ['SDN.Audit'], any => 1],
+    },
     parameters => {
     	additionalProperties => 0,
 	properties => {
-- 
2.20.1




More information about the pve-devel mailing list