[pve-devel] [RFC 06/23] rpcenv: drop unused roles()
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Oct 17 15:14:00 CEST 2019
it doesn't really serve a purpose, and it's not called anywhere in the codebase.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
alternatively, we can give this the same semantics w.r.t. tokens as
PVE::AccessControl::roles, but with pool roles mixed in via
$compile_acl_path->()
PVE/AccessControl.pm | 2 +-
PVE/RPCEnvironment.pm | 23 -----------------------
2 files changed, 1 insertion(+), 24 deletions(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index f246c85..a84173e 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1209,7 +1209,7 @@ sub roles {
my ($cfg, $user, $path) = @_;
# NOTE: we do not consider pools here.
- # You need to use $rpcenv->roles() instead if you want that.
+ # Use $rpcenv->permission() for any actual permission checks!
return 'Administrator' if $user eq 'root at pam'; # root can do anything
diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index 95d3029..7e0af70 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -81,29 +81,6 @@ my $compile_acl_path = sub {
return $privs;
};
-sub roles {
- my ($self, $user, $path) = @_;
-
- if ($user eq 'root at pam') { # root can do anything
- return ('Administrator');
- }
-
- $user = PVE::AccessControl::verify_username($user, 1);
- return () if !$user;
-
- my $cache = $self->{aclcache};
- $cache->{$user} = {} if !$cache->{$user};
-
- my $acl = $cache->{$user};
-
- my $roles = $acl->{roles}->{$path};
- return @$roles if $roles;
-
- &$compile_acl_path($self, $user, $path);
- $roles = $acl->{roles}->{$path} || [];
- return @$roles;
-}
-
sub permissions {
my ($self, $user, $path) = @_;
--
2.20.1
More information about the pve-devel
mailing list