[pve-devel] [RFC 08/23] refactor acl transformation code
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Oct 17 15:14:02 CEST 2019
pull it into helper sub, since we need this one more time for token ACL
members.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
PVE/AccessControl.pm | 61 +++++++++++++++++++-------------------------
1 file changed, 26 insertions(+), 35 deletions(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index a84173e..48c9930 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1092,47 +1092,38 @@ sub write_user_config {
$data .= "\n";
+ my $collect_ra = sub {
+ my ($acl_members, $ra, $prefix, $exclude) = @_;
+
+ foreach my $member (keys %$acl_members) {
+ next if $exclude && $member eq $exclude;
+
+ my $l0 = '';
+ my $l1 = '';
+ foreach my $role (sort keys %{$acl_members->{$member}}) {
+ my $propagate = $acl_members->{$member}->{$role};
+ if ($propagate) {
+ $l1 .= ',' if $l1;
+ $l1 .= $role;
+ } else {
+ $l0 .= ',' if $l0;
+ $l0 .= $role;
+ }
+ }
+ $ra->{0}->{$l0}->{"${prefix}${member}"} = 1 if $l0;
+ $ra->{1}->{$l1}->{"${prefix}${member}"} = 1 if $l1;
+ }
+ };
+
foreach my $path (sort keys %{$cfg->{acl}}) {
my $d = $cfg->{acl}->{$path};
my $ra = {};
- foreach my $group (keys %{$d->{groups}}) {
- my $l0 = '';
- my $l1 = '';
- foreach my $role (sort keys %{$d->{groups}->{$group}}) {
- my $propagate = $d->{groups}->{$group}->{$role};
- if ($propagate) {
- $l1 .= ',' if $l1;
- $l1 .= $role;
- } else {
- $l0 .= ',' if $l0;
- $l0 .= $role;
- }
- }
- $ra->{0}->{$l0}->{"\@$group"} = 1 if $l0;
- $ra->{1}->{$l1}->{"\@$group"} = 1 if $l1;
- }
+ $collect_ra->($d->{'groups'}, $ra, '@');
- foreach my $user (keys %{$d->{users}}) {
- # no need to save, because root is always 'Administrator'
- next if $user eq 'root at pam';
-
- my $l0 = '';
- my $l1 = '';
- foreach my $role (sort keys %{$d->{users}->{$user}}) {
- my $propagate = $d->{users}->{$user}->{$role};
- if ($propagate) {
- $l1 .= ',' if $l1;
- $l1 .= $role;
- } else {
- $l0 .= ',' if $l0;
- $l0 .= $role;
- }
- }
- $ra->{0}->{$l0}->{$user} = 1 if $l0;
- $ra->{1}->{$l1}->{$user} = 1 if $l1;
- }
+ # no need to save 'root at pam', it is always 'Administrator'
+ $collect_ra->($d->{'users'}, $ra, '', 'root at pam');
foreach my $rolelist (sort keys %{$ra->{0}}) {
my $uglist = join (',', sort keys %{$ra->{0}->{$rolelist}});
--
2.20.1
More information about the pve-devel
mailing list