[pve-devel] [RFC 08/23] refactor acl transformation code

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Oct 17 15:14:02 CEST 2019


pull it into helper sub, since we need this one more time for token ACL
members.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 PVE/AccessControl.pm | 61 +++++++++++++++++++-------------------------
 1 file changed, 26 insertions(+), 35 deletions(-)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index a84173e..48c9930 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1092,47 +1092,38 @@ sub write_user_config {
 
     $data .= "\n";
 
+    my $collect_ra = sub {
+	my ($acl_members, $ra, $prefix, $exclude) = @_;
+
+	foreach my $member (keys %$acl_members) {
+	    next if $exclude && $member eq $exclude;
+
+	    my $l0 = '';
+	    my $l1 = '';
+	    foreach my $role (sort keys %{$acl_members->{$member}}) {
+		my $propagate = $acl_members->{$member}->{$role};
+		if ($propagate) {
+		    $l1 .= ',' if $l1;
+		    $l1 .= $role;
+		} else {
+		    $l0 .= ',' if $l0;
+		    $l0 .= $role;
+		}
+	    }
+	    $ra->{0}->{$l0}->{"${prefix}${member}"} = 1 if $l0;
+	    $ra->{1}->{$l1}->{"${prefix}${member}"} = 1 if $l1;
+	}
+    };
+
     foreach my $path (sort keys %{$cfg->{acl}}) {
 	my $d = $cfg->{acl}->{$path};
 
 	my $ra = {};
 
-	foreach my $group (keys %{$d->{groups}}) {
-	    my $l0 = '';
-	    my $l1 = '';
-	    foreach my $role (sort keys %{$d->{groups}->{$group}}) {
-		my $propagate = $d->{groups}->{$group}->{$role};
-		if ($propagate) {
-		    $l1 .= ',' if $l1;
-		    $l1 .= $role;
-		} else {
-		    $l0 .= ',' if $l0;
-		    $l0 .= $role;
-		}
-	    }
-	    $ra->{0}->{$l0}->{"\@$group"} = 1 if $l0;
-	    $ra->{1}->{$l1}->{"\@$group"} = 1 if $l1;
-	}
+	$collect_ra->($d->{'groups'}, $ra, '@');
 
-	foreach my $user (keys %{$d->{users}}) {
-	    # no need to save, because root is always 'Administrator'
-	    next if $user eq 'root at pam';
-
-	    my $l0 = '';
-	    my $l1 = '';
-	    foreach my $role (sort keys %{$d->{users}->{$user}}) {
-		my $propagate = $d->{users}->{$user}->{$role};
-		if ($propagate) {
-		    $l1 .= ',' if $l1;
-		    $l1 .= $role;
-		} else {
-		    $l0 .= ',' if $l0;
-		    $l0 .= $role;
-		}
-	    }
-	    $ra->{0}->{$l0}->{$user} = 1 if $l0;
-	    $ra->{1}->{$l1}->{$user} = 1 if $l1;
-	}
+	# no need to save 'root at pam', it is always 'Administrator'
+	$collect_ra->($d->{'users'}, $ra, '', 'root at pam');
 
 	foreach my $rolelist (sort keys %{$ra->{0}}) {
 	    my $uglist = join (',', sort keys %{$ra->{0}->{$rolelist}});
-- 
2.20.1





More information about the pve-devel mailing list