[pve-devel] [RFC v2 manager] change permissions for non-network cloudinit settings

[Mira Limbeck]

With the introduction of VM.Config.Cloudinit we can set the user,
password and an SSH key without VM.Config.Network permission.
Keep the fallback for VM.Config.Network so custom roles don't break.

Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
v2:
 - fallback to 'VM.Config.Network'

requires both pve-access-control patch and qemu-server patch

 www/manager6/qemu/CloudInit.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/www/manager6/qemu/CloudInit.js b/www/manager6/qemu/CloudInit.js
index c6ff4626..1f7631f7 100644
--- a/www/manager6/qemu/CloudInit.js
+++ b/www/manager6/qemu/CloudInit.js
@@ -192,6 +192,8 @@ Ext.define('PVE.qemu.CloudInit', {
 	me.editorConfig.url = me.baseurl + '/config';
 	me.editorConfig.pveSelNode = me.pveSelNode;
 
+	let caps_ci = caps.vms['VM.Config.Cloudinit'];
+	    || caps.vms['VM.Config.Network'];
 	/* editor is string and object */
 	me.rows = {
 	    ciuser: {
@@ -199,7 +201,7 @@ Ext.define('PVE.qemu.CloudInit', {
 		iconCls: 'fa fa-user',
 		never_delete: true,
 		defaultValue: '',
-		editor: caps.vms['VM.Config.Options'] ? {
+		editor: caps_ci ? {
 		    xtype: 'proxmoxWindowEdit',
 		    subject: gettext('User'),
 		    items: [
@@ -220,7 +222,7 @@ Ext.define('PVE.qemu.CloudInit', {
 		header: gettext('Password'),
 		iconCls: 'fa fa-unlock',
 		defaultValue: '',
-		editor: caps.vms['VM.Config.Options'] ? {
+		editor: caps_ci ? {
 		    xtype: 'proxmoxWindowEdit',
 		    subject: gettext('Password'),
 		    items: [
@@ -255,7 +257,7 @@ Ext.define('PVE.qemu.CloudInit', {
 	    sshkeys: {
 		header: gettext('SSH public key'),
 		iconCls: 'fa fa-key',
-		editor: caps.vms['VM.Config.Network'] ? 'PVE.qemu.SSHKeyEdit' : undefined,
+		editor: caps_ci ? 'PVE.qemu.SSHKeyEdit' : undefined,
 		never_delete: true,
 		renderer: function(value) {
 		    value = decodeURIComponent(value);
-- 
2.20.1