[pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Aug 12 11:45:25 CEST 2021
On August 6, 2021 10:59 am, Fabian Ebner wrote:
> The backend won't allow any edits in this case, so better just disable
> the edit button altogether.
>
> Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
> ---
> www/manager6/lxc/Options.js | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
> index f2661dfc..12b0fe12 100644
> --- a/www/manager6/lxc/Options.js
> +++ b/www/manager6/lxc/Options.js
> @@ -174,7 +174,11 @@ Ext.define('PVE.lxc.Options', {
> var pending = rec.data.delete || me.hasPendingChanges(key);
> var rowdef = rows[key];
>
> - edit_btn.setDisabled(!rowdef.editor);
> + let unprivileged = me.getStore().getById('unprivileged').data.value;
> + let nonRootPrivFeatures =
> + Proxmox.UserName !== 'root at pam' && key === 'features' && !unprivileged;
> +
> + edit_btn.setDisabled(!rowdef.editor || nonRootPrivFeatures);
this reads strange to me, maybe
if (key === 'features') {
let unprivileged = ..;
let root = ..;
edit_btn.setDisabled(!rowdef.editor || (!unprivileged && !root));
} else {
edit_btn.setDisabled(!rowdef.editor);
}
is more clear? might even make sense to make the rowdef.editor
definition for 'features' more simple, and pull the VM.Allocate check
down here (to avoid splitting the decision into two parts and missing
that fact in the future).
> revert_btn.setDisabled(!pending);
> };
>
> --
> 2.30.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list