[pve-devel] [PATCH v2 manager] ui: lxc options: disable features edit as non-root when container is privileged

Fabian Ebner f.ebner at proxmox.com
Fri Aug 13 11:10:12 CEST 2021


The backend won't allow any edits in this case, so better just disable
the edit button altogether.

Co-developed-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---

Changes from v1:
    * split cases based on 'key'
    * keep logic for {dis,en}abling edit button for features in one
      place

 www/manager6/lxc/Options.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
index f2661dfc..d0a53fc7 100644
--- a/www/manager6/lxc/Options.js
+++ b/www/manager6/lxc/Options.js
@@ -136,8 +136,7 @@ Ext.define('PVE.lxc.Options', {
 	    features: {
 		header: gettext('Features'),
 		defaultValue: Proxmox.Utils.noneText,
-		editor: Proxmox.UserName === 'root at pam' || caps.vms['VM.Allocate']
-		    ? 'PVE.lxc.FeaturesEdit' : undefined,
+		editor: 'PVE.lxc.FeaturesEdit',
 	    },
 	    hookscript: {
 		header: gettext('Hookscript'),
@@ -174,7 +173,15 @@ Ext.define('PVE.lxc.Options', {
 	    var pending = rec.data.delete || me.hasPendingChanges(key);
 	    var rowdef = rows[key];
 
-	    edit_btn.setDisabled(!rowdef.editor);
+	    if (key === 'features') {
+		let unprivileged = me.getStore().getById('unprivileged').data.value;
+		let root = Proxmox.UserName === 'root at pam';
+		let vmalloc = caps.vms['VM.Allocate'];
+		edit_btn.setDisabled(!(root || (vmalloc && unprivileged)));
+	    } else {
+		edit_btn.setDisabled(!rowdef.editor);
+	    }
+
 	    revert_btn.setDisabled(!pending);
 	};
 
-- 
2.30.2






More information about the pve-devel mailing list