[pve-devel] [PATCH v2 manager 4/4] ui: qemu/HardwareView: fix CDRom permission checkss

[Aaron Lauterer]

There are several types of drives that use the same config keys. Most
notably CDRom and regular VM disks (EFI and cloudinit exist as well).

Since there is a dedicated permission for CDRom drives we need to check
permissions in more detail, depending on what type of drive it actually
is for things like the edit, remove and Add -> CDRom buttons.

The permission check in the row definition itself which only checked for
'VM.Config.Disk' permissions (never_delete) had to be removed and finer
grained checks added for the individual buttons. This also meant a bit
of reshuffling in the checks what kind of disk the current one is.

Signed-off-by: Aaron Lauterer <a.lauterer at proxmox.com>
---

v2: improved permission checks in the GUI to make sure that CDRom things
will behave as expected and the other things are kept as is. Meaning all
other disks (cloudinit, efi, used, unused) still need VM.Config.Disk
permissions.

Tested by giving a user only VMAudit and Config.CDRom permissions in the
one case, and all VM.Config.* permissions except CDRom.

 www/manager6/qemu/HardwareView.js | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js
index 036bfa26..5de3bf95 100644
--- a/www/manager6/qemu/HardwareView.js
+++ b/www/manager6/qemu/HardwareView.js
@@ -224,7 +224,6 @@ Ext.define('PVE.qemu.HardwareView', {
 		group: 10,
 		iconCls: 'hdd-o',
 		editor: 'PVE.qemu.HDEdit',
-		never_delete: !caps.vms['VM.Config.Disk'],
 		isOnStorageBus: true,
 		header: gettext('Hard Disk') + ' (' + confid +')',
 		cdheader: gettext('CD/DVD Drive') + ' (' + confid +')',
@@ -584,24 +583,33 @@ Ext.define('PVE.qemu.HardwareView', {
 	    var value = rec.data.value;
 	    var rowdef = rows[key];
 
+	    let isCloudInit = value && value.toString().match(/vm-.*-cloudinit/);
+	    let isCDRom = value && !!value.toString().match(/media=cdrom/) && !isCloudInit;
+
 	    var pending = rec.data.delete || me.hasPendingChanges(key);
-	    var isCDRom = value && !!value.toString().match(/media=cdrom/);
 	    var isUnusedDisk = key.match(/^unused\d+/);
-	    var isUsedDisk = !isUnusedDisk && rowdef.isOnStorageBus && !isCDRom;
-
-	    var isCloudInit = value && value.toString().match(/vm-.*-cloudinit/);
+	    let isUsedDisk = !isUnusedDisk && rowdef.isOnStorageBus && !isCDRom && !isCloudInit;
 
 	    var isEfi = key === 'efidisk0';
 
+	    let isDisk = isCloudInit || isUnusedDisk || isUsedDisk;
+
 	    remove_btn.setDisabled(
 		rec.data.delete ||
 		rowdef.never_delete === true ||
-		(isUnusedDisk && !diskCap),
+		(isCDRom && !caps.vms['VM.Config.CDROM']) ||
+		(isDisk && !diskCap),
 	    );
 	    remove_btn.setText(isUsedDisk && !isCloudInit ? remove_btn.altText : remove_btn.defaultText);
 	    remove_btn.RESTMethod = isUnusedDisk ? 'POST':'PUT';
 
-	    edit_btn.setDisabled(rec.data.delete || !rowdef.editor || isCloudInit || (!isCDRom && !diskCap));
+	    edit_btn.setDisabled(
+		rec.data.delete ||
+		!rowdef.editor ||
+		isCloudInit ||
+		(isCDRom && !caps.vms['VM.Config.CDROM']) ||
+		(isDisk && !diskCap),
+	    );
 
 	    resize_btn.setDisabled(pending || !isUsedDisk || !diskCap);
 
@@ -637,7 +645,7 @@ Ext.define('PVE.qemu.HardwareView', {
 			    {
 				text: gettext('CD/DVD Drive'),
 				iconCls: 'pve-itype-icon-cdrom',
-				disabled: !caps.vms['VM.Config.Disk'],
+				disabled: !caps.vms['VM.Config.CDROM'],
 				handler: function() {
 				    var win = Ext.create('PVE.qemu.CDEdit', {
 					url: '/api2/extjs/' + baseurl,
-- 
2.20.1