[pve-devel] [PATCH v1 manager 4/5] change 'root at pam' checks with 'SuperUser' capability check
Oguz Bektas
o.bektas at proxmox.com
Tue Feb 8 14:10:10 CET 2022
'root at pam' has the privilege by default (since it's an SA), so we can
drop the string comparisons all around and check that privilege instead
when deciding to enable/disable buttons or views
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
www/manager6/Utils.js | 3 ++-
www/manager6/dc/Config.js | 2 +-
www/manager6/dc/UserView.js | 2 +-
www/manager6/lxc/Options.js | 2 +-
www/manager6/lxc/Resources.js | 2 +-
www/manager6/node/Config.js | 2 +-
www/manager6/window/Migrate.js | 4 ++--
7 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/www/manager6/Utils.js b/www/manager6/Utils.js
index aafe359a..31ab94e8 100644
--- a/www/manager6/Utils.js
+++ b/www/manager6/Utils.js
@@ -1656,7 +1656,8 @@ Ext.define('PVE.Utils', {
showCephInstallOrMask: function(container, msg, nodename, callback) {
if (msg.match(/not (installed|initialized)/i)) {
- if (Proxmox.UserName === 'root at pam') {
+ let caps = Ext.state.Manager.get('GuiCap');
+ if (caps.node.SuperUser) {
container.el.mask();
if (!container.down('pveCephInstallWindow')) {
var isInstalled = !!msg.match(/not initialized/i);
diff --git a/www/manager6/dc/Config.js b/www/manager6/dc/Config.js
index 9c54b19d..917c426f 100644
--- a/www/manager6/dc/Config.js
+++ b/www/manager6/dc/Config.js
@@ -197,7 +197,7 @@ Ext.define('PVE.dc.Config', {
});
}
- if (Proxmox.UserName === 'root at pam') {
+ if (caps.dc.SuperUser) {
me.items.push({
xtype: 'pveACMEClusterView',
title: 'ACME',
diff --git a/www/manager6/dc/UserView.js b/www/manager6/dc/UserView.js
index bbfc4f7c..fe0c0149 100644
--- a/www/manager6/dc/UserView.js
+++ b/www/manager6/dc/UserView.js
@@ -29,7 +29,7 @@ Ext.define('PVE.dc.UserView', {
selModel: sm,
baseurl: '/access/users/',
dangerous: true,
- enableFn: rec => caps.access['User.Modify'] && rec.data.userid !== 'root at pam',
+ enableFn: rec => caps.access['User.Modify'] && !caps.access.SuperUser,
callback: () => reload(),
});
let run_editor = function() {
diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
index f2661dfc..f8eb8a5c 100644
--- a/www/manager6/lxc/Options.js
+++ b/www/manager6/lxc/Options.js
@@ -136,7 +136,7 @@ Ext.define('PVE.lxc.Options', {
features: {
header: gettext('Features'),
defaultValue: Proxmox.Utils.noneText,
- editor: Proxmox.UserName === 'root at pam' || caps.vms['VM.Allocate']
+ editor: caps.vms.SuperUser || caps.vms['VM.Allocate']
? 'PVE.lxc.FeaturesEdit' : undefined,
},
hookscript: {
diff --git a/www/manager6/lxc/Resources.js b/www/manager6/lxc/Resources.js
index 15ee3c67..2081b4a2 100644
--- a/www/manager6/lxc/Resources.js
+++ b/www/manager6/lxc/Resources.js
@@ -257,7 +257,7 @@ Ext.define('PVE.lxc.RessourceView', {
var isUsedDisk = isDisk && !isUnusedDisk;
var noedit = rec.data.delete || !rowdef.editor;
- if (!noedit && Proxmox.UserName !== 'root at pam' && key.match(/^mp\d+$/)) {
+ if (!noedit && !caps.vms.SuperUser && key.match(/^mp\d+$/)) {
var mp = PVE.Parser.parseLxcMountPoint(value);
if (mp.type !== 'volume') {
noedit = true;
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index 68f80391..9f49f0dd 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -236,7 +236,7 @@ Ext.define('PVE.node.Config', {
itemId: 'apt',
upgradeBtn: {
xtype: 'pveConsoleButton',
- disabled: Proxmox.UserName !== 'root at pam',
+ disabled: !caps.nodes.SuperUser,
text: gettext('Upgrade'),
consoleType: 'upgrade',
nodename: nodename,
diff --git a/www/manager6/window/Migrate.js b/www/manager6/window/Migrate.js
index 1c23abb3..20fcf81d 100644
--- a/www/manager6/window/Migrate.js
+++ b/www/manager6/window/Migrate.js
@@ -52,8 +52,8 @@ Ext.define('PVE.window.Migrate', {
}
},
setLocalResourceCheckboxHidden: function(get) {
- if (get('running') || !get('migration.hasLocalResources') ||
- Proxmox.UserName !== 'root at pam') {
+ let caps = Ext.state.Manager.get('GuiCap');
+ if (get('running') || !get('migration.hasLocalResources') || caps.vms.SuperUser) {
return true;
} else {
return false;
--
2.30.2
More information about the pve-devel
mailing list