[pve-devel] [RFC common 2/4] tools: add 'check_for_root' helper

Oguz Bektas o.bektas at proxmox.com
Wed Jan 5 16:22:13 CET 2022


checks if the rpcenv user is 'root at pam' or has the 'Sys.Root' privilege
on a given API path

Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
 src/PVE/Tools.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 787942a..3e2e7f9 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -2017,4 +2017,13 @@ sub get_file_hash {
     return lc($digest);
 }
 
+sub check_for_root {
+    my ($path_to_check) = @_;
+
+    my $rpcenv = PVE::RPCEnvironment::get();
+    my $authuser = $rpcenv->get_user();
+    my $is_root = $authuser eq 'root at pam' || $rpcenv->check($authuser, $path_to_check, ['Sys.Root'], 1);
+    return $is_root;
+}
+
 1;
-- 
2.30.2





More information about the pve-devel mailing list