[pve-devel] [PATCH manager] ui: acl add: show warning if root at pam is selected

Lukas Wagner l.wagner at proxmox.com
Wed Jul 26 15:41:45 CEST 2023

Currently, users are able to add ACL entries for the root at pam user.
Since this user always has full permissions, no entry in the ACL
tree will be saved, and consequently no new entry shows up in the UI
after pressing 'Add' in the dialog. This can be irritating if the
user does not know about this 'implementation detail'.

This commit adds a little warning that pops up if root at pam is

  'root at pam always has full permissions. No entry will be added.'

The same problem also exists for API token permissions. Here it is
not really easy to add the warning though, since we do not know if
the token has separated privileges enable or not.

Signed-off-by: Lukas Wagner <l.wagner at proxmox.com>
 www/manager6/dc/ACLView.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/www/manager6/dc/ACLView.js b/www/manager6/dc/ACLView.js
index 79f900cd..ec81a487 100644
--- a/www/manager6/dc/ACLView.js
+++ b/www/manager6/dc/ACLView.js
@@ -35,6 +35,20 @@ Ext.define('PVE.dc.ACLAdd', {
 		xtype: 'pmxUserSelector',
 		name: 'users',
 		fieldLabel: gettext('User'),
+		listeners: {
+		    change: function(field, newVal) {
+			this.nextSibling('displayfield[reference=root-selected-warning]')
+			    .setVisible(newVal === 'root at pam');
+		    }
+		},
+	    });
+	    items.push({
+		    xtype: 'displayfield',
+		    reference: 'root-selected-warning',
+		    userCls: 'pmx-hint',
+		    hidden: true,
+		    value: '\'root at pam\' ' +
+			gettext('always has full permissions. No entry will be added.'),
 	} else if (me.aclType === 'token') {
 	    me.subject = gettext("API Token Permission");

More information about the pve-devel mailing list