[pve-devel] [PATCH pve-access-control 2/2] rpcenvironnment: add check_sdn_bridge
DERUMIER, Alexandre
alexandre.derumier at groupe-cyllene.com
Tue Jun 6 14:15:11 CEST 2023
> > + # check propagate on bridge itself
> > + return 1 if $self->check_any($username, $path, $privs,
> > $noerr);
>
> this doesn't actually check propagation though? for that you could
> either:
> - use $self->permissions (it returns the propagate bit)
> - query a non-existing vlan child path with check_any
>
>
do we really need to check propagation ?
Here, we want to check if user have permission to the bridge,
if user have an acl on a vlan of the bridge
or
if user have access to the bridge (propagate or not).
for example, if I check with a dummy vlanid ,/sdn/zones/myzone/vnet1/0,
It'll be ok if user have propagate on vnet1, but not if user
don't have propagate
More information about the pve-devel
mailing list