[pve-devel] [PATCH pve-access-control 2/2] rpcenvironnment: add check_sdn_bridge

DERUMIER, Alexandre alexandre.derumier at groupe-cyllene.com
Tue Jun 6 14:15:11 CEST 2023


> > +       # check propagate on bridge itself
> > +       return 1 if $self->check_any($username, $path, $privs,
> > $noerr);
> 
> this doesn't actually check propagation though? for that you could
> either:
> - use $self->permissions (it returns the propagate bit)
> - query a non-existing vlan child path with check_any
> 
> 

do we really need to check propagation ?


Here, we want to check if user have permission to the bridge,

if user have an acl on a vlan of the bridge

or 

if user have access to the bridge (propagate or not).

for example, if I check with a dummy vlanid ,/sdn/zones/myzone/vnet1/0,

It'll be ok if user have propagate on vnet1,  but not if user
don't have propagate






More information about the pve-devel mailing list