[pve-devel] [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge
Alexandre Derumier
aderumier at odiso.com
Wed Jun 7 14:03:54 CEST 2023
check if user have access to 1 vlan of the bridge
or the bridge itself
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/PVE/RPCEnvironment.pm | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 8586938..e0a101f 100644
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -324,6 +324,24 @@ sub check_full {
}
}
+sub check_sdn_bridge {
+ my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
+
+ my $path = "/sdn/zones/$zone/$bridge";
+ my $cfg = $self->{user_cfg};
+ my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
+ if ($bridge_acl) {
+ my $vlans = $bridge_acl->{children};
+ for my $vlan (keys %$vlans) {
+ my $vlanpath = "$path/$vlan";
+ return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
+ }
+ # check access to bridge itself
+ return 1 if $self->check_any($username, $path, $privs, $noerr);
+ }
+ return;
+}
+
sub check_user_enabled {
my ($self, $user, $noerr) = @_;
--
2.30.2
More information about the pve-devel
mailing list