[pve-devel] applied: [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Jun 7 16:41:49 CEST 2023


applied this one with a bit of follow-ups, please check them out!

On June 7, 2023 2:03 pm, Alexandre Derumier wrote:
> check if user have access to 1 vlan of the bridge
> or the bridge itself
> 
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
> ---
>  src/PVE/RPCEnvironment.pm | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
> 
> diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
> index 8586938..e0a101f 100644
> --- a/src/PVE/RPCEnvironment.pm
> +++ b/src/PVE/RPCEnvironment.pm
> @@ -324,6 +324,24 @@ sub check_full {
>      }
>  }
>  
> +sub check_sdn_bridge {
> +    my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
> +
> +    my $path = "/sdn/zones/$zone/$bridge";
> +    my $cfg = $self->{user_cfg};
> +    my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
> +    if ($bridge_acl) {
> +	my $vlans = $bridge_acl->{children};
> +	for my $vlan (keys %$vlans) {
> +	    my $vlanpath = "$path/$vlan";
> +	    return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
> +	}
> +	# check access to bridge itself
> +	return 1 if $self->check_any($username, $path, $privs, $noerr);
> +    }
> +    return;
> +}
> +
>  sub check_user_enabled {
>      my ($self, $user, $noerr) = @_;
>  
> -- 
> 2.30.2
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 





More information about the pve-devel mailing list