[pve-devel] applied: [PATCH v2 pve-access-control 2/3] rpcenvironnment: add check_sdn_bridge
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jun 7 16:41:49 CEST 2023
applied this one with a bit of follow-ups, please check them out!
On June 7, 2023 2:03 pm, Alexandre Derumier wrote:
> check if user have access to 1 vlan of the bridge
> or the bridge itself
>
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
> ---
> src/PVE/RPCEnvironment.pm | 18 ++++++++++++++++++
> 1 file changed, 18 insertions(+)
>
> diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
> index 8586938..e0a101f 100644
> --- a/src/PVE/RPCEnvironment.pm
> +++ b/src/PVE/RPCEnvironment.pm
> @@ -324,6 +324,24 @@ sub check_full {
> }
> }
>
> +sub check_sdn_bridge {
> + my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
> +
> + my $path = "/sdn/zones/$zone/$bridge";
> + my $cfg = $self->{user_cfg};
> + my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
> + if ($bridge_acl) {
> + my $vlans = $bridge_acl->{children};
> + for my $vlan (keys %$vlans) {
> + my $vlanpath = "$path/$vlan";
> + return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
> + }
> + # check access to bridge itself
> + return 1 if $self->check_any($username, $path, $privs, $noerr);
> + }
> + return;
> +}
> +
> sub check_user_enabled {
> my ($self, $user, $noerr) = @_;
>
> --
> 2.30.2
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list