[pve-devel] [PATCH access-control 1/2] allow up to three levels of pool nesting
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Nov 17 11:00:46 CET 2023
On Thu, Nov 16, 2023 at 04:31:25PM +0100, Fabian Grünbichler wrote:
> with ACLs being inherited along the pool hierarchy.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> src/PVE/AccessControl.pm | 10 ++++++++--
> src/test/perm-test6.pl | 16 ++++++++++++++++
> src/test/test6.cfg | 5 +++++
> 3 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
> index 9600e59..d9ae611 100644
> --- a/src/PVE/AccessControl.pm
> +++ b/src/PVE/AccessControl.pm
> @@ -1264,7 +1264,7 @@ sub check_path {
> |/nodes
> |/nodes/[[:alnum:]\.\-\_]+
> |/pool
> - |/pool/[[:alnum:]\.\-\_]+
> + |/pool/(:?[[:alnum:]\.\-\_]+\/?)+
Should we incorporate the 3 level limit here?
eg. [chars]+(?:/[chars]+){0,2}
Although regex would differ from the one used below (although it could
use the same with only the `{0,2}` bit removed...).
> |/sdn
> |/sdn/controllers
> |/sdn/controllers/[[:alnum:]\_\-]+
More information about the pve-devel
mailing list