[pve-devel] [PATCH access-control 0/2] improve permission self-service
Daniel Kral
d.kral at proxmox.com
Wed Nov 6 15:54:38 CET 2024
On 11/5/24 09:30, Fabian Grünbichler wrote:
> noticed this while testing https://lore.proxmox.com/pve-devel/20241031134629.144893-1-d.kral@proxmox.com
>
> the first patch fixes the already allowed "permission self-service" for
> users as the web UI implements it (it always passes the $userid
> parameter).
>
> the second patch extends that self-service to allow users without
> Sys.Audit on /access to evaluate their own tokens' ACLs/permissions,
> which seems sensible to me ;)
>
> Fabian Grünbichler (2):
> api: permissions: allow users to view their own permissions
> api: permissions: allow users to check their own tokens
>
> src/PVE/API2/AccessControl.pm | 18 +++++++++++++-----
> 1 file changed, 13 insertions(+), 5 deletions(-)
>
I have written some test cases for this and sent the patch to the
mailing list [0].
[0]
https://lore.proxmox.com/pve-devel/20241106144813.189056-1-d.kral@proxmox.com/
With the test cases included there, consider the whole series as:
Tested-by: Daniel Kral <d.kral at proxmox.com>
More information about the pve-devel
mailing list