Re: [pve-devel] [PATCH v2 qemu-server 1/1] api2: add check_bridge_access for create/update vm

> >   > > +my $check_bridge_access = sub { > > +    my ($rpcenv, $authuser, $param) = @_; > > + > > +    return 1 if $authuser eq 'root@pam'; > > + > > +    foreach my $opt (keys %{$param}) { > > +   next if $opt !~ m/^net\d+$/; > > +   my $net = PVE::QemuServer::parse_net($param->{$opt});

Re: [pve-devel] [PATCH v2 qemu-server 1/1] api2: add check_bridge_access for create/update vm

On June 5, 2023 1:37 am, Alexandre Derumier wrote: > test first if user have access to the full zone (any bridge/vlan) > if a tag is defined, test if user have a specific access to the vlan (or > propagate from full bridge acl) > if no tag, test if user have access to full bridge. (if trunks are

Re: [pve-devel] [PATCH v2 qemu-server 1/1] api2: add check_bridge_access for create/update vm

Am 05/06/2023 um 01:37 schrieb Alexandre Derumier: > test first if user have access to the full zone (any bridge/vlan) > if a tag is defined, test if user have a specific access to the vlan (or > propagate from full bridge acl) > if no tag, test if user have access to full bridge. (if trunks are

[pve-devel] [PATCH v2 qemu-server 1/1] api2: add check_bridge_access for create/update vm

test first if user have access to the full zone (any bridge/vlan) if a tag is defined, test if user have a specific access to the vlan (or propagate from full bridge acl) if no tag, test if user have access to full bridge. (if trunks are defined, it need also access to full bridge)