On June 5, 2023 1:37 am, Alexandre Derumier wrote:
> check if user have access to 1 vlan of the bridge
> or the bridge itself
>
> Signed-off-by: Alexandre Derumier <[email protected]>
> ---
> src/PVE/RPCEnvironment.pm | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
> index 8586938..fb010cc 100644
> --- a/src/PVE/RPCEnvironment.pm
> +++ b/src/PVE/RPCEnvironment.pm
> @@ -324,6 +324,23 @@ sub check_full {
> }
> }
>
> +sub check_sdn_bridge {
> + my ($self, $username, $path, $privs, $noerr) = @_;
instead of $path, passing in just the bridge ID would also work, and
maybe be a nicer interface..
> +
> + my $cfg = $self->{user_cfg};
> + my $bridge_acl =
> PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
> + if ($bridge_acl) {
> + my $vlans = $bridge_acl->{children};
> + for my $vlan (keys %$vlans) {
> + my $vlanpath = "$path/$vlan";
> + return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
> + }
> + # check propagate on bridge itself
> + return 1 if $self->check_any($username, $path, $privs, $noerr);
this doesn't actually check propagation though? for that you could
either:
- use $self->permissions (it returns the propagate bit)
- query a non-existing vlan child path with check_any
> + }
> + return;
> +}
> +
> sub check_user_enabled {
> my ($self, $user, $noerr) = @_;
>
> --
> 2.30.2
>
>
> _______________________________________________
> pve-devel mailing list
> [email protected]
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
