On 10/10/23 14:10, Fiona Ebner wrote:
Am 26.07.23 um 15:41 schrieb Lukas Wagner:
Currently, users are able to add ACL entries for the root@pam user.
Since this user always has full permissions, no entry in the ACL
tree will be saved, and consequently no new entry shows up in the UI
after pressing 'Add' in the dialog. This can be irritating if the
user does not know about this 'implementation detail'.
Should we filter out the root@pam user from the selection dropdown
altogether? Or maybe disable the Add button when root@pam is selected
(and reword the warning appropriately)?
I think the second approach might be good idea, I'll try that.
This commit adds a little warning that pops up if root@pam is
selected:
'root@pam always has full permissions. No entry will be added.'
The same problem also exists for API token permissions. Here it is
not really easy to add the warning though, since we do not know if
the token has separated privileges enable or not.
It seems we do have that information available as a result of the
/access/users?full=1 API call, or?
You are right, I missed that because I did not check the code for
pmxUserSelector.
I'll send a v2 with the suggested improvements.
--
- Lukas
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
