it doesn't really serve a purpose, and it's not called anywhere in the codebase.
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- Notes: alternatively, we can give this the same semantics w.r.t. tokens as PVE::AccessControl::roles, but with pool roles mixed in via $compile_acl_path->() PVE/AccessControl.pm | 2 +- PVE/RPCEnvironment.pm | 23 ----------------------- 2 files changed, 1 insertion(+), 24 deletions(-) diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index f246c85..a84173e 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -1209,7 +1209,7 @@ sub roles { my ($cfg, $user, $path) = @_; # NOTE: we do not consider pools here. - # You need to use $rpcenv->roles() instead if you want that. + # Use $rpcenv->permission() for any actual permission checks! return 'Administrator' if $user eq 'root@pam'; # root can do anything diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm index 95d3029..7e0af70 100644 --- a/PVE/RPCEnvironment.pm +++ b/PVE/RPCEnvironment.pm @@ -81,29 +81,6 @@ my $compile_acl_path = sub { return $privs; }; -sub roles { - my ($self, $user, $path) = @_; - - if ($user eq 'root@pam') { # root can do anything - return ('Administrator'); - } - - $user = PVE::AccessControl::verify_username($user, 1); - return () if !$user; - - my $cache = $self->{aclcache}; - $cache->{$user} = {} if !$cache->{$user}; - - my $acl = $cache->{$user}; - - my $roles = $acl->{roles}->{$path}; - return @$roles if $roles; - - &$compile_acl_path($self, $user, $path); - $roles = $acl->{roles}->{$path} || []; - return @$roles; -} - sub permissions { my ($self, $user, $path) = @_; -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel