]>
Commit | Line | Data |
---|---|---|
2c3a6c0a DM |
1 | #!/usr/bin/perl -w |
2 | ||
3 | use strict; | |
95fb22e6 TL |
4 | use warnings; |
5 | ||
6 | use Getopt::Long; | |
7 | ||
2c3a6c0a | 8 | use PVE::Tools; |
95fb22e6 | 9 | |
2c3a6c0a DM |
10 | use PVE::AccessControl; |
11 | use PVE::RPCEnvironment; | |
2c3a6c0a DM |
12 | |
13 | my $rpcenv = PVE::RPCEnvironment->init('cli'); | |
14 | ||
9449fe21 | 15 | my $cfgfn = "test1.cfg"; |
2c3a6c0a DM |
16 | $rpcenv->init_request(userconfig => $cfgfn); |
17 | ||
18 | sub check_roles { | |
19 | my ($user, $path, $expected_result) = @_; | |
20 | ||
7e8bcaa7 FG |
21 | my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path); |
22 | my $res = join(',', sort keys %$roles); | |
2c3a6c0a DM |
23 | |
24 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
25 | if $res ne $expected_result; | |
26 | ||
27 | print "ROLES:$path:$user:$res\n"; | |
28 | } | |
29 | ||
30 | sub check_permission { | |
31 | my ($user, $path, $expected_result) = @_; | |
32 | ||
9efcb561 | 33 | my $perm = $rpcenv->permissions($user, $path); |
2c3a6c0a DM |
34 | my $res = join(',', sort keys %$perm); |
35 | ||
36 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
37 | if $res ne $expected_result; | |
38 | ||
39 | $perm = $rpcenv->permissions($user, $path); | |
40 | $res = join(',', sort keys %$perm); | |
41 | die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n" | |
42 | if $res ne $expected_result; | |
43 | ||
44 | print "PERM:$path:$user:$res\n"; | |
2c3a6c0a DM |
45 | } |
46 | ||
47 | check_roles('max@pve', '/', ''); | |
48 | check_roles('max@pve', '/vms', 'vm_admin'); | |
49 | ||
50 | #user permissions overrides group permissions | |
51 | check_roles('max@pve', '/vms/100', 'customer'); | |
52 | check_roles('max@pve', '/vms/101', 'vm_admin'); | |
53 | ||
54 | check_permission('max@pve', '/', ''); | |
55 | check_permission('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console'); | |
56 | check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt'); | |
57 | ||
58 | check_permission('alex@pve', '/vms', ''); | |
59 | check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt'); | |
60 | ||
df619a8d FG |
61 | # PVEVMAdmin -> no Permissions.Modify! |
62 | check_permission('alex@pve', '/vms/300', 'VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback'); | |
63 | # Administrator -> Permissions.Modify! | |
bd993a4c | 64 | check_permission('alex@pve', '/vms/400', 'Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Mapping.Audit,Mapping.Modify,Mapping.Use,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.Allocate,Realm.AllocateUser,SDN.Allocate,SDN.Audit,SDN.Use,Sys.Audit,Sys.Console,Sys.Incoming,Sys.Modify,Sys.PowerMgmt,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback'); |
2c3a6c0a DM |
65 | |
66 | check_roles('max@pve', '/vms/200', 'storage_manager'); | |
67 | check_roles('joe@pve', '/vms/200', 'vm_admin'); | |
4bc17477 | 68 | check_roles('sue@pve', '/vms/200', 'NoAccess'); |
2c3a6c0a DM |
69 | |
70 | print "all tests passed\n"; | |
71 | ||
72 | exit (0); |