]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/perm-test1.pl
5 use PVE
::AccessControl
;
6 use PVE
::RPCEnvironment
;
9 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
11 my $cfgfn = "test1.cfg";
12 $rpcenv->init_request(userconfig
=> $cfgfn);
15 my ($user, $path, $expected_result) = @_;
17 my $roles = PVE
::AccessControl
::roles
($rpcenv->{user_cfg
}, $user, $path);
18 my $res = join(',', sort keys %$roles);
20 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
21 if $res ne $expected_result;
23 print "ROLES:$path:$user:$res\n";
26 sub check_permission
{
27 my ($user, $path, $expected_result) = @_;
29 my $perm = $rpcenv->permissions($user, $path);
30 my $res = join(',', sort keys %$perm);
32 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
33 if $res ne $expected_result;
35 $perm = $rpcenv->permissions($user, $path);
36 $res = join(',', sort keys %$perm);
37 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
38 if $res ne $expected_result;
40 print "PERM:$path:$user:$res\n";
43 check_roles
('max@pve', '/', '');
44 check_roles
('max@pve', '/vms', 'vm_admin');
46 #user permissions overrides group permissions
47 check_roles
('max@pve', '/vms/100', 'customer');
48 check_roles
('max@pve', '/vms/101', 'vm_admin');
50 check_permission
('max@pve', '/', '');
51 check_permission
('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
52 check_permission
('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
54 check_permission
('alex@pve', '/vms', '');
55 check_permission
('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
58 check_roles
('max@pve', '/vms/200', 'storage_manager');
59 check_roles
('joe@pve', '/vms/200', 'vm_admin');
60 check_roles
('sue@pve', '/vms/200', 'NoAccess');
62 print "all tests passed\n";