]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/perm-test8.pl
5 use PVE
::AccessControl
;
6 use PVE
::RPCEnvironment
;
8 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
10 my $cfgfn = "test8.cfg";
11 $rpcenv->init_request(userconfig
=> $cfgfn);
14 my ($user, $path, $expected_result) = @_;
16 my $roles = PVE
::AccessControl
::roles
($rpcenv->{user_cfg
}, $user, $path);
17 my $res = join(',', sort keys %$roles);
19 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
20 if $res ne $expected_result;
22 print "ROLES:$path:$user:$res\n";
25 sub check_permission
{
26 my ($user, $path, $expected_result) = @_;
28 my $perm = $rpcenv->permissions($user, $path);
29 my $res = join(',', sort keys %$perm);
31 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
32 if $res ne $expected_result;
34 $perm = $rpcenv->permissions($user, $path);
35 $res = join(',', sort keys %$perm);
36 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
37 if $res ne $expected_result;
39 print "PERM:$path:$user:$res\n";
42 check_roles
('max@pve', '/', '');
43 check_roles
('max@pve', '/vms', 'vm_admin');
45 #user permissions overrides group permissions
46 check_roles
('max@pve', '/vms/100', 'customer');
47 check_roles
('max@pve', '/vms/101', 'vm_admin');
49 check_permission
('max@pve', '/', '');
50 check_permission
('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
51 check_permission
('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
53 check_permission
('alex@pve', '/vms', '');
54 check_permission
('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
56 check_roles
('max@pve', '/vms/200', 'storage_manager');
57 check_roles
('joe@pve', '/vms/200', 'vm_admin');
58 check_roles
('sue@pve', '/vms/200', 'NoAccess');
60 check_roles
('carol@pam', '/vms/200', 'NoAccess');
61 check_roles
('carol@pam!token', '/vms/200', 'NoAccess');
62 check_roles
('max@pve!token', '/vms/200', 'storage_manager');
63 check_roles
('max@pve!token2', '/vms/200', 'customer');
65 # check intersection -> token has Administrator, but user only vm_admin
66 check_permission
('max@pve!token2', '/vms/300', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
68 print "all tests passed\n";