]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/perm-test8.pl
8 use PVE
::AccessControl
;
9 use PVE
::RPCEnvironment
;
11 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
13 my $cfgfn = "test8.cfg";
14 $rpcenv->init_request(userconfig
=> $cfgfn);
17 my ($user, $path, $expected_result) = @_;
19 my $roles = PVE
::AccessControl
::roles
($rpcenv->{user_cfg
}, $user, $path);
20 my $res = join(',', sort keys %$roles);
22 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
23 if $res ne $expected_result;
25 print "ROLES:$path:$user:$res\n";
28 sub check_permission
{
29 my ($user, $path, $expected_result) = @_;
31 my $perm = $rpcenv->permissions($user, $path);
32 my $res = join(',', sort keys %$perm);
34 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
35 if $res ne $expected_result;
37 $perm = $rpcenv->permissions($user, $path);
38 $res = join(',', sort keys %$perm);
39 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
40 if $res ne $expected_result;
42 print "PERM:$path:$user:$res\n";
45 check_roles
('max@pve', '/', '');
46 check_roles
('max@pve', '/vms', 'vm_admin');
48 #user permissions overrides group permissions
49 check_roles
('max@pve', '/vms/100', 'customer');
50 check_roles
('max@pve', '/vms/101', 'vm_admin');
52 check_permission
('max@pve', '/', '');
53 check_permission
('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
54 check_permission
('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
56 check_permission
('alex@pve', '/vms', '');
57 check_permission
('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
59 check_roles
('max@pve', '/vms/200', 'storage_manager');
60 check_roles
('joe@pve', '/vms/200', 'vm_admin');
61 check_roles
('sue@pve', '/vms/200', 'NoAccess');
63 check_roles
('carol@pam', '/vms/200', 'NoAccess');
64 check_roles
('carol@pam!token', '/vms/200', 'NoAccess');
65 check_roles
('max@pve!token', '/vms/200', 'storage_manager');
66 check_roles
('max@pve!token2', '/vms/200', 'customer');
68 # check intersection -> token has Administrator, but user only vm_admin
69 check_permission
('max@pve!token2', '/vms/300', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console,VM.PowerMgmt');
71 print "all tests passed\n";