]>
git.proxmox.com Git - pve-access-control.git/blob - test/perm-test1.pl
5 use PVE
::AccessControl
;
6 use PVE
::RPCEnvironment
;
9 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
11 my $cfgfn = "user.cfg.ex1";
12 $rpcenv->init_request(userconfig
=> $cfgfn);
15 my ($user, $path, $expected_result) = @_;
17 my @ra = PVE
::AccessControl
::roles
($rpcenv->{user_cfg
}, $user, $path);
18 my $res = join(',', sort @ra);
20 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
21 if $res ne $expected_result;
23 print "ROLES:$path:$user:$res\n";
26 sub check_permission
{
27 my ($user, $path, $expected_result) = @_;
29 my $perm = PVE
::AccessControl
::permission
($rpcenv->{user_cfg
}, $user, $path);
30 my $res = join(',', sort keys %$perm);
32 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
33 if $res ne $expected_result;
35 $perm = $rpcenv->permissions($user, $path);
36 $res = join(',', sort keys %$perm);
37 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
38 if $res ne $expected_result;
40 print "PERM:$path:$user:$res\n";
44 check_roles
('max@pve', '/', '');
45 check_roles
('max@pve', '/vms', 'vm_admin');
47 #user permissions overrides group permissions
48 check_roles
('max@pve', '/vms/100', 'customer');
49 check_roles
('max@pve', '/vms/101', 'vm_admin');
51 check_permission
('max@pve', '/', '');
52 check_permission
('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
53 check_permission
('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
55 check_permission
('alex@pve', '/vms', '');
56 check_permission
('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
59 check_roles
('max@pve', '/vms/200', 'storage_manager');
60 check_roles
('joe@pve', '/vms/200', 'vm_admin');
61 check_roles
('sue@pve', '/vms/200', 'NoAccess');
63 print "all tests passed\n";