From: Fabian Grünbichler Date: Fri, 21 Jan 2022 10:52:08 +0000 (+0100) Subject: rpcenv: skip undef propagation flag in more places X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=0786c1e5df0ad7ebe6caa1e8892f410da72a05f2;p=pve-access-control.git rpcenv: skip undef propagation flag in more places these are just cosmetic fixes/safeguards against future bugs - compute_api_permissions is used to set the 'cap' object to hide parts of the GUI that are not usable without the corresponding privs in the backend anyway, and get_effective_permissions is only used to return the permission tree without a specific path query. Signed-off-by: Fabian Grünbichler --- diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm index 5e0ef04..7725a4d 100644 --- a/src/PVE/RPCEnvironment.pm +++ b/src/PVE/RPCEnvironment.pm @@ -155,6 +155,8 @@ sub compute_api_permission { my $toplevel = ($path =~ /^\/(\w+)/) ? $1 : 'dc'; if ($toplevel eq 'pool') { foreach my $priv (keys %$path_perm) { + next if !defined($path_perm->{$priv}); + if ($priv =~ m/^VM\./) { $res->{vms}->{$priv} = 1; } elsif ($priv =~ m/^Datastore\./) { @@ -167,6 +169,8 @@ sub compute_api_permission { } else { my $priv_regex = $priv_re_map->{$toplevel} // next; foreach my $priv (keys %$path_perm) { + next if !defined($path_perm->{$priv}); + next if $priv !~ m/^($priv_regex)/; $res->{$toplevel}->{$priv} = 1; } @@ -212,6 +216,9 @@ sub get_effective_permissions { my $perms = {}; foreach my $path (keys %$paths) { my $path_perms = $self->permissions($user, $path); + foreach my $priv (keys %$path_perms) { + delete $path_perms->{$priv} if !defined($path_perms->{$priv}); + } # filter paths where user has NO permissions $perms->{$path} = $path_perms if %$path_perms; }