buildsys: split packaging and source build-systems Much nicer to handle and work with than entangling all together in a single spaghetti pile. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not modify ACLs/Groups for missing users instead of dropping ACLs and group membership for missing users, simply warn and leave it in the config for users that get removed via the api this happens explicitely this is to prevent that a 'faulty' ldapsync removes users temporarily and with it all acls that the admin created we still have a 'purge' flag for the sync where ACLs get removed explicitly for users removed from ldap also adapt the tests Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
user.cfg: skip inexisting roles when parsing ACLs we do the same for missing users, groups and tokens, and just like groups, roles with an empty privilege set are explicitly allowed so pre-generating placeholders is possible. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
roles()/permissions(): also return propagate flag this information is already available, but not exposed. we need it for dumping an effective permission tree of a given user/token. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
rpcenv: drop unused roles() it was useful for test-cases to verify the behaviour when pools where introduced, but it is not used anywhere else in the code base and those tests can also just check on permission-level. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
access-control: remove check_permissions/permission they have been handled by PVE::RPCEnvironment for quite some time already, and the versions there are the complete ones that should be actually used. manager switched over their last use not long ago, in 6.0-9, so record a Breaks to that version. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
iimported from svn 'pve-access-control/trunk'