[pve-access-control.git] / src / test / perm-test1.pl

#!/usr/bin/perl -w

use strict;
use PVE::Tools;
use PVE::AccessControl;
use PVE::RPCEnvironment;
use Getopt::Long;

my $rpcenv = PVE::RPCEnvironment->init('cli');

my $cfgfn = "test1.cfg";
$rpcenv->init_request(userconfig => $cfgfn);

sub check_roles {
    my ($user, $path, $expected_result) = @_;

    my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
    my $res = join(',', sort keys %$roles);

    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    print "ROLES:$path:$user:$res\n";
}

sub check_permission {
    my ($user, $path, $expected_result) = @_;

    my $perm = $rpcenv->permissions($user, $path);
    my $res = join(',', sort keys %$perm);

    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    $perm = $rpcenv->permissions($user, $path);
    $res = join(',', sort keys %$perm);
    die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    print "PERM:$path:$user:$res\n";
}

check_roles('max@pve', '/', '');
check_roles('max@pve', '/vms', 'vm_admin');

#user permissions overrides group permissions
check_roles('max@pve', '/vms/100', 'customer');
check_roles('max@pve', '/vms/101', 'vm_admin');

check_permission('max@pve', '/', '');
check_permission('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');

check_permission('alex@pve', '/vms', '');
check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');


check_roles('max@pve', '/vms/200', 'storage_manager');
check_roles('joe@pve', '/vms/200', 'vm_admin');
check_roles('sue@pve', '/vms/200', 'NoAccess');

print "all tests passed\n";

exit (0);
Commit	Line	Data
2c3a6c0a DM	1	#!/usr/bin/perl -w
	2
	3	use strict;
	4	use PVE::Tools;
	5	use PVE::AccessControl;
	6	use PVE::RPCEnvironment;
	7	use Getopt::Long;
	8
	9	my $rpcenv = PVE::RPCEnvironment->init('cli');
	10
9449fe21	11	my $cfgfn = "test1.cfg";
2c3a6c0a DM	12	$rpcenv->init_request(userconfig => $cfgfn);
	13
	14	sub check_roles {
	15	my ($user, $path, $expected_result) = @_;
	16
7e8bcaa7 FG	17	my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
7e8bcaa7 FG	18	my $res = join(',', sort keys %$roles);
2c3a6c0a DM	19
	20	die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	21	if $res ne $expected_result;
	22
	23	print "ROLES:$path:$user:$res\n";
	24	}
	25
	26	sub check_permission {
	27	my ($user, $path, $expected_result) = @_;
	28
9efcb561	29	my $perm = $rpcenv->permissions($user, $path);
2c3a6c0a DM	30	my $res = join(',', sort keys %$perm);
	31
	32	die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	33	if $res ne $expected_result;
	34
	35	$perm = $rpcenv->permissions($user, $path);
	36	$res = join(',', sort keys %$perm);
	37	die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
	38	if $res ne $expected_result;
	39
	40	print "PERM:$path:$user:$res\n";
2c3a6c0a DM	41	}
	42
	43	check_roles('max@pve', '/', '');
	44	check_roles('max@pve', '/vms', 'vm_admin');
	45
	46	#user permissions overrides group permissions
	47	check_roles('max@pve', '/vms/100', 'customer');
	48	check_roles('max@pve', '/vms/101', 'vm_admin');
	49
	50	check_permission('max@pve', '/', '');
	51	check_permission('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
	52	check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
	53
	54	check_permission('alex@pve', '/vms', '');
	55	check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
	56
	57
	58	check_roles('max@pve', '/vms/200', 'storage_manager');
	59	check_roles('joe@pve', '/vms/200', 'vm_admin');
4bc17477	60	check_roles('sue@pve', '/vms/200', 'NoAccess');
2c3a6c0a DM	61
	62	print "all tests passed\n";
	63
	64	exit (0);