]>
Commit | Line | Data |
---|---|---|
891f7afa FG |
1 | #!/usr/bin/perl -w |
2 | ||
3 | use strict; | |
95fb22e6 TL |
4 | use warnings; |
5 | ||
891f7afa | 6 | use PVE::Tools; |
95fb22e6 | 7 | |
891f7afa FG |
8 | use PVE::AccessControl; |
9 | use PVE::RPCEnvironment; | |
10 | ||
11 | my $rpcenv = PVE::RPCEnvironment->init('cli'); | |
12 | ||
13 | my $cfgfn = "test8.cfg"; | |
14 | $rpcenv->init_request(userconfig => $cfgfn); | |
15 | ||
16 | sub check_roles { | |
17 | my ($user, $path, $expected_result) = @_; | |
18 | ||
19 | my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path); | |
20 | my $res = join(',', sort keys %$roles); | |
21 | ||
22 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
23 | if $res ne $expected_result; | |
24 | ||
25 | print "ROLES:$path:$user:$res\n"; | |
26 | } | |
27 | ||
28 | sub check_permission { | |
29 | my ($user, $path, $expected_result) = @_; | |
30 | ||
31 | my $perm = $rpcenv->permissions($user, $path); | |
32 | my $res = join(',', sort keys %$perm); | |
33 | ||
34 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
35 | if $res ne $expected_result; | |
36 | ||
37 | $perm = $rpcenv->permissions($user, $path); | |
38 | $res = join(',', sort keys %$perm); | |
39 | die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n" | |
40 | if $res ne $expected_result; | |
41 | ||
42 | print "PERM:$path:$user:$res\n"; | |
43 | } | |
44 | ||
45 | check_roles('max@pve', '/', ''); | |
46 | check_roles('max@pve', '/vms', 'vm_admin'); | |
47 | ||
48 | #user permissions overrides group permissions | |
49 | check_roles('max@pve', '/vms/100', 'customer'); | |
50 | check_roles('max@pve', '/vms/101', 'vm_admin'); | |
51 | ||
52 | check_permission('max@pve', '/', ''); | |
df619a8d | 53 | check_permission('max@pve', '/vms', 'VM.Allocate,VM.Audit,VM.Console'); |
891f7afa FG |
54 | check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt'); |
55 | ||
56 | check_permission('alex@pve', '/vms', ''); | |
57 | check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt'); | |
58 | ||
59 | check_roles('max@pve', '/vms/200', 'storage_manager'); | |
60 | check_roles('joe@pve', '/vms/200', 'vm_admin'); | |
61 | check_roles('sue@pve', '/vms/200', 'NoAccess'); | |
62 | ||
63 | check_roles('carol@pam', '/vms/200', 'NoAccess'); | |
64 | check_roles('carol@pam!token', '/vms/200', 'NoAccess'); | |
65 | check_roles('max@pve!token', '/vms/200', 'storage_manager'); | |
66 | check_roles('max@pve!token2', '/vms/200', 'customer'); | |
67 | ||
1bd10ecf | 68 | # check intersection -> token has Administrator, but user only vm_admin |
df619a8d | 69 | check_permission('max@pve!token2', '/vms/300', 'VM.Allocate,VM.Audit,VM.Console,VM.PowerMgmt'); |
1bd10ecf | 70 | |
891f7afa FG |
71 | print "all tests passed\n"; |
72 | ||
73 | exit (0); | |
74 |