]>
Commit | Line | Data |
---|---|---|
4bc17477 DM |
1 | #!/usr/bin/perl -w |
2 | ||
3 | use strict; | |
4 | use PVE::Tools; | |
5 | use PVE::AccessControl; | |
6 | use PVE::RPCEnvironment; | |
7 | use Getopt::Long; | |
8 | ||
9 | my $rpcenv = PVE::RPCEnvironment->init('cli'); | |
10 | ||
11 | my $cfgfn = "test6.cfg"; | |
12 | $rpcenv->init_request(userconfig => $cfgfn); | |
13 | ||
14 | sub check_roles { | |
15 | my ($user, $path, $expected_result) = @_; | |
16 | ||
7e8bcaa7 FG |
17 | my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path); |
18 | my $res = join(',', sort keys %$roles); | |
4bc17477 DM |
19 | |
20 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
21 | if $res ne $expected_result; | |
22 | ||
23 | print "ROLES:$path:$user:$res\n"; | |
24 | } | |
25 | ||
a31f1d85 FG |
26 | sub check_permissions { |
27 | my ($user, $path, $expected_result) = @_; | |
28 | ||
29 | my $perm = $rpcenv->permissions($user, $path); | |
30 | my $res = join(',', sort keys %$perm); | |
31 | ||
32 | die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" | |
33 | if $res ne $expected_result; | |
34 | ||
35 | $perm = $rpcenv->permissions($user, $path); | |
36 | $res = join(',', sort keys %$perm); | |
37 | die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n" | |
38 | if $res ne $expected_result; | |
39 | ||
40 | print "PERM:$path:$user:$res\n"; | |
41 | } | |
42 | ||
4bc17477 DM |
43 | check_roles('User1@pve', '', ''); |
44 | check_roles('User2@pve', '', ''); | |
45 | check_roles('User3@pve', '', ''); | |
46 | check_roles('User4@pve', '', ''); | |
47 | ||
48 | check_roles('User1@pve', '/vms', 'RoleTEST1'); | |
49 | check_roles('User2@pve', '/vms', 'RoleTEST1'); | |
50 | check_roles('User3@pve', '/vms', 'NoAccess'); | |
51 | check_roles('User4@pve', '/vms', ''); | |
52 | ||
53 | check_roles('User1@pve', '/vms/100', 'RoleTEST1'); | |
54 | check_roles('User2@pve', '/vms/100', 'RoleTEST1'); | |
55 | check_roles('User3@pve', '/vms/100', 'NoAccess'); | |
56 | check_roles('User4@pve', '/vms/100', ''); | |
57 | ||
21f523a5 | 58 | check_roles('User1@pve', '/vms/300', 'RoleTEST1'); |
4bc17477 DM |
59 | check_roles('User2@pve', '/vms/300', 'RoleTEST1'); |
60 | check_roles('User3@pve', '/vms/300', 'NoAccess'); | |
21f523a5 | 61 | check_roles('User4@pve', '/vms/300', 'RoleTEST1'); |
4bc17477 | 62 | |
a31f1d85 FG |
63 | check_permissions('User1@pve', '/vms/500', 'VM.Console,VM.PowerMgmt'); |
64 | check_permissions('User2@pve', '/vms/500', 'VM.Console,VM.PowerMgmt'); | |
65 | # without pool | |
4bc17477 | 66 | check_roles('User3@pve', '/vms/500', 'NoAccess'); |
a31f1d85 FG |
67 | # with pool |
68 | check_permissions('User3@pve', '/vms/500', ''); | |
69 | # without pool | |
4bc17477 | 70 | check_roles('User4@pve', '/vms/500', ''); |
a31f1d85 FG |
71 | # with pool |
72 | check_permissions('User4@pve', '/vms/500', ''); | |
73 | ||
4bc17477 | 74 | |
a31f1d85 FG |
75 | check_permissions('User1@pve', '/vms/600', 'VM.Console'); |
76 | check_permissions('User2@pve', '/vms/600', 'VM.Console'); | |
77 | check_permissions('User3@pve', '/vms/600', ''); | |
78 | check_permissions('User4@pve', '/vms/600', 'VM.Console'); | |
4bc17477 | 79 | |
a31f1d85 FG |
80 | check_permissions('User1@pve', '/storage/store1', 'VM.Console,VM.PowerMgmt'); |
81 | check_permissions('User2@pve', '/storage/store1', 'VM.PowerMgmt'); | |
82 | check_permissions('User3@pve', '/storage/store1', 'VM.PowerMgmt'); | |
83 | check_permissions('User4@pve', '/storage/store1', 'VM.Console'); | |
4bc17477 | 84 | |
a31f1d85 FG |
85 | check_permissions('User1@pve', '/storage/store2', 'VM.PowerMgmt'); |
86 | check_permissions('User2@pve', '/storage/store2', 'VM.PowerMgmt'); | |
87 | check_permissions('User3@pve', '/storage/store2', 'VM.PowerMgmt'); | |
88 | check_permissions('User4@pve', '/storage/store2', ''); | |
4bc17477 DM |
89 | |
90 | print "all tests passed\n"; | |
91 | ||
92 | exit (0); |