]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/perm-test6.pl
10 use PVE
::AccessControl
;
11 use PVE
::RPCEnvironment
;
13 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
15 my $cfgfn = "test6.cfg";
16 $rpcenv->init_request(userconfig
=> $cfgfn);
19 my ($user, $path, $expected_result) = @_;
21 my $roles = PVE
::AccessControl
::roles
($rpcenv->{user_cfg
}, $user, $path);
22 my $res = join(',', sort keys %$roles);
24 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
25 if $res ne $expected_result;
27 print "ROLES:$path:$user:$res\n";
30 sub check_permissions
{
31 my ($user, $path, $expected_result) = @_;
33 my $perm = $rpcenv->permissions($user, $path);
34 my $res = join(',', sort keys %$perm);
36 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
37 if $res ne $expected_result;
39 $perm = $rpcenv->permissions($user, $path);
40 $res = join(',', sort keys %$perm);
41 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
42 if $res ne $expected_result;
44 print "PERM:$path:$user:$res\n";
47 check_roles
('User1@pve', '', '');
48 check_roles
('User2@pve', '', '');
49 check_roles
('User3@pve', '', '');
50 check_roles
('User4@pve', '', '');
52 check_roles
('User1@pve', '/vms', 'RoleTEST1');
53 check_roles
('User2@pve', '/vms', 'RoleTEST1');
54 check_roles
('User3@pve', '/vms', 'NoAccess');
55 check_roles
('User4@pve', '/vms', '');
57 check_roles
('User1@pve', '/vms/100', 'RoleTEST1');
58 check_roles
('User2@pve', '/vms/100', 'RoleTEST1');
59 check_roles
('User3@pve', '/vms/100', 'NoAccess');
60 check_roles
('User4@pve', '/vms/100', '');
62 check_roles
('User1@pve', '/vms/300', 'RoleTEST1');
63 check_roles
('User2@pve', '/vms/300', 'RoleTEST1');
64 check_roles
('User3@pve', '/vms/300', 'NoAccess');
65 check_roles
('User4@pve', '/vms/300', 'RoleTEST1');
67 check_permissions
('User1@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
68 check_permissions
('User2@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
70 check_roles
('User3@pve', '/vms/500', 'NoAccess');
72 check_permissions
('User3@pve', '/vms/500', '');
74 check_roles
('User4@pve', '/vms/500', '');
76 check_permissions
('User4@pve', '/vms/500', '');
78 # without pool, checking no access on parent pool
79 check_roles
('intern@pve', '/vms/600', '');
80 # once more, with VM in nested pool
81 check_roles
('intern@pve', '/vms/700', '');
83 check_roles
('User4@pve', '/vms/700', '');
84 # with pool, checking no access on parent pool
85 check_permissions
('intern@pve', '/vms/600', '');
86 # once more, with VM in nested pool
87 check_permissions
('intern@pve', '/vms/700', 'VM.Audit');
89 check_permissions
('User4@pve', '/vms/700', 'VM.Console');
91 # check nested pool permissions
92 check_roles
('intern@pve', '/pool/marketing/interns', 'RoleINTERN');
93 check_roles
('User4@pve', '/pool/marketing/interns', 'RoleMARKETING');
95 check_permissions
('User1@pve', '/vms/600', 'VM.Console');
96 check_permissions
('User2@pve', '/vms/600', 'VM.Console');
97 check_permissions
('User3@pve', '/vms/600', '');
98 check_permissions
('User4@pve', '/vms/600', 'VM.Console');
100 check_permissions
('User1@pve', '/storage/store1', 'VM.Console,VM.PowerMgmt');
101 check_permissions
('User2@pve', '/storage/store1', 'VM.PowerMgmt');
102 check_permissions
('User3@pve', '/storage/store1', 'VM.PowerMgmt');
103 check_permissions
('User4@pve', '/storage/store1', 'VM.Console');
105 check_permissions
('User1@pve', '/storage/store2', 'VM.PowerMgmt');
106 check_permissions
('User2@pve', '/storage/store2', 'VM.PowerMgmt');
107 check_permissions
('User3@pve', '/storage/store2', 'VM.PowerMgmt');
108 check_permissions
('User4@pve', '/storage/store2', '');
110 print "all tests passed\n";