]> git.proxmox.com Git - pve-access-control.git/blob - src/test/perm-test8.pl
projects / pve-access-control.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bump version to 8.1.4
[pve-access-control.git] / src / test / perm-test8.pl
1 #!/usr/bin/perl -w
2
3 use strict;
4 use warnings;
5
6 use PVE::Tools;
7
8 use PVE::AccessControl;
9 use PVE::RPCEnvironment;
10
11 my $rpcenv = PVE::RPCEnvironment->init('cli');
12
13 my $cfgfn = "test8.cfg";
14 $rpcenv->init_request(userconfig => $cfgfn);
15
16 sub check_roles {
17 my ($user, $path, $expected_result) = @_;
18
19 my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
20 my $res = join(',', sort keys %$roles);
21
22 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
23 if $res ne $expected_result;
24
25 print "ROLES:$path:$user:$res\n";
26 }
27
28 sub check_permission {
29 my ($user, $path, $expected_result) = @_;
30
31 my $perm = $rpcenv->permissions($user, $path);
32 my $res = join(',', sort keys %$perm);
33
34 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
35 if $res ne $expected_result;
36
37 $perm = $rpcenv->permissions($user, $path);
38 $res = join(',', sort keys %$perm);
39 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
40 if $res ne $expected_result;
41
42 print "PERM:$path:$user:$res\n";
43 }
44
45 check_roles('max@pve', '/', '');
46 check_roles('max@pve', '/vms', 'vm_admin');
47
48 #user permissions overrides group permissions
49 check_roles('max@pve', '/vms/100', 'customer');
50 check_roles('max@pve', '/vms/101', 'vm_admin');
51
52 check_permission('max@pve', '/', '');
53 check_permission('max@pve', '/vms', 'VM.Allocate,VM.Audit,VM.Console');
54 check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
55
56 check_permission('alex@pve', '/vms', '');
57 check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
58
59 check_roles('max@pve', '/vms/200', 'storage_manager');
60 check_roles('joe@pve', '/vms/200', 'vm_admin');
61 check_roles('sue@pve', '/vms/200', 'NoAccess');
62
63 check_roles('carol@pam', '/vms/200', 'NoAccess');
64 check_roles('carol@pam!token', '/vms/200', 'NoAccess');
65 check_roles('max@pve!token', '/vms/200', 'storage_manager');
66 check_roles('max@pve!token2', '/vms/200', 'customer');
67
68 # check intersection -> token has Administrator, but user only vm_admin
69 check_permission('max@pve!token2', '/vms/300', 'VM.Allocate,VM.Audit,VM.Console,VM.PowerMgmt');
70
71 print "all tests passed\n";
72
73 exit (0);
74
Access control framework