sen TERM to all pgrp members
[pve-access-control.git] / test / perm-test1.pl
1 #!/usr/bin/perl -w
2
3 use strict;
4 use PVE::Tools;
5 use PVE::AccessControl;
6 use PVE::RPCEnvironment;
7 use Getopt::Long;
8
9 my $rpcenv = PVE::RPCEnvironment->init('cli');
10
11 my $cfgfn = "user.cfg.ex1";
12 $rpcenv->init_request(userconfig => $cfgfn);
13
14 sub check_roles {
15 my ($user, $path, $expected_result) = @_;
16
17 my @ra = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
18 my $res = join(',', sort @ra);
19
20 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
21 if $res ne $expected_result;
22
23 print "ROLES:$path:$user:$res\n";
24 }
25
26 sub check_permission {
27 my ($user, $path, $expected_result) = @_;
28
29 my $perm = PVE::AccessControl::permission($rpcenv->{user_cfg}, $user, $path);
30 my $res = join(',', sort keys %$perm);
31
32 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
33 if $res ne $expected_result;
34
35 $perm = $rpcenv->permissions($user, $path);
36 $res = join(',', sort keys %$perm);
37 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
38 if $res ne $expected_result;
39
40 print "PERM:$path:$user:$res\n";
41
42 }
43
44 check_roles('max@pve', '/', '');
45 check_roles('max@pve', '/vms', 'vm_admin');
46
47 #user permissions overrides group permissions
48 check_roles('max@pve', '/vms/100', 'customer');
49 check_roles('max@pve', '/vms/101', 'vm_admin');
50
51 check_permission('max@pve', '/', '');
52 check_permission('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
53 check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
54
55 check_permission('alex@pve', '/vms', '');
56 check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
57
58
59 check_roles('max@pve', '/vms/200', 'storage_manager');
60 check_roles('joe@pve', '/vms/200', 'vm_admin');
61 check_roles('sue@pve', '/vms/200', '');
62
63 print "all tests passed\n";
64
65 exit (0);