fix bug #85: allow root@pam to generate tickets for other users
[pve-access-control.git] / test / perm-test2.pl
1 #!/usr/bin/perl -w
2
3 use strict;
4 use PVE::Tools;
5 use PVE::AccessControl;
6 use PVE::RPCEnvironment;
7 use Getopt::Long;
8
9 my $rpcenv = PVE::RPCEnvironment->init('cli');
10
11 my $cfgfn = "test2.cfg";
12 $rpcenv->init_request(userconfig => $cfgfn);
13
14 sub check_roles {
15 my ($user, $path, $expected_result) = @_;
16
17 my @ra = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
18 my $res = join(',', sort @ra);
19
20 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
21 if $res ne $expected_result;
22
23 print "ROLES:$path:$user:$res\n";
24 }
25
26 # inherit multiple group permissions
27
28 check_roles('User1@pve', '/', '');
29 check_roles('User2@pve', '/', '');
30
31 check_roles('User1@pve', '/vms', 'Role1,Role2');
32 check_roles('User2@pve', '/vms', '');
33
34 check_roles('User1@pve', '/vms/100', 'Role1,Role2');
35 check_roles('User2@pve', '/vms', '');
36
37 print "all tests passed\n";
38
39 exit (0);