test/perm-test6.pl

   1 #!/usr/bin/perl -w
   2
   3 use strict;
   4 use PVE::Tools;
   5 use PVE::AccessControl;
   6 use PVE::RPCEnvironment;
   7 use Getopt::Long;
   8
   9 my $rpcenv = PVE::RPCEnvironment->init('cli');
  10
  11 my $cfgfn = "test6.cfg";
  12 $rpcenv->init_request(userconfig => $cfgfn);
  13
  14 sub check_roles {
  15     my ($user, $path, $expected_result) = @_;
  16
  17     my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
  18     my $res = join(',', sort keys %$roles);
  19
  20     die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
  21         if $res ne $expected_result;
  22
  23     print "ROLES:$path:$user:$res\n";
  24 }
  25
  26 sub check_permissions {
  27     my ($user, $path, $expected_result) = @_;
  28
  29     my $perm = $rpcenv->permissions($user, $path);
  30     my $res = join(',', sort keys %$perm);
  31
  32     die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
  33         if $res ne $expected_result;
  34
  35     $perm = $rpcenv->permissions($user, $path);
  36     $res = join(',', sort keys %$perm);
  37     die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
  38         if $res ne $expected_result;
  39
  40     print "PERM:$path:$user:$res\n";
  41 }
  42
  43 check_roles('User1@pve', '', '');
  44 check_roles('User2@pve', '', '');
  45 check_roles('User3@pve', '', '');
  46 check_roles('User4@pve', '', '');
  47
  48 check_roles('User1@pve', '/vms', 'RoleTEST1');
  49 check_roles('User2@pve', '/vms', 'RoleTEST1');
  50 check_roles('User3@pve', '/vms', 'NoAccess');
  51 check_roles('User4@pve', '/vms', '');
  52
  53 check_roles('User1@pve', '/vms/100', 'RoleTEST1');
  54 check_roles('User2@pve', '/vms/100', 'RoleTEST1');
  55 check_roles('User3@pve', '/vms/100', 'NoAccess');
  56 check_roles('User4@pve', '/vms/100', '');
  57
  58 check_roles('User1@pve', '/vms/300', 'RoleTEST1');
  59 check_roles('User2@pve', '/vms/300', 'RoleTEST1');
  60 check_roles('User3@pve', '/vms/300', 'NoAccess');
  61 check_roles('User4@pve', '/vms/300', 'RoleTEST1');
  62
  63 check_permissions('User1@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
  64 check_permissions('User2@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
  65 # without pool
  66 check_roles('User3@pve', '/vms/500', 'NoAccess');
  67 # with pool
  68 check_permissions('User3@pve', '/vms/500', '');
  69 # without pool
  70 check_roles('User4@pve', '/vms/500', '');
  71 # with pool
  72 check_permissions('User4@pve', '/vms/500', '');
  73
  74
  75 check_permissions('User1@pve', '/vms/600', 'VM.Console');
  76 check_permissions('User2@pve', '/vms/600', 'VM.Console');
  77 check_permissions('User3@pve', '/vms/600', '');
  78 check_permissions('User4@pve', '/vms/600', 'VM.Console');
  79
  80 check_permissions('User1@pve', '/storage/store1', 'VM.Console,VM.PowerMgmt');
  81 check_permissions('User2@pve', '/storage/store1', 'VM.PowerMgmt');
  82 check_permissions('User3@pve', '/storage/store1', 'VM.PowerMgmt');
  83 check_permissions('User4@pve', '/storage/store1', 'VM.Console');
  84
  85 check_permissions('User1@pve', '/storage/store2', 'VM.PowerMgmt');
  86 check_permissions('User2@pve', '/storage/store2', 'VM.PowerMgmt');
  87 check_permissions('User3@pve', '/storage/store2', 'VM.PowerMgmt');
  88 check_permissions('User4@pve', '/storage/store2', '');
  89
  90 print "all tests passed\n";
  91
  92 exit (0);