]> git.proxmox.com Git - pve-access-control.git/blob - test/perm-test8.pl
projects / pve-access-control.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
d/control: bump debhelper compat to >= 12
[pve-access-control.git] / test / perm-test8.pl
1 #!/usr/bin/perl -w
2
3 use strict;
4 use PVE::Tools;
5 use PVE::AccessControl;
6 use PVE::RPCEnvironment;
7
8 my $rpcenv = PVE::RPCEnvironment->init('cli');
9
10 my $cfgfn = "test8.cfg";
11 $rpcenv->init_request(userconfig => $cfgfn);
12
13 sub check_roles {
14 my ($user, $path, $expected_result) = @_;
15
16 my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
17 my $res = join(',', sort keys %$roles);
18
19 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
20 if $res ne $expected_result;
21
22 print "ROLES:$path:$user:$res\n";
23 }
24
25 sub check_permission {
26 my ($user, $path, $expected_result) = @_;
27
28 my $perm = $rpcenv->permissions($user, $path);
29 my $res = join(',', sort keys %$perm);
30
31 die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
32 if $res ne $expected_result;
33
34 $perm = $rpcenv->permissions($user, $path);
35 $res = join(',', sort keys %$perm);
36 die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
37 if $res ne $expected_result;
38
39 print "PERM:$path:$user:$res\n";
40 }
41
42 check_roles('max@pve', '/', '');
43 check_roles('max@pve', '/vms', 'vm_admin');
44
45 #user permissions overrides group permissions
46 check_roles('max@pve', '/vms/100', 'customer');
47 check_roles('max@pve', '/vms/101', 'vm_admin');
48
49 check_permission('max@pve', '/', '');
50 check_permission('max@pve', '/vms', 'Permissions.Modify,VM.Allocate,VM.Audit,VM.Console');
51 check_permission('max@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
52
53 check_permission('alex@pve', '/vms', '');
54 check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
55
56 check_roles('max@pve', '/vms/200', 'storage_manager');
57 check_roles('joe@pve', '/vms/200', 'vm_admin');
58 check_roles('sue@pve', '/vms/200', 'NoAccess');
59
60 check_roles('carol@pam', '/vms/200', 'NoAccess');
61 check_roles('carol@pam!token', '/vms/200', 'NoAccess');
62 check_roles('max@pve!token', '/vms/200', 'storage_manager');
63 check_roles('max@pve!token2', '/vms/200', 'customer');
64
65 print "all tests passed\n";
66
67 exit (0);
68
Access control framework