access-control: remove check_permissions/permission

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 3e52c5f5389ae6b5c7d3216a3f014535b37119b8..ad97a426c6df7aa4627383d5e2a12b6d42ac7583 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -965,6 +965,8 @@ sub parse_user_config {
        } elsif ($et eq 'acl') {
            my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
 
+           $propagate = $propagate ? 1 : 0;
+
            if (my $path = normalize_path($pathtxt)) {
                foreach my $role (split_list($rolelist)) {
 
@@ -1065,7 +1067,7 @@ sub write_user_config {
 
     foreach my $group (sort keys %{$cfg->{groups}}) {
        my $d = $cfg->{groups}->{$group};
-       my $list = join (',', keys %{$d->{users}});
+       my $list = join (',', sort keys %{$d->{users}});
        my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : '';
        $data .= "group:$group:$list:$comment:\n";
     }
@@ -1074,8 +1076,8 @@ sub write_user_config {
 
     foreach my $pool (sort keys %{$cfg->{pools}}) {
        my $d = $cfg->{pools}->{$pool};
-       my $vmlist = join (',', keys %{$d->{vms}});
-       my $storelist = join (',', keys %{$d->{storage}});
+       my $vmlist = join (',', sort keys %{$d->{vms}});
+       my $storelist = join (',', sort keys %{$d->{storage}});
        my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : '';
        $data .= "pool:$pool:$comment:$vmlist:$storelist:\n";
     }
@@ -1086,7 +1088,7 @@ sub write_user_config {
        next if $special_roles->{$role};
 
        my $d = $cfg->{roles}->{$role};
-       my $list = join (',', keys %$d);
+       my $list = join (',', sort keys %$d);
        $data .= "role:$role:$list:\n";
     }
 
@@ -1135,11 +1137,11 @@ sub write_user_config {
        }
 
        foreach my $rolelist (sort keys %{$ra->{0}}) {
-           my $uglist = join (',', keys %{$ra->{0}->{$rolelist}});
+           my $uglist = join (',', sort keys %{$ra->{0}->{$rolelist}});
            $data .= "acl:0:$path:$uglist:$rolelist:\n";
        }
        foreach my $rolelist (sort keys %{$ra->{1}}) {
-           my $uglist = join (',', keys %{$ra->{1}->{$rolelist}});
+           my $uglist = join (',', sort keys %{$ra->{1}->{$rolelist}});
            $data .= "acl:1:$path:$uglist:$rolelist:\n";
        }
     }
@@ -1273,43 +1275,6 @@ sub roles {
     return @ra;
 }
 
-sub permission {
-    my ($cfg, $user, $path) = @_;
-
-    $user = PVE::Auth::Plugin::verify_username($user, 1);
-    return {} if !$user;
-
-    my @ra = roles($cfg, $user, $path);
-
-    my $privs = {};
-
-    foreach my $role (@ra) {
-       if (my $privset = $cfg->{roles}->{$role}) {
-           foreach my $p (keys %$privset) {
-               $privs->{$p} = 1;
-           }
-       }
-    }
-
-    #print "priviledges $user $path = " . Dumper ($privs);
-
-    return $privs;
-}
-
-sub check_permissions {
-    my ($username, $path, $privlist) = @_;
-
-    $path = normalize_path($path);
-    my $usercfg = cfs_read_file('user.cfg');
-    my $perm = permission($usercfg, $username, $path);
-
-    foreach my $priv (split_list($privlist)) {
-       return undef if !$perm->{$priv};
-    };
-
-    return 1;
-}
-
 sub remove_vm_access {
     my ($vmid) = @_;
     my $delVMaccessFn = sub {