} elsif ($et eq 'acl') {
my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
+ $propagate = $propagate ? 1 : 0;
+
if (my $path = normalize_path($pathtxt)) {
foreach my $role (split_list($rolelist)) {
}
foreach my $ug (split_list($uglist)) {
- if ($ug =~ m/^@(\S+)$/) {
- my $group = $1;
+ my ($group) = $ug =~ m/^@(\S+)$/;
+
+ if ($group && verify_groupname($group, 1)) {
if ($cfg->{groups}->{$group}) { # group exists
$cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
} else {
my $data = '';
- foreach my $user (keys %{$cfg->{users}}) {
+ foreach my $user (sort keys %{$cfg->{users}}) {
my $d = $cfg->{users}->{$user};
my $firstname = $d->{firstname} ? PVE::Tools::encode_text($d->{firstname}) : '';
my $lastname = $d->{lastname} ? PVE::Tools::encode_text($d->{lastname}) : '';
$data .= "\n";
- foreach my $group (keys %{$cfg->{groups}}) {
+ foreach my $group (sort keys %{$cfg->{groups}}) {
my $d = $cfg->{groups}->{$group};
- my $list = join (',', keys %{$d->{users}});
+ my $list = join (',', sort keys %{$d->{users}});
my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : '';
$data .= "group:$group:$list:$comment:\n";
}
$data .= "\n";
- foreach my $pool (keys %{$cfg->{pools}}) {
+ foreach my $pool (sort keys %{$cfg->{pools}}) {
my $d = $cfg->{pools}->{$pool};
- my $vmlist = join (',', keys %{$d->{vms}});
- my $storelist = join (',', keys %{$d->{storage}});
+ my $vmlist = join (',', sort keys %{$d->{vms}});
+ my $storelist = join (',', sort keys %{$d->{storage}});
my $comment = $d->{comment} ? PVE::Tools::encode_text($d->{comment}) : '';
$data .= "pool:$pool:$comment:$vmlist:$storelist:\n";
}
$data .= "\n";
- foreach my $role (keys %{$cfg->{roles}}) {
+ foreach my $role (sort keys %{$cfg->{roles}}) {
next if $special_roles->{$role};
my $d = $cfg->{roles}->{$role};
- my $list = join (',', keys %$d);
+ my $list = join (',', sort keys %$d);
$data .= "role:$role:$list:\n";
}
}
foreach my $rolelist (sort keys %{$ra->{0}}) {
- my $uglist = join (',', keys %{$ra->{0}->{$rolelist}});
+ my $uglist = join (',', sort keys %{$ra->{0}->{$rolelist}});
$data .= "acl:0:$path:$uglist:$rolelist:\n";
}
foreach my $rolelist (sort keys %{$ra->{1}}) {
- my $uglist = join (',', keys %{$ra->{1}->{$rolelist}});
+ my $uglist = join (',', sort keys %{$ra->{1}->{$rolelist}});
$data .= "acl:1:$path:$uglist:$rolelist:\n";
}
}
return @ra;
}
-sub permission {
- my ($cfg, $user, $path) = @_;
-
- $user = PVE::Auth::Plugin::verify_username($user, 1);
- return {} if !$user;
-
- my @ra = roles($cfg, $user, $path);
-
- my $privs = {};
-
- foreach my $role (@ra) {
- if (my $privset = $cfg->{roles}->{$role}) {
- foreach my $p (keys %$privset) {
- $privs->{$p} = 1;
- }
- }
- }
-
- #print "priviledges $user $path = " . Dumper ($privs);
-
- return $privs;
-}
-
-sub check_permissions {
- my ($username, $path, $privlist) = @_;
-
- $path = normalize_path($path);
- my $usercfg = cfs_read_file('user.cfg');
- my $perm = permission($usercfg, $username, $path);
-
- foreach my $priv (split_list($privlist)) {
- return undef if !$perm->{$priv};
- };
-
- return 1;
-}
-
sub remove_vm_access {
my ($vmid) = @_;
my $delVMaccessFn = sub {
projects / pve-access-control.git / blobdiff