# Note: assume we do not want to propagate those privs
if ($data->{poolroles}->{$path}) {
if (!($ra[0] && $ra[0] eq 'NoAccess')) {
- foreach my $role (keys %{$data->{poolroles}->{$path}}) {
- push @ra, $role;
+ if ($data->{poolroles}->{$path}->{NoAccess}) {
+ @ra = ('NoAccess');
+ } else {
+ foreach my $role (keys %{$data->{poolroles}->{$path}}) {
+ push @ra, $role;
+ }
}
}
}
my ($self, $user, $path, $privs, $noerr) = @_;
my $perm = $self->permissions($user, $path);
- syslog("info", "check_any $user $path " . join(" ", keys %$perm));
+
my $found = 0;
foreach my $priv (@$privs) {
PVE::AccessControl::verify_privname($priv);