if ($username && $username ne 'root@pam') {
# intersect user and token permissions
my $user_privs = $cache->{$username}->{privs}->{$path};
- $privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } keys %$privs };
+ my $filtered_privs = [ grep { $user_privs->{$_} } keys %$privs ];
+ $privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } @$filtered_privs };
+ }
+
+ foreach my $priv (keys %$privs) {
+ # safeguard, this should never happen anyway
+ delete $privs->{$priv} if !defined($privs->{$priv});
}
$data->{privs}->{$path} = $privs;
my $toplevel = ($path =~ /^\/(\w+)/) ? $1 : 'dc';
if ($toplevel eq 'pool') {
foreach my $priv (keys %$path_perm) {
+ next if !defined($path_perm->{$priv});
+
if ($priv =~ m/^VM\./) {
$res->{vms}->{$priv} = 1;
} elsif ($priv =~ m/^Datastore\./) {
} else {
my $priv_regex = $priv_re_map->{$toplevel} // next;
foreach my $priv (keys %$path_perm) {
+ next if !defined($path_perm->{$priv});
+
next if $priv !~ m/^($priv_regex)/;
$res->{$toplevel}->{$priv} = 1;
}
my $perms = {};
foreach my $path (keys %$paths) {
my $path_perms = $self->permissions($user, $path);
+ foreach my $priv (keys %$path_perms) {
+ delete $path_perms->{$priv} if !defined($path_perms->{$priv});
+ }
# filter paths where user has NO permissions
$perms->{$path} = $path_perms if %$path_perms;
}
projects / pve-access-control.git / blobdiff