X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=test%2Fperm-test6.pl;fp=test%2Fperm-test6.pl;h=58ced5f7a110da9b96ea923be3d637eda9014ec5;hp=0000000000000000000000000000000000000000;hb=4bc17477d841731a2ff88cf3d32ddb0fd0ac0899;hpb=f8cc5a5f36b6480ac4d56569fc5a38c2d34d9f3d

diff --git a/test/perm-test6.pl b/test/perm-test6.pl
new file mode 100755
index 0000000..58ced5f
--- /dev/null
+++ b/test/perm-test6.pl
@@ -0,0 +1,68 @@
+#!/usr/bin/perl -w
+
+use strict;
+use PVE::Tools;
+use PVE::AccessControl;
+use PVE::RPCEnvironment;
+use Getopt::Long;
+
+my $rpcenv = PVE::RPCEnvironment->init('cli');
+
+my $cfgfn = "test6.cfg";
+$rpcenv->init_request(userconfig => $cfgfn);
+
+sub check_roles {
+    my ($user, $path, $expected_result) = @_;
+
+    my @ra = $rpcenv->roles($user, $path);
+    my $res = join(',', sort @ra);
+
+    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
+	if $res ne $expected_result;
+
+    print "ROLES:$path:$user:$res\n";
+}
+
+check_roles('User1@pve', '', '');
+check_roles('User2@pve', '', '');
+check_roles('User3@pve', '', '');
+check_roles('User4@pve', '', '');
+
+check_roles('User1@pve', '/vms', 'RoleTEST1');
+check_roles('User2@pve', '/vms', 'RoleTEST1');
+check_roles('User3@pve', '/vms', 'NoAccess');
+check_roles('User4@pve', '/vms', '');
+
+check_roles('User1@pve', '/vms/100', 'RoleTEST1');
+check_roles('User2@pve', '/vms/100', 'RoleTEST1');
+check_roles('User3@pve', '/vms/100', 'NoAccess');
+check_roles('User4@pve', '/vms/100', '');
+
+check_roles('User1@pve', '/vms/300', 'Role1');
+check_roles('User2@pve', '/vms/300', 'RoleTEST1');
+check_roles('User3@pve', '/vms/300', 'NoAccess');
+check_roles('User4@pve', '/vms/300', 'Role1');
+
+check_roles('User1@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
+check_roles('User2@pve', '/vms/500', 'RoleDEVEL,RoleTEST1');
+check_roles('User3@pve', '/vms/500', 'NoAccess');
+check_roles('User4@pve', '/vms/500', '');
+
+check_roles('User1@pve', '/vms/600', 'RoleMARKETING,RoleTEST1');
+check_roles('User2@pve', '/vms/600', 'RoleTEST1');
+check_roles('User3@pve', '/vms/600', 'NoAccess');
+check_roles('User4@pve', '/vms/600', 'RoleMARKETING');
+
+check_roles('User1@pve', '/storage/store1', 'RoleDEVEL,RoleMARKETING');
+check_roles('User2@pve', '/storage/store1', 'RoleDEVEL');
+check_roles('User3@pve', '/storage/store1', 'RoleDEVEL');
+check_roles('User4@pve', '/storage/store1', 'RoleMARKETING');
+
+check_roles('User1@pve', '/storage/store2', 'RoleDEVEL');
+check_roles('User2@pve', '/storage/store2', 'RoleDEVEL');
+check_roles('User3@pve', '/storage/store2', 'RoleDEVEL');
+check_roles('User4@pve', '/storage/store2', '');
+
+print "all tests passed\n";
+
+exit (0);