if ($cfg->{users}->{$user}) { # user exists
$cfg->{users}->{$user}->{groups}->{$group} = 1;
- $cfg->{groups}->{$group}->{users}->{$user} = 1;
} else {
warn "user config - ignore invalid group member '$user'\n";
}
+ $cfg->{groups}->{$group}->{users}->{$user} = 1;
}
} elsif ($et eq 'role') {
my ($group) = $ug =~ m/^@(\S+)$/;
if ($group && verify_groupname($group, 1)) {
- if ($cfg->{groups}->{$group}) { # group exists
- $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
- } else {
+ if (!$cfg->{groups}->{$group}) { # group does not exist
warn "user config - ignore invalid acl group '$group'\n";
}
+ $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
} elsif (PVE::Auth::Plugin::verify_username($ug, 1)) {
- if ($cfg->{users}->{$ug}) { # user exists
- $cfg->{acl}->{$path}->{users}->{$ug}->{$role} = $propagate;
- } else {
+ if (!$cfg->{users}->{$ug}) { # user does not exist
warn "user config - ignore invalid acl member '$ug'\n";
}
+ $cfg->{acl}->{$path}->{users}->{$ug}->{$role} = $propagate;
} elsif (my ($user, $token) = split_tokenid($ug, 1)) {
if (check_token_exist($cfg, $user, $token, 1)) {
$cfg->{acl}->{$path}->{tokens}->{$ug}->{$role} = $propagate;
'test2@pam' => {
'PVEDatastoreUser' => 1,
},
+ 'test@pam' => {
+ 'PVEDatastoreAdmin' => 1,
+ },
},
},
acl_simple_token => {
acl_complex_missing_group => {
'path' => '/storage',
groups => {
+ 'testgroup' => {
+ 'PVEDatastoreAdmin' => 1,
+ },
'another' => {
'PVEDatastoreUser' => 1,
},
config => {
users => default_users_with([$default_cfg->{test2_pam}]),
roles => default_roles(),
- acl => default_acls_with([$default_cfg->{acl_complex_missing_user}]),
+ acl => default_acls_with([$default_cfg->{acl_simple_user}, $default_cfg->{acl_complex_missing_user}]),
},
raw => "".
$default_raw->{users}->{'root@pam'}."\n".
$default_raw->{acl}->{'acl_simple_user'}."\n".
$default_raw->{acl}->{'acl_complex_users_1'}."\n".
$default_raw->{acl}->{'acl_complex_users_2'}."\n",
- expected_raw => "".
- $default_raw->{users}->{'root@pam'}."\n".
- $default_raw->{users}->{'test2_pam'}."\n\n\n\n\n".
- $default_raw->{acl}->{'acl_complex_users_2'}."\n",
},
{
name => "acl_simple_group",
users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
groups => default_groups_with([$default_cfg->{'test_group_second'}]),
roles => default_roles(),
- acl => default_acls_with([$default_cfg->{acl_complex_missing_group}]),
+ acl => default_acls_with([$default_cfg->{acl_simple_group}, $default_cfg->{acl_complex_missing_group}]),
},
raw => "".
$default_raw->{users}->{'root@pam'}."\n".
$default_raw->{users}->{'test3_pam'}."\n".
$default_raw->{users}->{'test_pam'}."\n\n".
$default_raw->{groups}->{'test_group_second'}."\n\n\n\n".
+ $default_raw->{acl}->{'acl_simple_group'}."\n".
+ $default_raw->{acl}->{'acl_complex_groups_1'}."\n".
$default_raw->{acl}->{'acl_complex_groups_2'}."\n",
},
{