rpcenvironnment: add check_sdn_bridge

check if user have access to 1 vlan of the bridge
or the bridge itself

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 0de746aa51f21aae50c0d859e9958e403a263280..ae2702c458e8a4ae3f2ca620b5cfa861dbb7ae8e 100644 (file)
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -324,6 +324,24 @@ sub check_full {
     }
 }
 
+sub check_sdn_bridge {
+    my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
+
+    my $path = "/sdn/zones/$zone/$bridge";
+    my $cfg = $self->{user_cfg};
+    my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
+    if ($bridge_acl) {
+       my $vlans = $bridge_acl->{children};
+       for my $vlan (keys %$vlans) {
+           my $vlanpath = "$path/$vlan";
+           return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
+       }
+       # check access to bridge itself
+       return 1 if $self->check_any($username, $path, $privs, $noerr);
+    }
+    return;
+}
+
 sub check_user_enabled {
     my ($self, $user, $noerr) = @_;