]> git.proxmox.com Git - pve-access-control.git/commitdiff
projects / pve-access-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e1ea58c)
add new SDN.use privilege in PVESDNUser role
authorAlexandre Derumier <aderumier@odiso.com>
Tue, 6 Jun 2023 13:19:25 +0000 (15:19 +0200)
committerFabian Grünbichler <f.gruenbichler@proxmox.com>
Wed, 7 Jun 2023 11:17:40 +0000 (13:17 +0200)
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
FG: fix test
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
src/PVE/AccessControl.pm patch | blob | blame | history
src/test/perm-test1.pl patch | blob | blame | history

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index a55ee87ca03aa993bc413b66645244fb139a8245..e234d2452e5b25bbffcda7fcb6628d9850f9da25 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1087,6 +1087,9 @@ my $privgroups = {
            'SDN.Allocate',
            'SDN.Audit',
        ],
+       user => [
+           'SDN.Use',
+       ],
        audit => [
            'SDN.Audit',
        ],
diff --git a/src/test/perm-test1.pl b/src/test/perm-test1.pl
index d7cab3d104aa2905d503e69eb23df9b848d99cc7..523325b47887fcdaeb7fb9e1b0fac2e495119de8 100755 (executable)
--- a/src/test/perm-test1.pl
+++ b/src/test/perm-test1.pl
@@ -61,7 +61,7 @@ check_permission('alex@pve', '/vms/100', 'VM.Audit,VM.PowerMgmt');
 # PVEVMAdmin -> no Permissions.Modify!
 check_permission('alex@pve', '/vms/300', 'VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback');
 # Administrator -> Permissions.Modify!
-check_permission('alex@pve', '/vms/400', 'Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.Allocate,Realm.AllocateUser,SDN.Allocate,SDN.Audit,Sys.Audit,Sys.Console,Sys.Incoming,Sys.Modify,Sys.PowerMgmt,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback');
+check_permission('alex@pve', '/vms/400', 'Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.Allocate,Realm.AllocateUser,SDN.Allocate,SDN.Audit,SDN.Use,Sys.Audit,Sys.Console,Sys.Incoming,Sys.Modify,Sys.PowerMgmt,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback');
 
 check_roles('max@pve', '/vms/200', 'storage_manager');
 check_roles('joe@pve', '/vms/200', 'vm_admin');
Access control framework