rpcenv: improve user/token intersection

this could return undef for the propagation flag instead of 1/0, leading
to confusing displays of permission trees. all the actual checks using
the returned hash check for definedness anyway, so the actual
privileges checked and the displayed ones were not identical.

fixes: 7e8bcaa754432f084e53d9daf13c653a8777d88b
"roles()/permissions(): also return propagate flag"

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 8ecbbd9e91397dbf01c85f276319e57b678064dc..5e0ef0421a2ac36d2008c785a3a14ef6c314273c 100644 (file)
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -82,7 +82,8 @@ my $compile_acl_path = sub {
     if ($username && $username ne 'root@pam') {
        # intersect user and token permissions
        my $user_privs = $cache->{$username}->{privs}->{$path};
-       $privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } keys %$privs };
+       my $filtered_privs = [ grep { $user_privs->{$_} } keys %$privs ];
+       $privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } @$filtered_privs };
     }
 
     $data->{privs}->{$path} = $privs;