From 3c97bee53cf0f8d2700abe649d14cc6d10ce6d03 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Wed, 7 Jun 2023 11:33:39 +0200 Subject: [PATCH] check_sdn_bridge: correctly handle noerr MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- src/PVE/RPCEnvironment.pm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm index ae2702c..745296a 100644 --- a/src/PVE/RPCEnvironment.pm +++ b/src/PVE/RPCEnvironment.pm @@ -324,6 +324,7 @@ sub check_full { } } +# check for any fashion of access to vnet/bridge sub check_sdn_bridge { my ($self, $username, $zone, $bridge, $privs, $noerr) = @_; @@ -331,14 +332,19 @@ sub check_sdn_bridge { my $cfg = $self->{user_cfg}; my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path); if ($bridge_acl) { + # check access to VLANs my $vlans = $bridge_acl->{children}; for my $vlan (keys %$vlans) { my $vlanpath = "$path/$vlan"; - return 1 if $self->check_any($username, $vlanpath, $privs, $noerr); + return 1 if $self->check_any($username, $vlanpath, $privs, 1); } # check access to bridge itself - return 1 if $self->check_any($username, $path, $privs, $noerr); + return 1 if $self->check_any($username, $path, $privs, 1); } + + # repeat check, but fatal + $self->check_any($username, $path, $privs, 0) if !$noerr; + return; } -- 2.39.2