From 9efcb5612917dc2d58d94972f4b8d7eadf462d73 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 21 Nov 2019 15:43:22 +0100 Subject: [PATCH] access-control: remove check_permissions/permission MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit they have been handled by PVE::RPCEnvironment for quite some time already, and the versions there are the complete ones that should be actually used. manager switched over their last use not long ago, in 6.0-9, so record a Breaks to that version. Signed-off-by: Fabian Grünbichler --- PVE/AccessControl.pm | 37 ------------------------------------- debian/control | 1 + test/dump-perm.pl | 16 ++++++---------- test/perm-test1.pl | 2 +- 4 files changed, 8 insertions(+), 48 deletions(-) diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index 1ba1596..ad97a42 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -1275,43 +1275,6 @@ sub roles { return @ra; } -sub permission { - my ($cfg, $user, $path) = @_; - - $user = PVE::Auth::Plugin::verify_username($user, 1); - return {} if !$user; - - my @ra = roles($cfg, $user, $path); - - my $privs = {}; - - foreach my $role (@ra) { - if (my $privset = $cfg->{roles}->{$role}) { - foreach my $p (keys %$privset) { - $privs->{$p} = 1; - } - } - } - - #print "priviledges $user $path = " . Dumper ($privs); - - return $privs; -} - -sub check_permissions { - my ($username, $path, $privlist) = @_; - - $path = normalize_path($path); - my $usercfg = cfs_read_file('user.cfg'); - my $perm = permission($usercfg, $username, $path); - - foreach my $priv (split_list($privlist)) { - return undef if !$perm->{$priv}; - }; - - return 1; -} - sub remove_vm_access { my ($vmid) = @_; my $delVMaccessFn = sub { diff --git a/debian/control b/debian/control index e9f70d6..4247b1f 100644 --- a/debian/control +++ b/debian/control @@ -31,6 +31,7 @@ Depends: libauthen-pam-perl, pve-cluster (>= 5.0-35), ${misc:Depends}, ${perl:Depends}, +Breaks: pve-manager (<= 6.0-9), Description: Proxmox VE access control library This package contains the role based user management and access control function used by Proxmox VE. diff --git a/test/dump-perm.pl b/test/dump-perm.pl index 96bc023..cb2a2ee 100755 --- a/test/dump-perm.pl +++ b/test/dump-perm.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl -w use strict; -use PVE::AccessControl; +use PVE::RPCEnvironment; use Getopt::Long; use Data::Dumper; @@ -23,18 +23,14 @@ if (!($username && $path)) { my $cfg; +my $rpcenv = PVE::RPCEnvironment->init('cli'); if ($opt_file) { - - my $fh = IO::File->new ($opt_file, 'r') || - die "can't open file $opt_file - $!\n"; - - $cfg = PVE::AccessControl::parse_config ($opt_file, $fh); - $fh->close(); - + $rpcenv->init_request(userconfig => $opt_file); } else { - $cfg = PVE::AccessControl::load_user_config(); + $rpcenv->init_request(); } -my $perm = PVE::AccessControl::permission($cfg, $username, $path); + +my $perm = $rpcenv->permissions($username, $path); print "permission for user '$username' on '$path':\n"; print join(',', keys %$perm) . "\n"; diff --git a/test/perm-test1.pl b/test/perm-test1.pl index fe654b8..3efc79f 100755 --- a/test/perm-test1.pl +++ b/test/perm-test1.pl @@ -26,7 +26,7 @@ sub check_roles { sub check_permission { my ($user, $path, $expected_result) = @_; - my $perm = PVE::AccessControl::permission($rpcenv->{user_cfg}, $user, $path); + my $perm = $rpcenv->permissions($user, $path); my $res = join(',', sort keys %$perm); die "unexpected result\nneed '${expected_result}'\ngot '$res'\n" -- 2.39.2