From 2e37e77902f2b3712eda5b4d68cc907a1fd901e9 Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Mon, 27 Mar 2023 12:18:22 +0200 Subject: [PATCH] ui: firewall panel/grids : add privilege checks on buttons Use enableFn to enable/disable the toolbar buttons according to the existing privileges. Signed-off-by: Alexandre Derumier [ D: adapted commit subject and added commit message ] Signed-off-by: Dominik Csapak --- www/manager6/dc/SecurityGroups.js | 7 +++++++ www/manager6/grid/FirewallAliases.js | 6 ++++++ www/manager6/grid/FirewallOptions.js | 6 +++++- www/manager6/grid/FirewallRules.js | 17 ++++++++++++----- www/manager6/panel/IPSet.js | 18 +++++++++++++++++- 5 files changed, 47 insertions(+), 7 deletions(-) diff --git a/www/manager6/dc/SecurityGroups.js b/www/manager6/dc/SecurityGroups.js index 26172bf3..b19e370b 100644 --- a/www/manager6/dc/SecurityGroups.js +++ b/www/manager6/dc/SecurityGroups.js @@ -100,6 +100,8 @@ Ext.define('PVE.SecurityGroupList', { let sm = Ext.create('Ext.selection.RowModel', {}); + let caps = Ext.state.Manager.get('GuiCap'); + let reload = function() { let oldrec = sm.getSelection()[0]; store.load((records, operation, success) => { @@ -130,12 +132,14 @@ Ext.define('PVE.SecurityGroupList', { me.editBtn = new Proxmox.button.Button({ text: gettext('Edit'), + enableFn: rec => !!caps.dc['Sys.Modify'], disabled: true, selModel: sm, handler: run_editor, }); me.addBtn = new Proxmox.button.Button({ text: gettext('Create'), + disabled: !caps.dc['Sys.Modify'], handler: function() { sm.deselectAll(); var win = Ext.create('PVE.SecurityGroupEdit', {}); @@ -148,6 +152,9 @@ Ext.define('PVE.SecurityGroupList', { selModel: sm, baseurl: me.base_url + '/', enableFn: function(rec) { + if (!caps.dc['Sys.Modify']) { + return false; + } return rec && me.base_url; }, callback: () => reload(), diff --git a/www/manager6/grid/FirewallAliases.js b/www/manager6/grid/FirewallAliases.js index 00d0d74b..b6f07334 100644 --- a/www/manager6/grid/FirewallAliases.js +++ b/www/manager6/grid/FirewallAliases.js @@ -104,6 +104,8 @@ Ext.define('PVE.FirewallAliases', { let sm = Ext.create('Ext.selection.RowModel', {}); + let caps = Ext.state.Manager.get('GuiCap'); + let reload = function() { let oldrec = sm.getSelection()[0]; store.load(function(records, operation, success) { @@ -133,11 +135,13 @@ Ext.define('PVE.FirewallAliases', { text: gettext('Edit'), disabled: true, selModel: sm, + enableFn: rec => !!caps.vms['VM.Config.Network'] || !!caps.dc['Sys.Modify'] || !!caps.nodes['Sys.Modify'], handler: run_editor, }); me.addBtn = Ext.create('Ext.Button', { text: gettext('Add'), + disabled: !caps.vms['VM.Config.Network'] && !caps.dc['Sys.Modify'] && !caps.nodes['Sys.Modify'], handler: function() { var win = Ext.create('PVE.FirewallAliasEdit', { base_url: me.base_url, @@ -148,7 +152,9 @@ Ext.define('PVE.FirewallAliases', { }); me.removeBtn = Ext.create('Proxmox.button.StdRemoveButton', { + disabled: true, selModel: sm, + enableFn: rec => !!caps.vms['VM.Config.Network'] || !!caps.dc['Sys.Modify'] || !!caps.nodes['Sys.Modify'], baseurl: me.base_url + '/', callback: reload, }); diff --git a/www/manager6/grid/FirewallOptions.js b/www/manager6/grid/FirewallOptions.js index 4123bd9f..98b1d258 100644 --- a/www/manager6/grid/FirewallOptions.js +++ b/www/manager6/grid/FirewallOptions.js @@ -21,6 +21,8 @@ Ext.define('PVE.FirewallOptions', { throw "unknown firewall option type"; } + let caps = Ext.state.Manager.get('GuiCap'); + me.rows = {}; var add_boolean_row = function(name, text, defaultValue) { @@ -161,7 +163,9 @@ Ext.define('PVE.FirewallOptions', { return; } var rowdef = me.rows[rec.data.key]; - edit_btn.setDisabled(!rowdef.editor); + if (caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify']) { + edit_btn.setDisabled(!rowdef.editor); + } }; Ext.apply(me, { diff --git a/www/manager6/grid/FirewallRules.js b/www/manager6/grid/FirewallRules.js index 5777c7f4..6b3abb1b 100644 --- a/www/manager6/grid/FirewallRules.js +++ b/www/manager6/grid/FirewallRules.js @@ -569,11 +569,14 @@ Ext.define('PVE.FirewallRules', { } me.store.removeAll(); } else { - me.addBtn.setDisabled(false); - me.removeBtn.baseurl = url + '/'; - if (me.groupBtn) { - me.groupBtn.setDisabled(false); + if (me.caps.vms['VM.Config.Network'] || me.caps.dc['Sys.Modify'] || me.caps.nodes['Sys.Modify']) { + me.addBtn.setDisabled(false); + if (me.groupBtn) { + me.groupBtn.setDisabled(false); + } } + me.removeBtn.baseurl = url + '/'; + me.store.setProxy({ type: 'proxmox', url: '/api2/json' + url, @@ -649,6 +652,8 @@ Ext.define('PVE.FirewallRules', { var sm = Ext.create('Ext.selection.RowModel', {}); + me.caps = Ext.state.Manager.get('GuiCap'); + var run_editor = function() { var rec = sm.getSelection()[0]; if (!rec) { @@ -680,6 +685,7 @@ Ext.define('PVE.FirewallRules', { me.editBtn = Ext.create('Proxmox.button.Button', { text: gettext('Edit'), disabled: true, + enableFn: rec => !!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify'], selModel: sm, handler: run_editor, }); @@ -721,7 +727,7 @@ Ext.define('PVE.FirewallRules', { me.copyBtn = Ext.create('Proxmox.button.Button', { text: gettext('Copy'), selModel: sm, - enableFn: ({ data }) => data.type === 'in' || data.type === 'out', + enableFn: ({ data }) => (data.type === 'in' || data.type === 'out') && (!!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify']), disabled: true, handler: run_copy_editor, }); @@ -743,6 +749,7 @@ Ext.define('PVE.FirewallRules', { } me.removeBtn = Ext.create('Proxmox.button.StdRemoveButton', { + enableFn: rec => !!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify'], selModel: sm, baseurl: me.base_url + '/', confirmMsg: false, diff --git a/www/manager6/panel/IPSet.js b/www/manager6/panel/IPSet.js index a4606769..784d0ea7 100644 --- a/www/manager6/panel/IPSet.js +++ b/www/manager6/panel/IPSet.js @@ -42,6 +42,8 @@ Ext.define('PVE.IPSetList', { }, }); + var caps = Ext.state.Manager.get('GuiCap'); + var sm = Ext.create('Ext.selection.RowModel', {}); var reload = function() { @@ -94,6 +96,7 @@ Ext.define('PVE.IPSetList', { me.editBtn = new Proxmox.button.Button({ text: gettext('Edit'), disabled: true, + enableFn: rec => !!caps.vms['VM.Config.Network'] || !!caps.dc['Sys.Modify'] || !!caps.nodes['Sys.Modify'], selModel: sm, handler: run_editor, }); @@ -128,6 +131,7 @@ Ext.define('PVE.IPSetList', { }); me.removeBtn = Ext.create('Proxmox.button.StdRemoveButton', { + enableFn: rec => !!caps.vms['VM.Config.Network'] || !!caps.dc['Sys.Modify'] || !!caps.nodes['Sys.Modify'], selModel: sm, baseurl: me.base_url + '/', callback: reload, @@ -154,6 +158,10 @@ Ext.define('PVE.IPSetList', { }, }); + if (!caps.vms['VM.Config.Network'] && !caps.dc['Sys.Modify'] && !caps.nodes['Sys.Modify']) { + me.addBtn.setDisabled(true); + } + me.callParent(); store.load(); @@ -268,7 +276,9 @@ Ext.define('PVE.IPSetGrid', { me.addBtn.setDisabled(true); me.store.removeAll(); } else { - me.addBtn.setDisabled(false); + if (me.caps.vms['VM.Config.Network'] || me.caps.dc['Sys.Modify'] || me.caps.nodes['Sys.Modify']) { + me.addBtn.setDisabled(false); + } me.removeBtn.baseurl = url + '/'; me.store.setProxy({ type: 'proxmox', @@ -296,6 +306,8 @@ Ext.define('PVE.IPSetGrid', { var sm = Ext.create('Ext.selection.RowModel', {}); + me.caps = Ext.state.Manager.get('GuiCap'); + var run_editor = function() { var rec = sm.getSelection()[0]; if (!rec) { @@ -312,6 +324,7 @@ Ext.define('PVE.IPSetGrid', { me.editBtn = new Proxmox.button.Button({ text: gettext('Edit'), disabled: true, + enableFn: rec => !!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify'], selModel: sm, handler: run_editor, }); @@ -319,6 +332,7 @@ Ext.define('PVE.IPSetGrid', { me.addBtn = new Proxmox.button.Button({ text: gettext('Add'), disabled: true, + enableFn: rec => !!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify'], handler: function() { if (!me.base_url) { return; @@ -333,6 +347,8 @@ Ext.define('PVE.IPSetGrid', { }); me.removeBtn = Ext.create('Proxmox.button.StdRemoveButton', { + disabled: true, + enableFn: rec => !!me.caps.vms['VM.Config.Network'] || !!me.caps.dc['Sys.Modify'] || !!me.caps.nodes['Sys.Modify'], selModel: sm, baseurl: me.base_url + '/', callback: reload, -- 2.39.2