move helper to check bridge access out of api

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 4acda15b3e3663ce81240146955ffa9dafa6dd97..e7acf1fa7dc092275d221d88d70cbdd5960177d7 100644 (file)
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -23,7 +23,7 @@ use PVE::Storage;
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::RESTHandler;
 use PVE::ReplicationConfig;
-use PVE::GuestHelpers qw(assert_tag_permissions check_vnet_access);
+use PVE::GuestHelpers qw(assert_tag_permissions);
 use PVE::QemuConfig;
 use PVE::QemuServer;
 use PVE::QemuServer::Cloudinit;
@@ -601,22 +601,6 @@ my $check_vm_create_usb_perm = sub {
     return 1;
 };
 
-my $check_bridge_access = sub {
-    my ($rpcenv, $authuser, $param) = @_;
-
-    return 1 if $authuser eq 'root@pam';
-
-    foreach my $opt (keys %{$param}) {
-       next if $opt !~ m/^net\d+$/;
-       my $net = PVE::QemuServer::parse_net($param->{$opt});
-       my $bridge = $net->{bridge};
-       my $tag = $net->{tag};
-       my $trunks = $net->{trunks};
-       check_vnet_access($rpcenv, $authuser, $bridge, $tag, $trunks);
-    }
-    return 1;
-};
-
 my $check_vm_modify_config_perm = sub {
     my ($rpcenv, $authuser, $vmid, $pool, $key_list) = @_;
 
@@ -884,7 +868,7 @@ __PACKAGE__->register_method({
 
                my $vzdump_conf = PVE::Storage::extract_vzdump_config($storecfg, $archive);
                my $backup_conf = PVE::QemuServer::parse_vm_config("restore/qemu-server/$vmid.conf", $vzdump_conf, 1);
-               &$check_bridge_access($rpcenv, $authuser, $backup_conf);
+               PVE::QemuServer::check_bridge_access($rpcenv, $authuser, $backup_conf);
 
                $archive = $parse_restore_archive->($storecfg, $archive);
            }
@@ -899,7 +883,7 @@ __PACKAGE__->register_method({
 
            &$check_vm_create_serial_perm($rpcenv, $authuser, $vmid, $pool, $param);
            &$check_vm_create_usb_perm($rpcenv, $authuser, $vmid, $pool, $param);
-           &$check_bridge_access($rpcenv, $authuser, $param);
+           PVE::QemuServer::check_bridge_access->($rpcenv, $authuser, $param);
            &$check_cpu_model_access($rpcenv, $authuser, $param);
 
            $check_drive_param->($param, $storecfg);
@@ -1619,7 +1603,7 @@ my $update_vm_api  = sub {
 
     &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
 
-    &$check_bridge_access($rpcenv, $authuser, $param);
+    PVE::QemuServer::check_bridge_access($rpcenv, $authuser, $param);
 
     my $updatefn =  sub {
 
@@ -3532,7 +3516,7 @@ __PACKAGE__->register_method({
 
            my $sharedvm = &$check_storage_access_clone($rpcenv, $authuser, $storecfg, $oldconf, $storage);
 
-           &$check_bridge_access($rpcenv, $authuser, $oldconf);
+           PVE::QemuServer::check_bridge_access($rpcenv, $authuser, $oldconf);
 
            die "can't clone VM to node '$target' (VM uses local storage)\n"
                if $target && !$sharedvm;

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index cd371e116bb9f3a00804458fb5bc03599de95174..df0e3bb34bffa364e4d8f3f88026361d3d250d03 100644 (file)
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -6513,6 +6513,20 @@ sub vm_sendkey {
     });
 }
 
+sub check_bridge_access {
+    my ($rpcenv, $authuser, $conf) = @_;
+
+    return 1 if $authuser eq 'root@pam';
+
+    for my $opt (sort keys $conf->%*) {
+       next if $opt !~ m/^net\d+$/;
+       my $net = parse_net($conf->{$opt});
+       my ($bridge, $tag, $trunks) = $net->@{'bridge', 'tag', 'trunks'};
+       PVE::GuestHelpers::check_vnet_access($rpcenv, $authuser, $bridge, $tag, $trunks);
+    }
+    return 1;
+};
+
 # vzdump restore implementaion
 
 sub tar_archive_read_firstfile {