[pve-devel] [PATCH pve-manager 1/1] api2 : network: anybridge: don't display bridges if user have access to vnets.

[Alexandre Derumier]

This remove vmbr* from bridgeselector if user have access to vnets.
(as currently, we don't have have permission management on vmbr$)

Signed-off-by: Alexandre Derumier <aderum...@odiso.com>
---
 PVE/API2/Network.pm | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index a26f36d2..02bd3bdb 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -226,6 +226,7 @@ __PACKAGE__->register_method({
        my ($param) = @_;
 
        my $rpcenv = PVE::RPCEnvironment::get();
+       my $authuser = $rpcenv->get_user();
 
        my $tmp = PVE::INotify::read_file('interfaces', 1);
        my $config = $tmp->{data};
@@ -238,20 +239,24 @@ __PACKAGE__->register_method({
        delete $ifaces->{lo}; # do not list the loopback device
 
        if ($param->{type}) {
+           my $vnets = {};
+           my $filtered_sdn = undef;
+           if ($have_sdn && $param->{type} eq 'any_bridge') {
+               $vnets = PVE::Network::SDN::get_local_vnets();
+               $filtered_sdn = 1 if $authuser ne 'root@pam' && keys %{$vnets} 
> 0;
+           }
+
            foreach my $k (keys %$ifaces) {
                my $type = $ifaces->{$k}->{type};
                my $match =  ($param->{type} eq $type) || (
                    ($param->{type} eq 'any_bridge') && 
                    ($type eq 'bridge' || $type eq 'OVSBridge'));
-               delete $ifaces->{$k} if !$match;
+               delete $ifaces->{$k} if !$match || $filtered_sdn;
            }
 
-           if ($have_sdn && $param->{type} eq 'any_bridge') {
-               my $vnets = PVE::Network::SDN::get_local_vnets();
-               map {
-                   $ifaces->{$_} = $vnets->{$_};
-               } keys %$vnets;
-           }
+           map {
+               $ifaces->{$_} = $vnets->{$_};
+           } keys %$vnets;
        }
 
        return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
-- 
2.30.2


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel