so that we can assign privileges on hardware level
this will generate a new role (PVEHardwareAdmin)
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
src/PVE/AccessControl.pm | 13 +++++++++++++
src/PVE/RPCEnvironment.pm | 1 +
2 files changed, 14 insertions(+)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 91b3aff..5fde663 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1085,6 +1085,17 @@ my $privgroups = {
'Pool.Audit',
],
},
+ Hardware => {
+ root => [
+ 'Hardware.Configure', # create/edit mappings
+ ],
+ admin => [
+ 'Hardware.Use',
+ ],
+ audit => [
+ 'Hardware.Audit',
+ ],
+ },
};
my $valid_privs = {};
@@ -1214,6 +1225,8 @@ sub check_path {
|/storage/[[:alnum:]\.\-\_]+
|/vms
|/vms/[1-9][0-9]{2,}
+ |/hardware
+ |/hardware/[[:alnum:]\.\-\_]+
)$!xs;
}
diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 0ee2346..7c37c6e 100644
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -187,6 +187,7 @@ sub compute_api_permission {
nodes => qr/Sys\.|Permissions\.Modify/,
sdn => qr/SDN\.|Permissions\.Modify/,
dc => qr/Sys\.Audit|SDN\./,
+ hardware => qr/Hardware\.|Permissiions\.Modify/,
};
map { $res->{$_} = {} } keys %$priv_re_map;
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
