On 8/1/22 14:01, Fabian Grünbichler wrote:
On July 19, 2022 1:46 pm, Dominik Csapak wrote:
like check_vm_perm, etc.
Signed-off-by: Dominik Csapak <d.csa...@proxmox.com>
---
src/PVE/RPCEnvironment.pm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 7c37c6e..c1b712d 100644
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -356,6 +356,14 @@ sub check_vm_perm {
return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr);
};
+sub check_hw_perm {
+ my ($self, $user, $id, $privs, $any, $noerr) = @_;
+
+ my $cfg = $self->{user_cfg};
+
+ return $self->check_full($user, "/hardware/$id", $privs, $any, $noerr);
+}
is this really needed (here?)?
I mean, yes,
$rpcenv->check_hw_perm('foo@bar', "hardware_id", ['Hardware.Use'], 0, 0)
is a (tiny) bit shorter than
$rpcenv->check_full('foo@bar', "/hardware/hardware_id", ['Hardware.Use'], 0, 0)
but ;)
note that check_vm has a special job and is not just a wrapper for
checking $ID against /$PREFIX/$ID, it is specifically for checking guest
ACLs while honoring pool ACLs for the special case of "VM is currently
being created and not formally part of the pool yet"..
similary, check_perm_modify serves the purpose of containing all the
"modify $path" -> "actual privilege" mappings in a single place.
the rest of the check_foo subs are low-level building blocks/helpers.
you're right, the helper is not really necessary
+
sub is_group_member {
my ($self, $group, $user) = @_;
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
