On April 4, 2025 7:20 pm, Thomas Lamprecht wrote:
> Am 04.04.25 um 18:28 schrieb Gabriel Goller:
>> From: Stefan Hanreich <s.hanre...@proxmox.com>
>
> Missing a commit message, ACL is something that might profit from
> providing the thoughts behind this, even if it's probably quite
> clear for you.
>
>>
>> Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com>
>> Signed-off-by: Gabriel Goller <g.gol...@proxmox.com>
>> ---
>> src/PVE/AccessControl.pm | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
>> index 47f2d38b09c7..7b2dae35448d 100644
>> --- a/src/PVE/AccessControl.pm
>> +++ b/src/PVE/AccessControl.pm
>> @@ -1273,6 +1273,8 @@ sub check_path {
>> |/sdn/controllers/[[:alnum:]\_\-]+
>> |/sdn/dns
>> |/sdn/dns/[[:alnum:]]+
>> + |/sdn/fabrics
>> + |/sdn/fabrics/(openfabric|ospf)/[[:alnum:]]+
>
> So, without looking at the implementation, fabrics have the IDs unique
> per sub-type? Could maybe also share an ID space, less confusion
> potential, but naturally also less flexibility – what do you think?
they share a section config (and thus ID-space), so I guess we could
skip the sub-type component here if we intend to keep it like that
(forever ;)).
unless there is a (current or future) use case for handing out blanket
permissions for one specific fabric type, but not the other(s)?
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
