From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: PVE development discussion <pve-devel@pve.proxmox.com>,
Thomas Lamprecht <t.lamprecht@proxmox.com>,
Tim Marx <t.marx@proxmox.com>
Subject: Re: [pve-devel] [PATCH v3 access-control] add ui capabilities endpoint
Date: Thu, 10 Sep 2020 10:00:51 +0200 [thread overview]
Message-ID: <1599724494.q0shm5qvme.astroid@nora.none> (raw)
In-Reply-To: <3da92568-0886-a522-fbd5-d28afe0f8e71@proxmox.com>
On September 9, 2020 9:00 pm, Thomas Lamprecht wrote:
> On 06.07.20 14:45, Tim Marx wrote:
>> Signed-off-by: Tim Marx <t.marx@proxmox.com>
>> ---
>> * no changes
>
> Maybe we could merge this into the "/access/permissions" endpoint, maybe with a
> "heurisitic" parameter?
IIRC Dominik wanted to slowly replace the caps with permissions anyway,
the caps are just (still) there because that hasn't happened yet.
I am also not sure whether tokens are a good fit for the regular Web GUI
- the fact that tickets expire and you are not permanently logged in is
a feature there IMHO ;)
also, permissions has a return schema already, while it does 'match'
from a structural point of view (a two-level deep hash), it is something
altogether different semantically.
TL;DR: iff we really need this, then I'd put it in a separate API call.
>> PVE/API2/AccessControl.pm | 29 +++++++++++++++++++++++++++++
>> 1 file changed, 29 insertions(+)
>>
>> diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
>> index fd27786..66319cc 100644
>> --- a/PVE/API2/AccessControl.pm
>> +++ b/PVE/API2/AccessControl.pm
>> @@ -718,4 +718,33 @@ __PACKAGE__->register_method({
>> return $res;
>> }});
>>
>> +__PACKAGE__->register_method({
>> + name => 'uicapabilities',
>> + path => 'uicapabilities',
>> + method => 'GET',
>> + description => 'Retrieve user interface capabilities for calling user/token.',
>> + permissions => {
>> + description => "Each user/token is allowed to retrieve their own capabilities.",
>> + user => 'all',
>> + },
>> + parameters => {},
>> + returns => {
>> + type => 'object',
>> + properties => {
>> + cap => {
>> + type => 'object',
>> + description => 'The user interface capabilities of the calling user/token'
>> + }
>> + },
>> + },
>> + code => sub {
>> + my ($param) = @_;
>> +
>> + my $rpcenv = PVE::RPCEnvironment::get();
>> + my $userid = $rpcenv->get_user();
>> + my $res->{cap} = &$compute_api_permission($rpcenv, $userid);
>> +
>> + return $res;
>> + }});
>> +
>> 1;
>> --
>> 2.20.1
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel@pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>
>
>
next prev parent reply other threads:[~2020-09-10 8:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200706124544.2126341-1-t.marx@proxmox.com>
2020-09-09 19:00 ` Thomas Lamprecht
2020-09-10 8:00 ` Fabian Grünbichler [this message]
2020-09-10 8:19 ` Thomas Lamprecht
2020-09-10 8:23 ` Fabian Grünbichler
2020-09-10 8:28 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1599724494.q0shm5qvme.astroid@nora.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@pve.proxmox.com \
--cc=t.lamprecht@proxmox.com \
--cc=t.marx@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.