all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Datacenter Manager development discussion
	<pdm-devel@lists.proxmox.com>
Subject: [pdm-devel] partially-applied: [PATCH datacenter-manager/proxmox/yew-comp v4 00/10] add support for checking acl permissions in (yew) front-ends
Date: Wed, 19 Nov 2025 11:52:50 +0100	[thread overview]
Message-ID: <1763549500.46lacr2wg9.astroid@yuna.none> (raw)
In-Reply-To: <20251114144318.317322-1-s.sterz@proxmox.com>

On November 14, 2025 3:43 pm, Shannon Sterz wrote:
> this patch series adds support for querying acl entries from the
> front-end. it also makes it possible to reactively render ui components
> depending on the user's privileges and refreshes this information every
> time a new ticket is set.
> 
> the series is structured as such:
> 
> 1. proxmox, «access-control: add acl feature to only expose types and
>    the AclTree»: creates a new feature that exposes only it and some
>    types to dependent crates.
> 2. proxmox, «access-control: use format strings where possible»: a
>    small clean up commit that moves variables into format strings
>    where possible.
> 3. proxmox, «access-control: move functions querying privileges to the
>    AclTree»: functions that basically just query the AclTree are moved
>    to the AclTree itself to make it easier to re-use them.
> 4. proxmox: «access-control: derive Debug and PartialEq on AclTree and
>    AclTreeNode»: derives Debug and PartialEq on the AclTree and
>    AclTreeNode to make it easier to handle these types in the ui.
> 5. proxmox: «access-control: allow reading all acls of the current
>    authid»: allows to querying all of a user's acl entries via the
>    API_METHOD_READ_ACL endpoint.

applied these 5 with a small follow-up.

the description of the new parameter, and allowing it/making it work for
tokens, as discussed off-list would be nice further follow-ups.

> 6. yew-comp: «acl_context: add AclContext and AclContextProvider»: adds
>    an AclContext and AclContextProvider to proxmox-yew-comp. these
>    allow applications to provide acl information that components can
>    hook into and get reactively re-rendered.
> 7. yew-comp: «http_helpers: reload LocalAclTree when logging in or
>    refreshing a ticket»: so that the ui can be rendered according to
>    the current acls for the user.
> 8. datacenter-manager: «move AccessControlConfig to pdm-api-types»: so
>    we can re-use it in the front-end. then an
> 9. datacenter-manager: «ui: add an AclContext via the AclContextProvider
>    to the main app ui»: allows components to hook into the AclContext
>    and be re-rendered when it changes.
> 10. datacenter-manager: «ui: main menu: use the AclContext to hide the
>     Notes if appropriate»: shows how the new AclContext can be used to
>     only render relevant ui components.
> 
> 
> Follow-up
> ---------
> 
> if this series is applied, more ui components will need to be hooked
> into the context to more widely use this functionality accross the
> application.
> 
> Changelog
> ---------
> 
> note that there was already a v2 [1] of this series, but this was a mistake
> and should be considered a v1. sorry for the confusion.
> 
> changes since v3:
> 
> - fix up a typo, thanks @ Lukas Wagner
> - extract Roles via `AclTreeNode::extract_roles` to prepare for
>   potential group features, thanks @ Fabian Grünbichler
> 
> note: after some offline discussion i left the AccessControlConfig in
> pdm-api-types. we can easily move everything there out into a separate
> crate still and it's not really a public api. so changing should be
> easy enough.
> 
> changes since v2:
> 
> - combine impl only functions into private modules and impl blocks to
>   more cleanly separate them out (thanks @ Wolfgang Bumiller)
> - add a small clean up commit for in-lining format string variables
> 
> changes since v1:
> 
> - move removing a use line to the right commit (thanks @ Dominik Csapak)
> - instead of adapting the NodesView, simply avoid setting an on_submit
>   callback if the user doesn't have the permissions (thanks @ Dominik
>   Csapak)
> 
> proxmox:
> 
> Shannon Sterz (5):
>   access-control: add acl feature to only expose types and the AclTree
>   access-control: use format strings where possible
>   access-control: move functions querying privileges to the AclTree
>   access-control: derive Debug and PartialEq on AclTree and AclTreeNode
>   access-control: allow reading all acls of the current authid
> 
>  proxmox-access-control/Cargo.toml             |   5 +-
>  proxmox-access-control/src/acl.rs             | 509 +++++++++++-------
>  proxmox-access-control/src/api/acl.rs         | 101 ++--
>  .../src/cached_user_info.rs                   |  91 +---
>  proxmox-access-control/src/init.rs            |  91 ++--
>  proxmox-access-control/src/lib.rs             |   4 +-
>  proxmox-access-control/src/token_shadow.rs    |   2 +-
>  proxmox-access-control/src/user.rs            |   3 +-
>  8 files changed, 455 insertions(+), 351 deletions(-)
> 
> 
> proxmox-yew-comp:
> 
> Shannon Sterz (2):
>   acl_context: add AclContext and AclContextProvider
>   http_helpers: reload LocalAclTree when logging in or refreshing a
>     ticket
> 
>  Cargo.toml          |   2 +-
>  src/acl_context.rs  | 204 ++++++++++++++++++++++++++++++++++++++++++++
>  src/http_helpers.rs |   5 ++
>  src/lib.rs          |   3 +
>  4 files changed, 213 insertions(+), 1 deletion(-)
>  create mode 100644 src/acl_context.rs
> 
> 
> proxmox-datacenter-manager:
> 
> Shannon Sterz (3):
>   pdm-acl: create pdm-acl crate
>   ui: add an AclContext via the AclContextProvider to the main app ui
>   ui: main menu: use the AclContext to hide the Notes if appropriate
> 
>  lib/pdm-api-types/Cargo.toml |   1 +
>  lib/pdm-api-types/src/acl.rs | 164 +++++++++++++++++++++++++++++++++-
>  server/src/acl.rs            | 168 +----------------------------------
>  ui/Cargo.toml                |   1 +
>  ui/src/main.rs               |  14 ++-
>  ui/src/main_menu.rs          |  68 +++++++++-----
>  6 files changed, 226 insertions(+), 190 deletions(-)
> 
> 
> Summary over all repositories:
>   18 files changed, 894 insertions(+), 542 deletions(-)
> 
> --
> Generated by git-murpp 0.8.1
> 
> 
> _______________________________________________
> pdm-devel mailing list
> pdm-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
> 


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel

  parent reply	other threads:[~2025-11-19 10:52 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-14 14:43 [pdm-devel] " Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 1/5] access-control: add acl feature to only expose types and the AclTree Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 2/5] access-control: use format strings where possible Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 3/5] access-control: move functions querying privileges to the AclTree Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 4/5] access-control: derive Debug and PartialEq on AclTree and AclTreeNode Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 5/5] access-control: allow reading all acls of the current authid Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH yew-comp v4 1/2] acl_context: add AclContext and AclContextProvider Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH yew-comp v4 2/2] http_helpers: reload LocalAclTree when logging in or refreshing a ticket Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 1/3] move AccessControlConfig to pdm-api-types Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 2/3] ui: add an AclContext via the AclContextProvider to the main app ui Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 3/3] ui: main menu: use the AclContext to hide the Notes if appropriate Shannon Sterz
2025-11-19 10:52 ` Fabian Grünbichler [this message]
2025-11-19 11:16   ` [pdm-devel] partially-applied: [PATCH datacenter-manager/proxmox/yew-comp v4 00/10] add support for checking acl permissions in (yew) front-ends Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1763549500.46lacr2wg9.astroid@yuna.none \
    --to=f.gruenbichler@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal