From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager 12/12] ui: improve permission handling for hardware
Date: Tue, 19 Jul 2022 13:46:39 +0200 [thread overview]
Message-ID: <20220719114639.3035048-24-d.csapak@proxmox.com> (raw)
In-Reply-To: <20220719114639.3035048-1-d.csapak@proxmox.com>
qemu/HardwareView:
with the new Hardware privileges, we want to adapt a few places where
we now allow to show the add/edit window with those permissions.
form/{PCI,USB}Selector:
increase the minHeight property of the PCI/USBSelector, so that
the user can see the error message if he has not enough permissions.
data/PermPathStore:
add '/hardware' to the list of acl paths
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
www/manager6/data/PermPathStore.js | 1 +
www/manager6/form/PCISelector.js | 1 +
www/manager6/form/USBSelector.js | 1 +
www/manager6/qemu/HardwareView.js | 17 +++++++++--------
4 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/www/manager6/data/PermPathStore.js b/www/manager6/data/PermPathStore.js
index cf702c03..526cadbc 100644
--- a/www/manager6/data/PermPathStore.js
+++ b/www/manager6/data/PermPathStore.js
@@ -8,6 +8,7 @@ Ext.define('PVE.data.PermPathStore', {
{ 'value': '/access' },
{ 'value': '/access/groups' },
{ 'value': '/access/realm' },
+ { 'value': '/hardware' },
{ 'value': '/nodes' },
{ 'value': '/pool' },
{ 'value': '/sdn/zones' },
diff --git a/www/manager6/form/PCISelector.js b/www/manager6/form/PCISelector.js
index 39e111f0..a6e697a4 100644
--- a/www/manager6/form/PCISelector.js
+++ b/www/manager6/form/PCISelector.js
@@ -37,6 +37,7 @@ Ext.define('PVE.form.PCISelector', {
onLoadCallBack: undefined,
listConfig: {
+ minHeight: 80,
width: 800,
columns: [
{
diff --git a/www/manager6/form/USBSelector.js b/www/manager6/form/USBSelector.js
index 3a2f293e..0b5f208f 100644
--- a/www/manager6/form/USBSelector.js
+++ b/www/manager6/form/USBSelector.js
@@ -71,6 +71,7 @@ Ext.define('PVE.form.USBSelector', {
store: store,
emptyText: emptyText,
listConfig: {
+ minHeight: 80,
width: 520,
columns: [
{
diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js
index 6e9d03b4..283c0aad 100644
--- a/www/manager6/qemu/HardwareView.js
+++ b/www/manager6/qemu/HardwareView.js
@@ -253,8 +253,8 @@ Ext.define('PVE.qemu.HardwareView', {
group: 25,
order: i,
iconCls: 'usb',
- editor: caps.nodes['Sys.Console'] ? 'PVE.qemu.USBEdit' : undefined,
- never_delete: !caps.nodes['Sys.Console'],
+ editor: caps.nodes['Sys.Console'] || caps.hardware['Hardware.Use'] ? 'PVE.qemu.USBEdit' : undefined,
+ never_delete: !caps.nodes['Sys.Console'] && !caps.hardware['Hardware.Use'],
header: gettext('USB Device') + ' (' + confid + ')',
};
}
@@ -264,8 +264,8 @@ Ext.define('PVE.qemu.HardwareView', {
group: 30,
order: i,
tdCls: 'pve-itype-icon-pci',
- never_delete: !caps.nodes['Sys.Console'],
- editor: caps.nodes['Sys.Console'] ? 'PVE.qemu.PCIEdit' : undefined,
+ never_delete: !caps.nodes['Sys.Console'] && !caps.hardware['Hardware.Use'],
+ editor: caps.nodes['Sys.Console'] || caps.hardware['Hardware.Use'] ? 'PVE.qemu.PCIEdit' : undefined,
header: gettext('PCI Device') + ' (' + confid + ')',
};
}
@@ -566,12 +566,13 @@ Ext.define('PVE.qemu.HardwareView', {
// heuristic only for disabling some stuff, the backend has the final word.
const noSysConsolePerm = !caps.nodes['Sys.Console'];
+ const noHWPerm = !caps.nodes['Sys.Console'] && !caps.hardware['Hardware.Use'];
const noVMConfigHWTypePerm = !caps.vms['VM.Config.HWType'];
const noVMConfigNetPerm = !caps.vms['VM.Config.Network'];
const noVMConfigDiskPerm = !caps.vms['VM.Config.Disk'];
- me.down('#addUsb').setDisabled(noSysConsolePerm || isAtLimit('usb'));
- me.down('#addPci').setDisabled(noSysConsolePerm || isAtLimit('hostpci'));
+ me.down('#addUsb').setDisabled(noHWPerm || isAtLimit('usb'));
+ me.down('#addPci').setDisabled(noHWPerm || isAtLimit('hostpci'));
me.down('#addAudio').setDisabled(noVMConfigHWTypePerm || isAtLimit('audio'));
me.down('#addSerial').setDisabled(noVMConfigHWTypePerm || isAtLimit('serial'));
me.down('#addNet').setDisabled(noVMConfigNetPerm || isAtLimit('net'));
@@ -680,14 +681,14 @@ Ext.define('PVE.qemu.HardwareView', {
text: gettext('USB Device'),
itemId: 'addUsb',
iconCls: 'fa fa-fw fa-usb black',
- disabled: !caps.nodes['Sys.Console'],
+ disabled: !caps.nodes['Sys.Console'] && !caps.hardware['Hardware.Use'],
handler: editorFactory('USBEdit'),
},
{
text: gettext('PCI Device'),
itemId: 'addPci',
iconCls: 'pve-itype-icon-pci',
- disabled: !caps.nodes['Sys.Console'],
+ disabled: !caps.nodes['Sys.Console'] && !caps.hardware['Hardware.Use'],
handler: editorFactory('PCIEdit'),
},
{
--
2.30.2
next prev parent reply other threads:[~2022-07-19 11:53 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-19 11:46 [pve-devel] [PATCH many] add cluster-wide hardware device mapping Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH cluster 1/1] add nodes/hardware-map.conf Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH access-control 1/2] PVE/AccessControl: add Hardware.* privileges and /hardware/ paths Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH access-control 2/2] PVE/RPCEnvironment: add helper for checking hw permissions Dominik Csapak
2022-08-01 12:01 ` Fabian Grünbichler
2022-08-09 6:55 ` Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH common 1/1] add PVE/HardwareMap Dominik Csapak
[not found] ` <<20220719114639.3035048-5-d.csapak@proxmox.com>
2022-08-01 12:58 ` Fabian Grünbichler
2022-08-09 7:29 ` Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 1/7] PVE/QemuServer: allow mapped usb devices in config Dominik Csapak
[not found] ` <<20220719114639.3035048-6-d.csapak@proxmox.com>
2022-08-01 12:59 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 2/7] PVE/QemuServer: allow mapped pci deviced " Dominik Csapak
[not found] ` <<20220719114639.3035048-7-d.csapak@proxmox.com>
2022-08-01 12:59 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 3/7] PVE/API2/Qemu: add permission checks for mapped usb devices Dominik Csapak
[not found] ` <<20220719114639.3035048-8-d.csapak@proxmox.com>
2022-08-01 13:01 ` Fabian Grünbichler
2022-08-09 7:32 ` Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 4/7] PVE/API2/Qemu: add permission checks for mapped pci devices Dominik Csapak
[not found] ` <<20220719114639.3035048-9-d.csapak@proxmox.com>
2022-08-01 13:01 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 5/7] PVE/QemuServer: extend 'check_local_resources' for mapped resources Dominik Csapak
[not found] ` <<<20220719114639.3035048-10-d.csapak@proxmox.com>
2022-08-01 13:02 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 6/7] PVE/API2/Qemu: migrate preconditions: use new check_local_resources info Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 7/7] PVE/QemuMigrate: check for mapped resources on migration Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 01/12] PVE/API2/Hardware: add Mapping.pm Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 02/12] PVE/API2/Cluster: add Hardware mapping list api call Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 03/12] ui: form/USBSelector: make it more flexible with nodename Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 04/12] ui: form: add PCIMapSelector Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 05/12] ui: form: add USBMapSelector Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 06/12] ui: qemu/PCIEdit: rework panel to add a mapped configuration Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 07/12] ui: qemu/USBEdit: add 'mapped' device case Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 08/12] ui: add window/PCIEdit: edit window for pci mappings Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 09/12] ui: add window/USBEdit: edit window for usb mappings Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 10/12] ui: add dc/HardwareView: a CRUD interface for hardware mapping Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 11/12] ui: window/Migrate: allow mapped devices Dominik Csapak
2022-07-19 11:46 ` Dominik Csapak [this message]
2022-07-19 13:26 ` [pve-devel] [PATCH many] add cluster-wide hardware device mapping Dominik Csapak
[not found] ` <mailman.329.1658406652.464.pve-devel@lists.proxmox.com>
2022-07-21 14:48 ` Dominik Csapak
2022-08-02 15:59 ` DERUMIER, Alexandre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220719114639.3035048-24-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.