From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager v11 02/13] api: allow all users to (partially) read datacenter.cfg
Date: Wed, 16 Nov 2022 16:48:04 +0100 [thread overview]
Message-ID: <20221116154815.358385-11-d.csapak@proxmox.com> (raw)
In-Reply-To: <20221116154815.358385-1-d.csapak@proxmox.com>
it contains most ui relevant options, like the console preference and tag-style
so allow these for users without 'Sys.Audit' on '/'
(unchanged for all others)
we also add the list of allowed tags. while not strictly a datacenter
config, it's derived from the current users privileges and the
datacenter config.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
PVE/API2.pm | 3 ++-
PVE/API2/Cluster.pm | 24 ++++++++++++++++++++++--
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/PVE/API2.pm b/PVE/API2.pm
index a42561604..6703b941a 100644
--- a/PVE/API2.pm
+++ b/PVE/API2.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::pvecfg;
use PVE::DataCenterConfig;
+use PVE::GuestHelpers;
use PVE::RESTHandler;
use PVE::JSONSchema;
@@ -118,6 +119,7 @@ __PACKAGE__->register_method ({
my $res = {};
+ # TODO remove with next major release
my $datacenter_confg = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
for my $k (qw(console)) {
$res->{$k} = $datacenter_confg->{$k} if exists $datacenter_confg->{$k};
@@ -129,5 +131,4 @@ __PACKAGE__->register_method ({
return $res;
}});
-
1;
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 3ca85caa4..a06dc83a2 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -10,6 +10,7 @@ use PVE::Cluster qw(cfs_register_file cfs_lock_file cfs_read_file cfs_write_file
use PVE::DataCenterConfig;
use PVE::Exception qw(raise_param_exc);
use PVE::Firewall;
+use PVE::GuestHelpers;
use PVE::HA::Config;
use PVE::HA::Env::PVE2;
use PVE::INotify;
@@ -542,8 +543,9 @@ __PACKAGE__->register_method({
name => 'get_options',
path => 'options',
method => 'GET',
- description => "Get datacenter options.",
+ description => "Get datacenter options. Without 'Sys.Audit' on '/' not all options are returned.",
permissions => {
+ user => 'all',
check => ['perm', '/', [ 'Sys.Audit' ]],
},
parameters => {
@@ -557,7 +559,25 @@ __PACKAGE__->register_method({
code => sub {
my ($param) = @_;
- return PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $res = {};
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $datacenter_config = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
+
+ if ($rpcenv->check($authuser, '/', ['Sys.Audit'], 1)) {
+ $res = $datacenter_config;
+ } else {
+ for my $k (qw(console tag-style)) {
+ $res->{$k} = $datacenter_config->{$k} if exists $datacenter_config->{$k};
+ }
+ }
+
+ my $tags = PVE::GuestHelpers::get_allowed_tags($rpcenv, $authuser);
+ $res->{'allowed-tags'} = [sort keys $tags->%*];
+
+ return $res;
}});
__PACKAGE__->register_method({
--
2.30.2
next prev parent reply other threads:[~2022-11-16 15:48 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 15:47 [pve-devel] [PATCH cluster/guest-common/qemu-server/ct/manager v11] add tags to ui Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 1/5] add CFS_IPC_GET_GUEST_CONFIG_PROPERTIES method Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 2/5] Cluster: add get_guest_config_properties Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 3/5] datacenter.cfg: add option for tag-style Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 4/5] datacenter.cfg: add tag rights control to the datacenter config Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 5/5] datacenter.cfg: add 'ordering' to 'tag-style' config Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH guest-common v11 1/1] GuestHelpers: add tag related helpers Dominik Csapak
2022-11-17 12:12 ` [pve-devel] applied: " Thomas Lamprecht
2022-11-16 15:48 ` [pve-devel] [PATCH qemu-server v11 1/1] api: update: check for tags permissions with 'assert_tag_permissions' Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH container v11 1/1] check_ct_modify_config_perm: " Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 01/13] api: /cluster/resources: add tags to returned properties Dominik Csapak
2022-11-16 15:48 ` Dominik Csapak [this message]
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 03/13] ui: save ui options from /cluster/options instead of version Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 04/13] ui: parse and save tag infos from /cluster/options Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 05/13] ui: add form/TagColorGrid Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 06/13] ui: add PVE.form.ListField Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 07/13] ui: dc/OptionView: add editors for tag settings Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 08/13] ui: add form/Tag Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 09/13] ui: add form/TagEdit.js Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 10/13] ui: {lxc, qemu}/Config: show Tags and make them editable Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 11/13] ui: tree/ResourceTree: show Tags in tree Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 12/13] ui: add tags to ResourceGrid and GlobalSearchField Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 13/13] ui: implement tag ordering from datacenter.cfg Dominik Csapak
2022-11-17 10:18 ` [pve-devel] partially-applied: [PATCH cluster/guest-common/qemu-server/ct/manager v11] add tags to ui Thomas Lamprecht
2022-11-17 17:22 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221116154815.358385-11-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.