From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [PATCH pmg-api v2 1/5] config: add root_only paramter option.
Date: Tue, 9 Jun 2026 22:04:43 +0200 [thread overview]
Message-ID: <20260609200637.904334-2-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20260609200637.904334-1-s.ivanov@proxmox.com>
this introduces a way to have some options in our pmg.conf
SectionConfig restricted to 'root@pam' only.
I skimmed the (quite improved) documentation in PVE::SectionConfig,
and did not see any blockers to extending adding other options instead
of 'optional' and 'fixed' there.
This is needed to have unified way to check if a particular option
shoudld be restricted to 'root@pam' only.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/API2/Config.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/PMG/API2/Config.pm b/src/PMG/API2/Config.pm
index 9cce95dd..6edde9b4 100644
--- a/src/PMG/API2/Config.pm
+++ b/src/PMG/API2/Config.pm
@@ -10,6 +10,7 @@ use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
+use PVE::Exception qw(raise_perm_exc);
use Time::HiRes qw();
use PMG::Config;
@@ -194,14 +195,21 @@ my $api_update_config_section = sub {
die "no options specified\n"
if !$delete_str && !scalar(keys %$param);
+ my $plugin = PMG::Config::Base->lookup($section);
+ my $rpcenv = PMG::RESTEnvironment->get();
+ my $authuser = $rpcenv->get_user();
+
foreach my $opt (PVE::Tools::split_list($delete_str)) {
+ my $is_root_only = $plugin->options()->{$opt}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
delete $ids->{$section}->{$opt};
}
- my $plugin = PMG::Config::Base->lookup($section);
my $config = $plugin->check_config($section, $param, 0, 1);
foreach my $p (keys %$config) {
+ my $is_root_only = $plugin->options()->{$p}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
$ids->{$section}->{$p} = $config->{$p};
}
--
2.47.3
next prev parent reply other threads:[~2026-06-09 20:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 20:04 [PATCH pmg-api/pmg-docs/pmg-gui v2 0/5] tracking-center: make input-base configurable Stoiko Ivanov
2026-06-09 20:04 ` Stoiko Ivanov [this message]
2026-06-10 16:26 ` [PATCH pmg-api v2 1/5] config: add root_only paramter option Max R. Carrara
2026-06-09 20:04 ` [PATCH pmg-api v2 2/5] config: add log-tracker-base key Stoiko Ivanov
2026-06-10 16:26 ` Max R. Carrara
2026-06-09 20:04 ` [PATCH pmg-api v2 3/5] fix #3657: api: tracking center: explicitly set input base from config Stoiko Ivanov
2026-06-09 20:04 ` [PATCH pmg-gui v2 4/5] fix #3657: system options: add log-tracker-base textrow Stoiko Ivanov
2026-06-10 16:26 ` Max R. Carrara
2026-06-09 20:04 ` [PATCH pmg-docs v2 5/5] pmg-log-tracker: mention that input-base can be configured via GUI Stoiko Ivanov
2026-06-10 16:26 ` Max R. Carrara
2026-06-10 16:26 ` [PATCH pmg-api/pmg-docs/pmg-gui v2 0/5] tracking-center: make input-base configurable Max R. Carrara
2026-06-12 17:43 ` superseded: " Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260609200637.904334-2-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.