From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [PATCH pmg-api v3 1/5] config: add root_only paramter option.
Date: Fri, 12 Jun 2026 19:40:58 +0200 [thread overview]
Message-ID: <20260612174145.1190233-2-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20260612174145.1190233-1-s.ivanov@proxmox.com>
this introduces a way to have some options in our pmg.conf
SectionConfig restricted to 'root@pam' only.
I skimmed the (quite improved) documentation in PVE::SectionConfig,
and did not see any blockers to extending adding other options instead
of 'optional' and 'fixed' there.
This is needed to have unified way to check if a particular option
should be restricted to 'root@pam' only.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/API2/Config.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/PMG/API2/Config.pm b/src/PMG/API2/Config.pm
index 9cce95dd..6edde9b4 100644
--- a/src/PMG/API2/Config.pm
+++ b/src/PMG/API2/Config.pm
@@ -10,6 +10,7 @@ use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
+use PVE::Exception qw(raise_perm_exc);
use Time::HiRes qw();
use PMG::Config;
@@ -194,14 +195,21 @@ my $api_update_config_section = sub {
die "no options specified\n"
if !$delete_str && !scalar(keys %$param);
+ my $plugin = PMG::Config::Base->lookup($section);
+ my $rpcenv = PMG::RESTEnvironment->get();
+ my $authuser = $rpcenv->get_user();
+
foreach my $opt (PVE::Tools::split_list($delete_str)) {
+ my $is_root_only = $plugin->options()->{$opt}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
delete $ids->{$section}->{$opt};
}
- my $plugin = PMG::Config::Base->lookup($section);
my $config = $plugin->check_config($section, $param, 0, 1);
foreach my $p (keys %$config) {
+ my $is_root_only = $plugin->options()->{$p}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
$ids->{$section}->{$p} = $config->{$p};
}
--
2.47.3
next prev parent reply other threads:[~2026-06-12 17:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 17:40 [PATCH pmg-api/pmg-docs/pmg-gui v3 0/5] tracking-center: make input-base configurable Stoiko Ivanov
2026-06-12 17:40 ` Stoiko Ivanov [this message]
2026-06-12 17:40 ` [PATCH pmg-api v3 2/5] config: add log-tracker-base key Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-api v3 3/5] fix #3657: api: tracking center: explicitly set input base from config Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-gui v3 4/5] fix #3657: system options: add log-tracker-base textrow Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-docs v3 5/5] pmg-log-tracker: mention that input-base can be configured via GUI Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260612174145.1190233-2-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.