From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Shannon Sterz" <s.sterz@proxmox.com>
Cc: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] Superseded: Re: [PATCH datacenter-manager/proxmox/yew-comp v2 00/10] add support for checking acl permissions in (yew) front-ends
Date: Thu, 06 Nov 2025 15:40:02 +0100 [thread overview]
Message-ID: <DE1OU4SYRLEV.275AZPUUA6KVH@proxmox.com> (raw)
In-Reply-To: <20251024145126.384611-1-s.sterz@proxmox.com>
Superseded-by: https://lore.proxmox.com/all/20251106143836.288888-2-s.sterz@proxmox.com/
On Fri Oct 24, 2025 at 4:51 PM CEST, Shannon Sterz wrote:
> this patch series adds support for querying acl entries from the
> front-end. it also makes it possible to reactively render ui components
> depending on the user's privileges and refreshes this information every
> time a new ticket is set.
>
> the first four patches make it possible to use the AclTree by itself in
> the ui. first by creating a new feature that exposes only it and some
> types to dependent crates. then some functions that basically just query
> the AclTree are moved to the AclTree itself to make it easier to re-use
> them. the third patch derives Debug and PartialEq on the AclTree and
> AclTreeNode to make it easier to handle these types in the ui. finally
> the last commit allows to query all of a user's acl entries via the
> API_METHOD_READ_ACL endpoint.
>
> the next two patches first add an AclContext and AclContextProvider
> implementation to proxmox-yew-comp. these allow applications to provide
> acl information that components can hook into and get reactively
> re-rendered. it also triggers reloading the acl information every time a
> user logs in or a ticket gets refreshed.
>
> lastly, proxmox-datacenter-manager is adapted to use this new
> functionality. the seventh commit moves the AccessControlConfig to the
> shared api types crate, so we can re-use it in the front-end. then an
> AclContextProvider is added to the main ui component. this allows
> components to retrieve said AclContext and use it to conditionally
> render ui components. the second to last commit add just such
> functionality to the notes section of the pdm ui.
>
> the very last commit is more of a clean-up that i stumbled accross while
> implementing this series and could be applied separatelly.
>
> Follow-up
> ---------
>
> if this series is applied, more ui components will need to be hooked
> into the context to more widely use this functionality accross the
> application.
>
> Changelog
> ---------
>
> note that there was already a v2 [1] of this series, but this was a mistake
> and should be considered a v1. sorry for the confusion.
>
> changes since v1:
>
> - move removing a use line to the right commit (thanks @ Dominik Csapak)
> - instead of adapting the NodesView, simply avoid setting an on_submit
> callback if the user doesn't have the permissions (thanks @ Dominik
> Csapak)
>
> [1]: https://lore.proxmox.com/all/20251022131126.358790-1-s.sterz@proxmox.com/
>
> proxmox:
>
> Shannon Sterz (4):
> access-control: add acl feature to only expose types and the AclTree
> access-control: move functions querying privileges to the AclTree
> access-control: derive Debug and PartialEq on AclTree and AclTreeNode
> access-control: allow reading all acls of the current authid
>
> proxmox-access-control/Cargo.toml | 5 +-
> proxmox-access-control/src/acl.rs | 132 +++++++++++++++++-
> proxmox-access-control/src/api/acl.rs | 37 ++++-
> .../src/cached_user_info.rs | 91 +-----------
> proxmox-access-control/src/init.rs | 13 +-
> proxmox-access-control/src/lib.rs | 4 +-
> 6 files changed, 183 insertions(+), 99 deletions(-)
>
>
> proxmox-yew-comp:
>
> Shannon Sterz (2):
> acl_context: add AclContext and AclContextProvider
> http_helpers: reload LocalAclTree when logging in or refreshing a
> ticket
>
> Cargo.toml | 2 +-
> src/acl_context.rs | 204 ++++++++++++++++++++++++++++++++++++++++++++
> src/http_helpers.rs | 5 ++
> src/lib.rs | 3 +
> 4 files changed, 213 insertions(+), 1 deletion(-)
> create mode 100644 src/acl_context.rs
>
>
> proxmox-datacenter-manager:
>
> Shannon Sterz (4):
> server/api-types: move AccessControlConfig to shared api types
> ui: add an AclContext via the AclContextProvider to the main app ui
> ui: main menu: use the AclContext to hide the Notes if appropriate
> ui: permission path selector: remove duplicate path entry
>
> lib/pdm-api-types/Cargo.toml | 1 +
> lib/pdm-api-types/src/acl.rs | 158 +++++++++++++++++
> server/src/acl.rs | 162 +-----------------
> ui/Cargo.toml | 1 +
> .../configuration/permission_path_selector.rs | 1 -
> ui/src/main.rs | 14 +-
> ui/src/main_menu.rs | 68 +++++---
> 7 files changed, 221 insertions(+), 184 deletions(-)
>
>
> Summary over all repositories:
> 17 files changed, 617 insertions(+), 284 deletions(-)
>
> --
> Generated by git-murpp 0.8.1
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
prev parent reply other threads:[~2025-11-06 14:39 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-24 14:51 [pdm-devel] " Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH proxmox v2 1/4] access-control: add acl feature to only expose types and the AclTree Shannon Sterz
2025-10-29 14:42 ` Wolfgang Bumiller
2025-10-24 14:51 ` [pdm-devel] [PATCH proxmox v2 2/4] access-control: move functions querying privileges to " Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH proxmox v2 3/4] access-control: derive Debug and PartialEq on AclTree and AclTreeNode Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH proxmox v2 4/4] access-control: allow reading all acls of the current authid Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH yew-comp v2 1/2] acl_context: add AclContext and AclContextProvider Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH yew-comp v2 2/2] http_helpers: reload LocalAclTree when logging in or refreshing a ticket Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH datacenter-manager v2 1/4] server/api-types: move AccessControlConfig to shared api types Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH datacenter-manager v2 2/4] ui: add an AclContext via the AclContextProvider to the main app ui Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH datacenter-manager v2 3/4] ui: main menu: use the AclContext to hide the Notes if appropriate Shannon Sterz
2025-10-24 14:51 ` [pdm-devel] [PATCH datacenter-manager v2 4/4] ui: permission path selector: remove duplicate path entry Shannon Sterz
2025-10-29 14:50 ` [pdm-devel] applied: " Wolfgang Bumiller
2025-11-06 14:40 ` Shannon Sterz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DE1OU4SYRLEV.275AZPUUA6KVH@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.