public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion
	<pbs-devel@lists.proxmox.com>,
	Thomas Lamprecht <t.lamprecht@proxmox.com>
Subject: Re: [pbs-devel] [v2 proxmox-backup] www: show more ACLs in datastore panel
Date: Tue, 10 Nov 2020 09:08:11 +0100	[thread overview]
Message-ID: <1604995500.ql6kcu5bug.astroid@nora.none> (raw)
In-Reply-To: <eec4fdaf-b00c-5466-cffc-1b49a56d3c08@proxmox.com>

On November 9, 2020 7:56 pm, Thomas Lamprecht wrote:
> On 09.11.20 14:47, Fabian Grünbichler wrote:
>> since just the ACLs defined on the exact datastore path don't give
>> anywhere near a complete picture of who has access to it.
>> 
>> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
>> ---
>> 
>> Notes:
>>     v2: handle neighbouring ACL paths properly
>> 
>>  www/config/ACLView.js  | 20 +++++++++++++++++++-
>>  www/datastore/Panel.js |  1 -
>>  2 files changed, 19 insertions(+), 2 deletions(-)
>> 
>> diff --git a/www/config/ACLView.js b/www/config/ACLView.js
>> index bf1ea6a9..20caf284 100644
>> --- a/www/config/ACLView.js
>> +++ b/www/config/ACLView.js
>> @@ -84,11 +84,29 @@ Ext.define('PBS.config.ACLView', {
>>  
>>  	    let params = {};
>>  	    if (view.aclPath !== undefined) {
>> -		params.path = view.aclPath;
>> +
>> +		let pathFilter = Ext.create('Ext.util.Filter', {
>> +		    filterPath: view.aclPath,
>> +		    filterFn: function(item) {
>> +			let me = this;
>> +			let curr = item.data.path;
>> +
>> +			if (curr.lastIndexOf("/") < me.filterPath.lastIndexOf("/")) {
>> +			    return me.filterPath.startsWith(curr);
>> +			} else {
>> +			    return me.filterPath === curr;
>> +			}
> 
> 
> argh, this gets it wrong too, e.g. if one passes /datastore as filter get
> only the /datastore ACLs, but not / or /datastore/test ones.

the former was not intended (I had the early return for "/" in an 
intermediate version with splits, but lost it on simplification), the 
latter one was ("/datastore/test" ACLs don't affect permissions on 
"/datastore").

> We probably need to split both filter and current path into components
> .split('/') and go through them, return false if filter components are
> not yet exhausted and the current level does not match, else return true.

I see that you fixed that up already which looks good, and showing child 
ACLs as well makes sense for the datastore overview and is now 
documented, so that change in behaviour is fine for me too :) we will 
only ever set intermediate (as in "overview" panels) or leaf (as in the 
datacenter panel), and for the second case there cannot be any child 
ACLs atm anyway.




      reply	other threads:[~2020-11-10  8:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-09 13:47 Fabian Grünbichler
2020-11-09 14:20 ` [pbs-devel] applied: " Thomas Lamprecht
2020-11-09 18:56 ` [pbs-devel] " Thomas Lamprecht
2020-11-10  8:08   ` Fabian Grünbichler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1604995500.ql6kcu5bug.astroid@nora.none \
    --to=f.gruenbichler@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    --cc=t.lamprecht@proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal