From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id D66786772D
 for <pbs-devel@lists.proxmox.com>; Tue, 10 Nov 2020 09:08:19 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id D42AD1D02B
 for <pbs-devel@lists.proxmox.com>; Tue, 10 Nov 2020 09:08:19 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id EC01C1D021
 for <pbs-devel@lists.proxmox.com>; Tue, 10 Nov 2020 09:08:18 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7F39E46046
 for <pbs-devel@lists.proxmox.com>; Tue, 10 Nov 2020 09:08:18 +0100 (CET)
Date: Tue, 10 Nov 2020 09:08:11 +0100
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>, Thomas Lamprecht <t.lamprecht@proxmox.com>
References: <20201109134738.3054902-1-f.gruenbichler@proxmox.com>
 <eec4fdaf-b00c-5466-cffc-1b49a56d3c08@proxmox.com>
In-Reply-To: <eec4fdaf-b00c-5466-cffc-1b49a56d3c08@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid)
Message-Id: <1604995500.ql6kcu5bug.astroid@nora.none>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.024 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [v2 proxmox-backup] www: show more ACLs in
 datastore panel
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 08:08:19 -0000

On November 9, 2020 7:56 pm, Thomas Lamprecht wrote:
> On 09.11.20 14:47, Fabian Gr=C3=BCnbichler wrote:
>> since just the ACLs defined on the exact datastore path don't give
>> anywhere near a complete picture of who has access to it.
>>=20
>> Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
>> ---
>>=20
>> Notes:
>>     v2: handle neighbouring ACL paths properly
>>=20
>>  www/config/ACLView.js  | 20 +++++++++++++++++++-
>>  www/datastore/Panel.js |  1 -
>>  2 files changed, 19 insertions(+), 2 deletions(-)
>>=20
>> diff --git a/www/config/ACLView.js b/www/config/ACLView.js
>> index bf1ea6a9..20caf284 100644
>> --- a/www/config/ACLView.js
>> +++ b/www/config/ACLView.js
>> @@ -84,11 +84,29 @@ Ext.define('PBS.config.ACLView', {
>> =20
>>  	    let params =3D {};
>>  	    if (view.aclPath !=3D=3D undefined) {
>> -		params.path =3D view.aclPath;
>> +
>> +		let pathFilter =3D Ext.create('Ext.util.Filter', {
>> +		    filterPath: view.aclPath,
>> +		    filterFn: function(item) {
>> +			let me =3D this;
>> +			let curr =3D item.data.path;
>> +
>> +			if (curr.lastIndexOf("/") < me.filterPath.lastIndexOf("/")) {
>> +			    return me.filterPath.startsWith(curr);
>> +			} else {
>> +			    return me.filterPath =3D=3D=3D curr;
>> +			}
>=20
>=20
> argh, this gets it wrong too, e.g. if one passes /datastore as filter get
> only the /datastore ACLs, but not / or /datastore/test ones.

the former was not intended (I had the early return for "/" in an=20
intermediate version with splits, but lost it on simplification), the=20
latter one was ("/datastore/test" ACLs don't affect permissions on=20
"/datastore").

> We probably need to split both filter and current path into components
> .split('/') and go through them, return false if filter components are
> not yet exhausted and the current level does not match, else return true.

I see that you fixed that up already which looks good, and showing child=20
ACLs as well makes sense for the datastore overview and is now=20
documented, so that change in behaviour is fine for me too :) we will=20
only ever set intermediate (as in "overview" panels) or leaf (as in the=20
datacenter panel), and for the second case there cannot be any child=20
ACLs atm anyway.
=