public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Datacenter Manager development discussion
	<pdm-devel@lists.proxmox.com>
Subject: [pdm-devel] partially-applied: [PATCH datacenter-manager/proxmox/yew-comp v4 00/10] add support for checking acl permissions in (yew) front-ends
Date: Wed, 19 Nov 2025 11:52:50 +0100	[thread overview]
Message-ID: <1763549500.46lacr2wg9.astroid@yuna.none> (raw)
In-Reply-To: <20251114144318.317322-1-s.sterz@proxmox.com>

On November 14, 2025 3:43 pm, Shannon Sterz wrote:
> this patch series adds support for querying acl entries from the
> front-end. it also makes it possible to reactively render ui components
> depending on the user's privileges and refreshes this information every
> time a new ticket is set.
> 
> the series is structured as such:
> 
> 1. proxmox, «access-control: add acl feature to only expose types and
>    the AclTree»: creates a new feature that exposes only it and some
>    types to dependent crates.
> 2. proxmox, «access-control: use format strings where possible»: a
>    small clean up commit that moves variables into format strings
>    where possible.
> 3. proxmox, «access-control: move functions querying privileges to the
>    AclTree»: functions that basically just query the AclTree are moved
>    to the AclTree itself to make it easier to re-use them.
> 4. proxmox: «access-control: derive Debug and PartialEq on AclTree and
>    AclTreeNode»: derives Debug and PartialEq on the AclTree and
>    AclTreeNode to make it easier to handle these types in the ui.
> 5. proxmox: «access-control: allow reading all acls of the current
>    authid»: allows to querying all of a user's acl entries via the
>    API_METHOD_READ_ACL endpoint.

applied these 5 with a small follow-up.

the description of the new parameter, and allowing it/making it work for
tokens, as discussed off-list would be nice further follow-ups.

> 6. yew-comp: «acl_context: add AclContext and AclContextProvider»: adds
>    an AclContext and AclContextProvider to proxmox-yew-comp. these
>    allow applications to provide acl information that components can
>    hook into and get reactively re-rendered.
> 7. yew-comp: «http_helpers: reload LocalAclTree when logging in or
>    refreshing a ticket»: so that the ui can be rendered according to
>    the current acls for the user.
> 8. datacenter-manager: «move AccessControlConfig to pdm-api-types»: so
>    we can re-use it in the front-end. then an
> 9. datacenter-manager: «ui: add an AclContext via the AclContextProvider
>    to the main app ui»: allows components to hook into the AclContext
>    and be re-rendered when it changes.
> 10. datacenter-manager: «ui: main menu: use the AclContext to hide the
>     Notes if appropriate»: shows how the new AclContext can be used to
>     only render relevant ui components.
> 
> 
> Follow-up
> ---------
> 
> if this series is applied, more ui components will need to be hooked
> into the context to more widely use this functionality accross the
> application.
> 
> Changelog
> ---------
> 
> note that there was already a v2 [1] of this series, but this was a mistake
> and should be considered a v1. sorry for the confusion.
> 
> changes since v3:
> 
> - fix up a typo, thanks @ Lukas Wagner
> - extract Roles via `AclTreeNode::extract_roles` to prepare for
>   potential group features, thanks @ Fabian Grünbichler
> 
> note: after some offline discussion i left the AccessControlConfig in
> pdm-api-types. we can easily move everything there out into a separate
> crate still and it's not really a public api. so changing should be
> easy enough.
> 
> changes since v2:
> 
> - combine impl only functions into private modules and impl blocks to
>   more cleanly separate them out (thanks @ Wolfgang Bumiller)
> - add a small clean up commit for in-lining format string variables
> 
> changes since v1:
> 
> - move removing a use line to the right commit (thanks @ Dominik Csapak)
> - instead of adapting the NodesView, simply avoid setting an on_submit
>   callback if the user doesn't have the permissions (thanks @ Dominik
>   Csapak)
> 
> proxmox:
> 
> Shannon Sterz (5):
>   access-control: add acl feature to only expose types and the AclTree
>   access-control: use format strings where possible
>   access-control: move functions querying privileges to the AclTree
>   access-control: derive Debug and PartialEq on AclTree and AclTreeNode
>   access-control: allow reading all acls of the current authid
> 
>  proxmox-access-control/Cargo.toml             |   5 +-
>  proxmox-access-control/src/acl.rs             | 509 +++++++++++-------
>  proxmox-access-control/src/api/acl.rs         | 101 ++--
>  .../src/cached_user_info.rs                   |  91 +---
>  proxmox-access-control/src/init.rs            |  91 ++--
>  proxmox-access-control/src/lib.rs             |   4 +-
>  proxmox-access-control/src/token_shadow.rs    |   2 +-
>  proxmox-access-control/src/user.rs            |   3 +-
>  8 files changed, 455 insertions(+), 351 deletions(-)
> 
> 
> proxmox-yew-comp:
> 
> Shannon Sterz (2):
>   acl_context: add AclContext and AclContextProvider
>   http_helpers: reload LocalAclTree when logging in or refreshing a
>     ticket
> 
>  Cargo.toml          |   2 +-
>  src/acl_context.rs  | 204 ++++++++++++++++++++++++++++++++++++++++++++
>  src/http_helpers.rs |   5 ++
>  src/lib.rs          |   3 +
>  4 files changed, 213 insertions(+), 1 deletion(-)
>  create mode 100644 src/acl_context.rs
> 
> 
> proxmox-datacenter-manager:
> 
> Shannon Sterz (3):
>   pdm-acl: create pdm-acl crate
>   ui: add an AclContext via the AclContextProvider to the main app ui
>   ui: main menu: use the AclContext to hide the Notes if appropriate
> 
>  lib/pdm-api-types/Cargo.toml |   1 +
>  lib/pdm-api-types/src/acl.rs | 164 +++++++++++++++++++++++++++++++++-
>  server/src/acl.rs            | 168 +----------------------------------
>  ui/Cargo.toml                |   1 +
>  ui/src/main.rs               |  14 ++-
>  ui/src/main_menu.rs          |  68 +++++++++-----
>  6 files changed, 226 insertions(+), 190 deletions(-)
> 
> 
> Summary over all repositories:
>   18 files changed, 894 insertions(+), 542 deletions(-)
> 
> --
> Generated by git-murpp 0.8.1
> 
> 
> _______________________________________________
> pdm-devel mailing list
> pdm-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
> 


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel

  parent reply	other threads:[~2025-11-19 10:52 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-14 14:43 [pdm-devel] " Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 1/5] access-control: add acl feature to only expose types and the AclTree Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 2/5] access-control: use format strings where possible Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 3/5] access-control: move functions querying privileges to the AclTree Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 4/5] access-control: derive Debug and PartialEq on AclTree and AclTreeNode Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH proxmox v4 5/5] access-control: allow reading all acls of the current authid Shannon Sterz
2025-11-14 14:43 ` [pdm-devel] [PATCH yew-comp v4 1/2] acl_context: add AclContext and AclContextProvider Shannon Sterz
2025-11-19 20:13   ` [pdm-devel] applied: " Thomas Lamprecht
2025-11-14 14:43 ` [pdm-devel] [PATCH yew-comp v4 2/2] http_helpers: reload LocalAclTree when logging in or refreshing a ticket Shannon Sterz
2025-11-19 20:13   ` [pdm-devel] applied: " Thomas Lamprecht
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 1/3] move AccessControlConfig to pdm-api-types Shannon Sterz
2025-11-19 20:39   ` [pdm-devel] applied: " Thomas Lamprecht
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 2/3] ui: add an AclContext via the AclContextProvider to the main app ui Shannon Sterz
2025-11-19 20:39   ` [pdm-devel] applied: " Thomas Lamprecht
2025-11-14 14:43 ` [pdm-devel] [PATCH datacenter-manager v4 3/3] ui: main menu: use the AclContext to hide the Notes if appropriate Shannon Sterz
2025-11-19 20:39   ` [pdm-devel] applied: " Thomas Lamprecht
2025-11-19 10:52 ` Fabian Grünbichler [this message]
2025-11-19 11:16   ` [pdm-devel] partially-applied: [PATCH datacenter-manager/proxmox/yew-comp v4 00/10] add support for checking acl permissions in (yew) front-ends Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1763549500.46lacr2wg9.astroid@yuna.none \
    --to=f.gruenbichler@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal