From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 3CB451FF16B
for <inbox@lore.proxmox.com>; Thu, 3 Apr 2025 16:18:30 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 9C31E3D5A;
Thu, 3 Apr 2025 16:18:16 +0200 (CEST)
From: Shannon Sterz <s.sterz@proxmox.com>
To: pdm-devel@lists.proxmox.com
Date: Thu, 3 Apr 2025 16:18:00 +0200
Message-Id: <20250403141806.402974-4-s.sterz@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250403141806.402974-1-s.sterz@proxmox.com>
References: <20250403141806.402974-1-s.sterz@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.018 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pdm-devel] [PATCH proxmox 3/4] access-control: add comments to
roles function of AccessControlConfig
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
<pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>,
<mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>,
<mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
<pdm-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>
this will allow us to implement a generic `roles()` endpoint similar
to the one proxmox backup server already has at `/access/roles` and
that proxmox-yew-comp's `RoleSelector` already relies on.
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
proxmox-access-control/src/acl.rs | 12 ++++++------
proxmox-access-control/src/cached_user_info.rs | 4 ++--
proxmox-access-control/src/init.rs | 5 +++--
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/proxmox-access-control/src/acl.rs b/proxmox-access-control/src/acl.rs
index b8041688..270292ac 100644
--- a/proxmox-access-control/src/acl.rs
+++ b/proxmox-access-control/src/acl.rs
@@ -647,11 +647,11 @@ mod test {
#[derive(Debug)]
struct TestAcmConfig<'a> {
- roles: HashMap<&'a str, u64>,
+ roles: HashMap<&'a str, (u64, &'a str)>,
}
impl AccessControlConfig for TestAcmConfig<'_> {
- fn roles(&self) -> &HashMap<&str, u64> {
+ fn roles(&self) -> &HashMap<&str, (u64, &str)> {
&self.roles
}
@@ -672,10 +672,10 @@ mod test {
static ACL_CONFIG: OnceLock<TestAcmConfig> = OnceLock::new();
let config = ACL_CONFIG.get_or_init(|| {
let mut roles = HashMap::new();
- roles.insert("NoAccess", 0);
- roles.insert("Admin", u64::MAX);
- roles.insert("DatastoreBackup", 4);
- roles.insert("DatastoreReader", 8);
+ roles.insert("NoAccess", (0, "comment"));
+ roles.insert("Admin", (u64::MAX, "comment"));
+ roles.insert("DatastoreBackup", (4, "comment"));
+ roles.insert("DatastoreReader", (8, "comment"));
TestAcmConfig { roles }
});
diff --git a/proxmox-access-control/src/cached_user_info.rs b/proxmox-access-control/src/cached_user_info.rs
index 4d011f00..f5ed2858 100644
--- a/proxmox-access-control/src/cached_user_info.rs
+++ b/proxmox-access-control/src/cached_user_info.rs
@@ -150,7 +150,7 @@ impl CachedUserInfo {
if self.is_superuser(auth_id) {
let acm_config = access_conf();
if let Some(admin) = acm_config.role_admin() {
- if let Some(admin) = acm_config.roles().get(admin) {
+ if let Some((admin, _)) = acm_config.roles().get(admin) {
return (*admin, *admin);
}
}
@@ -160,7 +160,7 @@ impl CachedUserInfo {
let mut privs: u64 = 0;
let mut propagated_privs: u64 = 0;
for (role, propagate) in roles {
- if let Some(role_privs) = access_conf().roles().get(role.as_str()) {
+ if let Some((role_privs, _)) = access_conf().roles().get(role.as_str()) {
if propagate {
propagated_privs |= role_privs;
}
diff --git a/proxmox-access-control/src/init.rs b/proxmox-access-control/src/init.rs
index a6d36780..c219a78e 100644
--- a/proxmox-access-control/src/init.rs
+++ b/proxmox-access-control/src/init.rs
@@ -16,8 +16,9 @@ pub trait AccessControlConfig: Send + Sync {
/// Returns a mapping of all recognized privileges and their corresponding `u64` value.
fn privileges(&self) -> &HashMap<&str, u64>;
- /// Returns a mapping of all recognized roles and their corresponding `u64` value.
- fn roles(&self) -> &HashMap<&str, u64>;
+ /// Returns a mapping of all recognized roles and their corresponding `u64` value as well as
+ /// a comment.
+ fn roles(&self) -> &HashMap<&str, (u64, &str)>;
/// Checks whether an `Authid` has super user privileges or not.
///
--
2.39.5
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel