From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 61B3C1FF164
	for <inbox@lore.proxmox.com>; Fri, 11 Apr 2025 15:45:15 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id A16771B504;
	Fri, 11 Apr 2025 15:45:10 +0200 (CEST)
From: Shannon Sterz <s.sterz@proxmox.com>
To: pdm-devel@lists.proxmox.com
Date: Fri, 11 Apr 2025 15:44:24 +0200
Message-Id: <20250411134435.269524-1-s.sterz@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.017 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [init.rs, lib.rs, api.rs, mod.rs, types.rs, acl.rs]
Subject: [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp v2 00/11]
 ACL edit api and ui components
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
 <pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>

this series aims to make more parts of our access control list
implementation re-usable between products. in a first step most of the
relevant api endpoints and api types are moved to
`proxmox-access-control`. this is done by adding a new `api` feature
that includes the necessary api endpoints. the `AccessControlConfig`
trait is also expanded to make the api endpoints more adaptable to
different products. by providing default implementations for the newly
added trait functions existing users don't need to change anything. it
also tries to make the code here easier to understand as the checks
could be hard to grasp previously.

next the series adds components to proxmox-yew-comp to provide a panel
for inspecting the current acl and adding or removing entries. this is
done by using the existing `RoleSelector` and `AuthidSelector`
components. the later is also slightly adapted to make it possible to
change the api endpoint that roles are fetched from as well as the
default role. the `AclView` component allows users of the crate to add
more options for adding ACL entries. meaning they can configure distinct
components for adding user, token or group permissions. this is done in
a generic fashion so that extending this menu does not require changing
the component again.

finally proxmox-datacenter-manager is adapted to use the new api
endpoints in `proxmox-access-control` and a permissions panel is
implemented. note that this would benefit from some clean-up once
permission path and such are cleaned up.

proxmox:

Shannon Sterz (6):
  access-control: add more types to prepare for api feature
  access-control: add acl api feature
  access-control: add comments to roles function of AccessControlConfig
  access-control: add generic roles endpoint to `api` feature
  access-control: api: refactor validation checks to re-use existing
    code
  access-control: api: refactor extract_acl_node_data to be
    non-recursive

 proxmox-access-control/Cargo.toml             |   8 +
 proxmox-access-control/src/acl.rs             |  12 +-
 proxmox-access-control/src/api.rs             | 349 ++++++++++++++++++
 .../src/cached_user_info.rs                   |   4 +-
 proxmox-access-control/src/init.rs            |  35 +-
 proxmox-access-control/src/lib.rs             |   3 +
 proxmox-access-control/src/types.rs           |  87 ++++-
 7 files changed, 486 insertions(+), 12 deletions(-)
 create mode 100644 proxmox-access-control/src/api.rs


proxmox-yew-comp:

Shannon Sterz (3):
  api-types/role_selector: depend on common `RoleInfo` type
  acl: add a view and semi-generic `EditWindow` for acl entries
  role_selector/acl_edit: make api endpoint and default role
    configurable

 src/acl/acl_edit.rs     | 112 +++++++++++++++++
 src/acl/acl_view.rs     | 270 ++++++++++++++++++++++++++++++++++++++++
 src/acl/mod.rs          |   5 +
 src/common_api_types.rs |   8 --
 src/lib.rs              |   3 +
 src/role_selector.rs    |  22 +++-
 6 files changed, 407 insertions(+), 13 deletions(-)
 create mode 100644 src/acl/acl_edit.rs
 create mode 100644 src/acl/acl_view.rs
 create mode 100644 src/acl/mod.rs


proxmox-datacenter-manager:

Shannon Sterz (2):
  server: use proxmox-access-control api implementations
  ui: configuration: add panel for viewing and editing acl entries

 server/Cargo.toml                             |   2 +-
 server/src/acl.rs                             | 102 ++++-
 server/src/api/access/acl.rs                  | 357 ------------------
 server/src/api/access/mod.rs                  |   4 +-
 ui/src/configuration/mod.rs                   |  23 +-
 .../configuration/permission_path_selector.rs |  86 +++++
 6 files changed, 208 insertions(+), 366 deletions(-)
 delete mode 100644 server/src/api/access/acl.rs
 create mode 100644 ui/src/configuration/permission_path_selector.rs


Summary over all repositories:
  19 files changed, 1101 insertions(+), 391 deletions(-)

--
Generated by git-murpp 0.8.0


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel