public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Shannon Sterz <s.sterz@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH proxmox v2 1/6] access-control: add more types to prepare for api feature
Date: Fri, 11 Apr 2025 15:44:25 +0200	[thread overview]
Message-ID: <20250411134435.269524-2-s.sterz@proxmox.com> (raw)
In-Reply-To: <20250411134435.269524-1-s.sterz@proxmox.com>

this includes:

- `ACL_PATH_SCHEMA`: describes the format of valid acl paths
- `ACL_PROPAGATE_SCHEMA`: describes whether an acl entry propagates to
  its child paths
- `AclUgidType`: which type an acl entry refers to, either a user or a
  group
- `AclListItem`: describes an entry of the ACL

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
this was agregated from pdm and pbs:

- pdm: lib/pdm-api-types/src/acl.rs
- pbs: proxmox/pbs-api-types/src/acl.rs

 proxmox-access-control/Cargo.toml   |  3 ++
 proxmox-access-control/src/types.rs | 59 ++++++++++++++++++++++++++++-
 2 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/proxmox-access-control/Cargo.toml b/proxmox-access-control/Cargo.toml
index 9c355344..23be7fcb 100644
--- a/proxmox-access-control/Cargo.toml
+++ b/proxmox-access-control/Cargo.toml
@@ -13,10 +13,13 @@ rust-version.workspace = true

 [dependencies]
 anyhow.workspace = true
+const_format.workspace = true
 nix = { workspace = true, optional = true }
 openssl = { workspace = true, optional = true }
+regex.workspace = true
 serde.workspace = true
 serde_json = { workspace = true, optional = true }
+serde_plain.workspace = true

 proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
 proxmox-config-digest = { workspace = true, optional = true, features = [ "openssl" ] }
diff --git a/proxmox-access-control/src/types.rs b/proxmox-access-control/src/types.rs
index ae6de7cf..01d078de 100644
--- a/proxmox-access-control/src/types.rs
+++ b/proxmox-access-control/src/types.rs
@@ -1,10 +1,12 @@
 use serde::{Deserialize, Serialize};

+use const_format::concatcp;
+
 use proxmox_auth_api::types::{Authid, Userid, PROXMOX_TOKEN_ID_SCHEMA};
 use proxmox_schema::{
     api,
-    api_types::{COMMENT_SCHEMA, SINGLE_LINE_COMMENT_FORMAT},
-    BooleanSchema, IntegerSchema, Schema, StringSchema, Updater,
+    api_types::{COMMENT_SCHEMA, SAFE_ID_REGEX_STR, SINGLE_LINE_COMMENT_FORMAT},
+    const_regex, ApiStringFormat, BooleanSchema, IntegerSchema, Schema, StringSchema, Updater,
 };

 pub const ENABLE_USER_SCHEMA: Schema = BooleanSchema::new(
@@ -38,6 +40,23 @@ pub const EMAIL_SCHEMA: Schema = StringSchema::new("E-Mail Address.")
     .max_length(64)
     .schema();

+const_regex! {
+    pub ACL_PATH_REGEX = concatcp!(r"^(?:/|", r"(?:/", SAFE_ID_REGEX_STR, ")+", r")$");
+}
+
+pub const ACL_PATH_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&ACL_PATH_REGEX);
+
+pub const ACL_PATH_SCHEMA: Schema = StringSchema::new("Access control path.")
+    .format(&ACL_PATH_FORMAT)
+    .min_length(1)
+    .max_length(128)
+    .schema();
+
+pub const ACL_PROPAGATE_SCHEMA: Schema =
+    BooleanSchema::new("Allow to propagate (inherit) permissions.")
+        .default(true)
+        .schema();
+
 #[api(
     properties: {
         user: {
@@ -192,3 +211,39 @@ impl User {
         true
     }
 }
+
+#[api]
+/// Type of the 'ugid' property in the ACL entry list.
+#[derive(Clone, Copy, Debug, Eq, PartialEq, Deserialize, Serialize, Hash)]
+#[serde(rename_all = "lowercase")]
+pub enum AclUgidType {
+    /// An entry for a user (or token).
+    User,
+    /// An entry for a group.
+    Group,
+}
+
+serde_plain::derive_display_from_serialize!(AclUgidType);
+serde_plain::derive_fromstr_from_deserialize!(AclUgidType);
+
+#[api(
+    properties: {
+        propagate: { schema: ACL_PROPAGATE_SCHEMA, },
+        path: { schema: ACL_PATH_SCHEMA, },
+        ugid_type: { type: AclUgidType },
+        ugid: {
+            type: String,
+            description: "User or Group ID.",
+        },
+    }
+)]
+#[derive(Serialize, Deserialize, PartialEq, Clone, Hash)]
+/// Access control list entry.
+pub struct AclListItem {
+    pub path: String,
+    pub ugid: String,
+    pub ugid_type: AclUgidType,
+    pub propagate: bool,
+    /// A role represented as a string.
+    pub roleid: String,
+}
--
2.39.5



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel


  reply	other threads:[~2025-04-11 13:44 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-11 13:44 [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp v2 00/11] ACL edit api and ui components Shannon Sterz
2025-04-11 13:44 ` Shannon Sterz [this message]
2025-04-11 13:44 ` [pdm-devel] [PATCH proxmox v2 2/6] access-control: add acl api feature Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH proxmox v2 3/6] access-control: add comments to roles function of AccessControlConfig Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH proxmox v2 4/6] access-control: add generic roles endpoint to `api` feature Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH proxmox v2 5/6] access-control: api: refactor validation checks to re-use existing code Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH proxmox v2 6/6] access-control: api: refactor extract_acl_node_data to be non-recursive Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH yew-comp v2 1/3] api-types/role_selector: depend on common `RoleInfo` type Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH yew-comp v2 2/3] acl: add a view and semi-generic `EditWindow` for acl entries Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH yew-comp v2 3/3] role_selector/acl_edit: make api endpoint and default role configurable Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH datacenter-manager v2 1/2] server: use proxmox-access-control api implementations Shannon Sterz
2025-04-11 13:44 ` [pdm-devel] [PATCH datacenter-manager v2 2/2] ui: configuration: add panel for viewing and editing acl entries Shannon Sterz
2025-04-17 15:46 ` [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp v2 00/11] ACL edit api and ui components Thomas Lamprecht
2025-04-22  8:12   ` Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250411134435.269524-2-s.sterz@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal