From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pdm-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B39F21FF164 for <inbox@lore.proxmox.com>; Fri, 11 Apr 2025 15:45:26 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DF2B71B62A; Fri, 11 Apr 2025 15:45:21 +0200 (CEST) Mime-Version: 1.0 Date: Fri, 11 Apr 2025 15:45:18 +0200 Message-Id: <D93USGCNEZVA.2D48ZASFOKAMY@proxmox.com> From: "Shannon Sterz" <s.sterz@proxmox.com> To: "Shannon Sterz" <s.sterz@proxmox.com>, <pdm-devel@lists.proxmox.com> X-Mailer: aerc 0.20.1-0-g2ecb8770224a-dirty References: <20250403141806.402974-1-s.sterz@proxmox.com> In-Reply-To: <20250403141806.402974-1-s.sterz@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.018 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp 0/9] ACL edit api and ui components X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion <pdm-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/> List-Post: <mailto:pdm-devel@lists.proxmox.com> List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox Datacenter Manager development discussion <pdm-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com> Superseeded-by: https://lore.proxmox.com/pdm-devel/20250411134435.269524-2-s.sterz@proxmox.com/T/#t On Thu Apr 3, 2025 at 4:17 PM CEST, Shannon Sterz wrote: > this series aims to make more parts of our access control list > implementation re-usable between products. in a first step most of the > relevant api endpoints and api types are moved to > `proxmox-access-control`. this is done by adding a new `api` feature > that includes the necessary api endpoints. the `AccessControlConfig` > trait is also expanded to make the api endpoints more adaptable to > different products. by providing default implementations for the newly > added trait functions existing users don't need to change anything. > > next the series adds components to proxmox-yew-comp to provide a panel > for inspecting the current acl and adding or removing entries. this is > done by using the existing `RoleSelector` and `AuthidSelector` > components. the later is also slightly adapted to make it possible to > change the api endpoint that roles are fetched from as well as the > default role. the `AclView` component allows users of the crate to add > more options for adding ACL entries. meaning they can configure distinct > components for adding user, token or group permissions. this is done in > a generic fashion so that extending this menu does not require changing > the component again. > > finally proxmox-datacenter-manager is adapted to use the new api > endpoints in `proxmox-access-control` and a permissions panel is > implemented. note that this would benefit from some clean-up once > permission path and such are cleaned up. > > proxmox: > > Shannon Sterz (4): > access-control: add more types to prepare for api feature > access-control: add acl api feature > access-control: add comments to roles function of AccessControlConfig > access-control: add generic roles endpoint to `api` feature > > proxmox-access-control/Cargo.toml | 8 + > proxmox-access-control/src/acl.rs | 12 +- > proxmox-access-control/src/api.rs | 321 ++++++++++++++++++ > .../src/cached_user_info.rs | 4 +- > proxmox-access-control/src/init.rs | 27 +- > proxmox-access-control/src/lib.rs | 3 + > proxmox-access-control/src/types.rs | 87 ++++- > 7 files changed, 450 insertions(+), 12 deletions(-) > create mode 100644 proxmox-access-control/src/api.rs > > > proxmox-yew-comp: > > Shannon Sterz (3): > api-types/role_selector: depend on common `RoleInfo` type > acl: add a view and semi-generic `EditWindow` for acl entries > role_selector/acl_edit: make api endpoint and default role > configurable > > src/acl/acl_edit.rs | 112 +++++++++++++++++ > src/acl/acl_view.rs | 270 ++++++++++++++++++++++++++++++++++++++++ > src/acl/mod.rs | 5 + > src/common_api_types.rs | 8 -- > src/lib.rs | 3 + > src/role_selector.rs | 22 +++- > 6 files changed, 407 insertions(+), 13 deletions(-) > create mode 100644 src/acl/acl_edit.rs > create mode 100644 src/acl/acl_view.rs > create mode 100644 src/acl/mod.rs > > > proxmox-datacenter-manager: > > Shannon Sterz (2): > server: use proxmox-access-control api implementations > ui: configuration: add panel for viewing and editing acl entries > > server/Cargo.toml | 2 +- > server/src/acl.rs | 102 ++++- > server/src/api/access/acl.rs | 357 ------------------ > server/src/api/access/mod.rs | 4 +- > ui/src/configuration/mod.rs | 23 +- > .../configuration/permission_path_selector.rs | 88 +++++ > 6 files changed, 210 insertions(+), 366 deletions(-) > delete mode 100644 server/src/api/access/acl.rs > create mode 100644 ui/src/configuration/permission_path_selector.rs > > > Summary over all repositories: > 19 files changed, 1067 insertions(+), 391 deletions(-) > > -- > Generated by git-murpp 0.8.0 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel