From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id A64131FF17E
	for <inbox@lore.proxmox.com>; Thu, 13 Nov 2025 11:25:40 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id EDB4E17850;
	Thu, 13 Nov 2025 11:26:34 +0100 (CET)
Mime-Version: 1.0
Date: Thu, 13 Nov 2025 11:26:01 +0100
Message-Id: <DE7HTJA4B0NR.14QA3FSD2YXHY@proxmox.com>
To: "Lukas Wagner" <l.wagner@proxmox.com>
X-Mailer: aerc 0.20.0
References: <20251106143836.288888-1-s.sterz@proxmox.com>
 <DE7HQ8HC4X2O.1QGFS7HSJAT1N@proxmox.com>
In-Reply-To: <DE7HQ8HC4X2O.1QGFS7HSJAT1N@proxmox.com>
From: "Shannon Sterz" <s.sterz@proxmox.com>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1763029535561
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.062 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp v3
 00/10] add support for checking acl permissions in (yew) front-ends
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
 <pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
Cc: Proxmox Datacenter Manager
 development discussion <pdm-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>

On Thu Nov 13, 2025 at 11:21 AM CET, Lukas Wagner wrote:
> On Thu Nov 6, 2025 at 3:38 PM CET, Shannon Sterz wrote:
>> this patch series adds support for querying acl entries from the
>> front-end. it also makes it possible to reactively render ui components
>> depending on the user's privileges and refreshes this information every
>> time a new ticket is set.
>>
>> the first four patches make it possible to use the AclTree by itself in
>> the ui. first by creating a new feature that exposes only it and some
>> types to dependent crates. then some functions that basically just query
>> the AclTree are moved to the AclTree itself to make it easier to re-use
>> them. the fourth patch derives Debug and PartialEq on the AclTree and
>> AclTreeNode to make it easier to handle these types in the ui. finally
>> the last commit allows to query all of a user's acl entries via the
>> API_METHOD_READ_ACL endpoint.
>>
>> the next two patches first add an AclContext and AclContextProvider
>> implementation to proxmox-yew-comp. these allow applications to provide
>> acl information that components can hook into and get reactively
>> re-rendered. it also triggers reloading the acl information every time a
>> user logs in or a ticket gets refreshed.
>>
>> lastly, proxmox-datacenter-manager is adapted to use this new
>> functionality. the seventh commit moves the AccessControlConfig to the
>> shared api types crate, so we can re-use it in the front-end. then an
>> AclContextProvider is added to the main ui component. this allows
>> components to retrieve said AclContext and use it to conditionally
>> render ui components. the last commit adds just such functionality to
>> the notes section of the pdm ui.
>>
>> Follow-up
>> ---------
>>
>> if this series is applied, more ui components will need to be hooked
>> into the context to more widely use this functionality accross the
>> application.
>>
>
> Looks pretty good to me. Went through the code, but saw nothing of
> concern. Also quickly tested this on the latest master. Created a new
> user and verified that it only sees the "Notes" entry if the correct
> permissions are set.
>
> The following log message is shown in the login mask, I think we could
> just silently ignore this error, as this is nothing of
> concern, as far as I can tell?
>
>   ERROR: [...] proxmox-yew-comp/src/acl_context.rs:136 Could not get current Authid, please login first.

yeah that happens in that split second that the ui takes to realize you
aren't actually logged in. i suppose we can make that a debug log, it
should only really be a problem if a developer inserts the auth context
provider in the wrong place.

> Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
> Tested-by: Lukas Wagner <l.wagner@proxmox.com>



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel