From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [PATCH pmg-api v3 1/5] config: add root_only paramter option.
Date: Fri, 12 Jun 2026 19:40:58 +0200 [thread overview]
Message-ID: <20260612174145.1190233-2-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20260612174145.1190233-1-s.ivanov@proxmox.com>
this introduces a way to have some options in our pmg.conf
SectionConfig restricted to 'root@pam' only.
I skimmed the (quite improved) documentation in PVE::SectionConfig,
and did not see any blockers to extending adding other options instead
of 'optional' and 'fixed' there.
This is needed to have unified way to check if a particular option
should be restricted to 'root@pam' only.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/API2/Config.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/PMG/API2/Config.pm b/src/PMG/API2/Config.pm
index 9cce95dd..6edde9b4 100644
--- a/src/PMG/API2/Config.pm
+++ b/src/PMG/API2/Config.pm
@@ -10,6 +10,7 @@ use HTTP::Status qw(:constants);
use Storable qw(dclone);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
+use PVE::Exception qw(raise_perm_exc);
use Time::HiRes qw();
use PMG::Config;
@@ -194,14 +195,21 @@ my $api_update_config_section = sub {
die "no options specified\n"
if !$delete_str && !scalar(keys %$param);
+ my $plugin = PMG::Config::Base->lookup($section);
+ my $rpcenv = PMG::RESTEnvironment->get();
+ my $authuser = $rpcenv->get_user();
+
foreach my $opt (PVE::Tools::split_list($delete_str)) {
+ my $is_root_only = $plugin->options()->{$opt}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
delete $ids->{$section}->{$opt};
}
- my $plugin = PMG::Config::Base->lookup($section);
my $config = $plugin->check_config($section, $param, 0, 1);
foreach my $p (keys %$config) {
+ my $is_root_only = $plugin->options()->{$p}->{root_only};
+ raise_perm_exc() if ( $is_root_only && $authuser ne 'root@pam') ;
$ids->{$section}->{$p} = $config->{$p};
}
--
2.47.3
next prev parent reply other threads:[~2026-06-12 17:42 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-12 17:40 [PATCH pmg-api/pmg-docs/pmg-gui v3 0/5] tracking-center: make input-base configurable Stoiko Ivanov
2026-06-12 17:40 ` Stoiko Ivanov [this message]
2026-06-12 17:40 ` [PATCH pmg-api v3 2/5] config: add log-tracker-base key Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-api v3 3/5] fix #3657: api: tracking center: explicitly set input base from config Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-gui v3 4/5] fix #3657: system options: add log-tracker-base textrow Stoiko Ivanov
2026-06-12 17:41 ` [PATCH pmg-docs v3 5/5] pmg-log-tracker: mention that input-base can be configured via GUI Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260612174145.1190233-2-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox