From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: PVE development discussion <pve-devel@pve.proxmox.com>,
Thomas Lamprecht <t.lamprecht@proxmox.com>,
Tim Marx <t.marx@proxmox.com>
Subject: Re: [pve-devel] [PATCH v3 access-control] add ui capabilities endpoint
Date: Thu, 10 Sep 2020 10:00:51 +0200 [thread overview]
Message-ID: <1599724494.q0shm5qvme.astroid@nora.none> (raw)
In-Reply-To: <3da92568-0886-a522-fbd5-d28afe0f8e71@proxmox.com>
On September 9, 2020 9:00 pm, Thomas Lamprecht wrote:
> On 06.07.20 14:45, Tim Marx wrote:
>> Signed-off-by: Tim Marx <t.marx@proxmox.com>
>> ---
>> * no changes
>
> Maybe we could merge this into the "/access/permissions" endpoint, maybe with a
> "heurisitic" parameter?
IIRC Dominik wanted to slowly replace the caps with permissions anyway,
the caps are just (still) there because that hasn't happened yet.
I am also not sure whether tokens are a good fit for the regular Web GUI
- the fact that tickets expire and you are not permanently logged in is
a feature there IMHO ;)
also, permissions has a return schema already, while it does 'match'
from a structural point of view (a two-level deep hash), it is something
altogether different semantically.
TL;DR: iff we really need this, then I'd put it in a separate API call.
>> PVE/API2/AccessControl.pm | 29 +++++++++++++++++++++++++++++
>> 1 file changed, 29 insertions(+)
>>
>> diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
>> index fd27786..66319cc 100644
>> --- a/PVE/API2/AccessControl.pm
>> +++ b/PVE/API2/AccessControl.pm
>> @@ -718,4 +718,33 @@ __PACKAGE__->register_method({
>> return $res;
>> }});
>>
>> +__PACKAGE__->register_method({
>> + name => 'uicapabilities',
>> + path => 'uicapabilities',
>> + method => 'GET',
>> + description => 'Retrieve user interface capabilities for calling user/token.',
>> + permissions => {
>> + description => "Each user/token is allowed to retrieve their own capabilities.",
>> + user => 'all',
>> + },
>> + parameters => {},
>> + returns => {
>> + type => 'object',
>> + properties => {
>> + cap => {
>> + type => 'object',
>> + description => 'The user interface capabilities of the calling user/token'
>> + }
>> + },
>> + },
>> + code => sub {
>> + my ($param) = @_;
>> +
>> + my $rpcenv = PVE::RPCEnvironment::get();
>> + my $userid = $rpcenv->get_user();
>> + my $res->{cap} = &$compute_api_permission($rpcenv, $userid);
>> +
>> + return $res;
>> + }});
>> +
>> 1;
>> --
>> 2.20.1
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel@pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>
>
>
next prev parent reply other threads:[~2020-09-10 8:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200706124544.2126341-1-t.marx@proxmox.com>
2020-09-09 19:00 ` Thomas Lamprecht
2020-09-10 8:00 ` Fabian Grünbichler [this message]
2020-09-10 8:19 ` Thomas Lamprecht
2020-09-10 8:23 ` Fabian Grünbichler
2020-09-10 8:28 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1599724494.q0shm5qvme.astroid@nora.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@pve.proxmox.com \
--cc=t.lamprecht@proxmox.com \
--cc=t.marx@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox