From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BF08560A18 for ; Thu, 10 Sep 2020 10:01:30 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AB9E2194E6 for ; Thu, 10 Sep 2020 10:01:00 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id BA9A2194D9 for ; Thu, 10 Sep 2020 10:00:58 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8655D44AEF for ; Thu, 10 Sep 2020 10:00:58 +0200 (CEST) Date: Thu, 10 Sep 2020 10:00:51 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: PVE development discussion , Thomas Lamprecht , Tim Marx References: <20200706124544.2126341-1-t.marx@proxmox.com> <3da92568-0886-a522-fbd5-d28afe0f8e71@proxmox.com> In-Reply-To: <3da92568-0886-a522-fbd5-d28afe0f8e71@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1599724494.q0shm5qvme.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.028 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, accesscontrol.pm] Subject: Re: [pve-devel] [PATCH v3 access-control] add ui capabilities endpoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2020 08:01:30 -0000 On September 9, 2020 9:00 pm, Thomas Lamprecht wrote: > On 06.07.20 14:45, Tim Marx wrote: >> Signed-off-by: Tim Marx >> --- >> * no changes >=20 > Maybe we could merge this into the "/access/permissions" endpoint, maybe = with a > "heurisitic" parameter? IIRC Dominik wanted to slowly replace the caps with permissions anyway,=20 the caps are just (still) there because that hasn't happened yet. I am also not sure whether tokens are a good fit for the regular Web GUI=20 - the fact that tickets expire and you are not permanently logged in is=20 a feature there IMHO ;) also, permissions has a return schema already, while it does 'match'=20 from a structural point of view (a two-level deep hash), it is something=20 altogether different semantically. TL;DR: iff we really need this, then I'd put it in a separate API call. >> PVE/API2/AccessControl.pm | 29 +++++++++++++++++++++++++++++ >> 1 file changed, 29 insertions(+) >>=20 >> diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm >> index fd27786..66319cc 100644 >> --- a/PVE/API2/AccessControl.pm >> +++ b/PVE/API2/AccessControl.pm >> @@ -718,4 +718,33 @@ __PACKAGE__->register_method({ >> return $res; >> }}); >>=20 >> +__PACKAGE__->register_method({ >> + name =3D> 'uicapabilities', >> + path =3D> 'uicapabilities', >> + method =3D> 'GET', >> + description =3D> 'Retrieve user interface capabilities for calling = user/token.', >> + permissions =3D> { >> + description =3D> "Each user/token is allowed to retrieve their own cap= abilities.", >> + user =3D> 'all', >> + }, >> + parameters =3D> {}, >> + returns =3D> { >> + type =3D> 'object', >> + properties =3D> { >> + cap =3D> { >> + type =3D> 'object', >> + description =3D> 'The user interface capabilities of the calling user= /token' >> + } >> + }, >> + }, >> + code =3D> sub { >> + my ($param) =3D @_; >> + >> + my $rpcenv =3D PVE::RPCEnvironment::get(); >> + my $userid =3D $rpcenv->get_user(); >> + my $res->{cap} =3D &$compute_api_permission($rpcenv, $userid); >> + >> + return $res; >> + }}); >> + >> 1; >> -- >> 2.20.1 >>=20 >> _______________________________________________ >> pve-devel mailing list >> pve-devel@pve.proxmox.com >> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >>=20 >=20 >=20 >=20 =