public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged
@ 2021-08-06  8:59 Fabian Ebner
  2021-08-12  9:45 ` Fabian Grünbichler
  0 siblings, 1 reply; 2+ messages in thread
From: Fabian Ebner @ 2021-08-06  8:59 UTC (permalink / raw)
  To: pve-devel

The backend won't allow any edits in this case, so better just disable
the edit button altogether.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
 www/manager6/lxc/Options.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
index f2661dfc..12b0fe12 100644
--- a/www/manager6/lxc/Options.js
+++ b/www/manager6/lxc/Options.js
@@ -174,7 +174,11 @@ Ext.define('PVE.lxc.Options', {
 	    var pending = rec.data.delete || me.hasPendingChanges(key);
 	    var rowdef = rows[key];
 
-	    edit_btn.setDisabled(!rowdef.editor);
+	    let unprivileged = me.getStore().getById('unprivileged').data.value;
+	    let nonRootPrivFeatures =
+		Proxmox.UserName !== 'root@pam' && key === 'features' && !unprivileged;
+
+	    edit_btn.setDisabled(!rowdef.editor || nonRootPrivFeatures);
 	    revert_btn.setDisabled(!pending);
 	};
 
-- 
2.30.2





^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged
  2021-08-06  8:59 [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged Fabian Ebner
@ 2021-08-12  9:45 ` Fabian Grünbichler
  0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2021-08-12  9:45 UTC (permalink / raw)
  To: Proxmox VE development discussion

On August 6, 2021 10:59 am, Fabian Ebner wrote:
> The backend won't allow any edits in this case, so better just disable
> the edit button altogether.
> 
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
>  www/manager6/lxc/Options.js | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
> index f2661dfc..12b0fe12 100644
> --- a/www/manager6/lxc/Options.js
> +++ b/www/manager6/lxc/Options.js
> @@ -174,7 +174,11 @@ Ext.define('PVE.lxc.Options', {
>  	    var pending = rec.data.delete || me.hasPendingChanges(key);
>  	    var rowdef = rows[key];
>  
> -	    edit_btn.setDisabled(!rowdef.editor);
> +	    let unprivileged = me.getStore().getById('unprivileged').data.value;
> +	    let nonRootPrivFeatures =
> +		Proxmox.UserName !== 'root@pam' && key === 'features' && !unprivileged;
> +
> +	    edit_btn.setDisabled(!rowdef.editor || nonRootPrivFeatures);

this reads strange to me, maybe

if (key === 'features') {
    let unprivileged = ..;
    let root = ..;
    edit_btn.setDisabled(!rowdef.editor || (!unprivileged && !root));
} else {
    edit_btn.setDisabled(!rowdef.editor);
}

is more clear? might even make sense to make the rowdef.editor 
definition for 'features' more simple, and pull the VM.Allocate check 
down here (to avoid splitting the decision into two parts and missing 
that fact in the future).

>  	    revert_btn.setDisabled(!pending);
>  	};
>  
> -- 
> 2.30.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-12  9:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-06  8:59 [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged Fabian Ebner
2021-08-12  9:45 ` Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal