From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 53D7C695DB for ; Fri, 12 Feb 2021 16:57:54 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 51EDF28931 for ; Fri, 12 Feb 2021 16:57:54 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 7F04628911 for ; Fri, 12 Feb 2021 16:57:52 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 55C32407F7 for ; Fri, 12 Feb 2021 16:57:52 +0100 (CET) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Fri, 12 Feb 2021 16:57:51 +0100 Message-Id: <20210212155751.16045-5-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210212155751.16045-1-a.lauterer@proxmox.com> References: <20210212155751.16045-1-a.lauterer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.020 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v2 manager 4/4] ui: qemu/HardwareView: fix CDRom permission checkss X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2021 15:57:54 -0000 There are several types of drives that use the same config keys. Most notably CDRom and regular VM disks (EFI and cloudinit exist as well). Since there is a dedicated permission for CDRom drives we need to check permissions in more detail, depending on what type of drive it actually is for things like the edit, remove and Add -> CDRom buttons. The permission check in the row definition itself which only checked for 'VM.Config.Disk' permissions (never_delete) had to be removed and finer grained checks added for the individual buttons. This also meant a bit of reshuffling in the checks what kind of disk the current one is. Signed-off-by: Aaron Lauterer --- v2: improved permission checks in the GUI to make sure that CDRom things will behave as expected and the other things are kept as is. Meaning all other disks (cloudinit, efi, used, unused) still need VM.Config.Disk permissions. Tested by giving a user only VMAudit and Config.CDRom permissions in the one case, and all VM.Config.* permissions except CDRom. www/manager6/qemu/HardwareView.js | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js index 036bfa26..5de3bf95 100644 --- a/www/manager6/qemu/HardwareView.js +++ b/www/manager6/qemu/HardwareView.js @@ -224,7 +224,6 @@ Ext.define('PVE.qemu.HardwareView', { group: 10, iconCls: 'hdd-o', editor: 'PVE.qemu.HDEdit', - never_delete: !caps.vms['VM.Config.Disk'], isOnStorageBus: true, header: gettext('Hard Disk') + ' (' + confid +')', cdheader: gettext('CD/DVD Drive') + ' (' + confid +')', @@ -584,24 +583,33 @@ Ext.define('PVE.qemu.HardwareView', { var value = rec.data.value; var rowdef = rows[key]; + let isCloudInit = value && value.toString().match(/vm-.*-cloudinit/); + let isCDRom = value && !!value.toString().match(/media=cdrom/) && !isCloudInit; + var pending = rec.data.delete || me.hasPendingChanges(key); - var isCDRom = value && !!value.toString().match(/media=cdrom/); var isUnusedDisk = key.match(/^unused\d+/); - var isUsedDisk = !isUnusedDisk && rowdef.isOnStorageBus && !isCDRom; - - var isCloudInit = value && value.toString().match(/vm-.*-cloudinit/); + let isUsedDisk = !isUnusedDisk && rowdef.isOnStorageBus && !isCDRom && !isCloudInit; var isEfi = key === 'efidisk0'; + let isDisk = isCloudInit || isUnusedDisk || isUsedDisk; + remove_btn.setDisabled( rec.data.delete || rowdef.never_delete === true || - (isUnusedDisk && !diskCap), + (isCDRom && !caps.vms['VM.Config.CDROM']) || + (isDisk && !diskCap), ); remove_btn.setText(isUsedDisk && !isCloudInit ? remove_btn.altText : remove_btn.defaultText); remove_btn.RESTMethod = isUnusedDisk ? 'POST':'PUT'; - edit_btn.setDisabled(rec.data.delete || !rowdef.editor || isCloudInit || (!isCDRom && !diskCap)); + edit_btn.setDisabled( + rec.data.delete || + !rowdef.editor || + isCloudInit || + (isCDRom && !caps.vms['VM.Config.CDROM']) || + (isDisk && !diskCap), + ); resize_btn.setDisabled(pending || !isUsedDisk || !diskCap); @@ -637,7 +645,7 @@ Ext.define('PVE.qemu.HardwareView', { { text: gettext('CD/DVD Drive'), iconCls: 'pve-itype-icon-cdrom', - disabled: !caps.vms['VM.Config.Disk'], + disabled: !caps.vms['VM.Config.CDROM'], handler: function() { var win = Ext.create('PVE.qemu.CDEdit', { url: '/api2/extjs/' + baseurl, -- 2.20.1