* [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged
@ 2021-08-06 8:59 Fabian Ebner
2021-08-12 9:45 ` Fabian Grünbichler
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Ebner @ 2021-08-06 8:59 UTC (permalink / raw)
To: pve-devel
The backend won't allow any edits in this case, so better just disable
the edit button altogether.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
www/manager6/lxc/Options.js | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
index f2661dfc..12b0fe12 100644
--- a/www/manager6/lxc/Options.js
+++ b/www/manager6/lxc/Options.js
@@ -174,7 +174,11 @@ Ext.define('PVE.lxc.Options', {
var pending = rec.data.delete || me.hasPendingChanges(key);
var rowdef = rows[key];
- edit_btn.setDisabled(!rowdef.editor);
+ let unprivileged = me.getStore().getById('unprivileged').data.value;
+ let nonRootPrivFeatures =
+ Proxmox.UserName !== 'root@pam' && key === 'features' && !unprivileged;
+
+ edit_btn.setDisabled(!rowdef.editor || nonRootPrivFeatures);
revert_btn.setDisabled(!pending);
};
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged
2021-08-06 8:59 [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged Fabian Ebner
@ 2021-08-12 9:45 ` Fabian Grünbichler
0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2021-08-12 9:45 UTC (permalink / raw)
To: Proxmox VE development discussion
On August 6, 2021 10:59 am, Fabian Ebner wrote:
> The backend won't allow any edits in this case, so better just disable
> the edit button altogether.
>
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
> www/manager6/lxc/Options.js | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/www/manager6/lxc/Options.js b/www/manager6/lxc/Options.js
> index f2661dfc..12b0fe12 100644
> --- a/www/manager6/lxc/Options.js
> +++ b/www/manager6/lxc/Options.js
> @@ -174,7 +174,11 @@ Ext.define('PVE.lxc.Options', {
> var pending = rec.data.delete || me.hasPendingChanges(key);
> var rowdef = rows[key];
>
> - edit_btn.setDisabled(!rowdef.editor);
> + let unprivileged = me.getStore().getById('unprivileged').data.value;
> + let nonRootPrivFeatures =
> + Proxmox.UserName !== 'root@pam' && key === 'features' && !unprivileged;
> +
> + edit_btn.setDisabled(!rowdef.editor || nonRootPrivFeatures);
this reads strange to me, maybe
if (key === 'features') {
let unprivileged = ..;
let root = ..;
edit_btn.setDisabled(!rowdef.editor || (!unprivileged && !root));
} else {
edit_btn.setDisabled(!rowdef.editor);
}
is more clear? might even make sense to make the rowdef.editor
definition for 'features' more simple, and pull the VM.Allocate check
down here (to avoid splitting the decision into two parts and missing
that fact in the future).
> revert_btn.setDisabled(!pending);
> };
>
> --
> 2.30.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-08-12 9:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-06 8:59 [pve-devel] [RFC/PATCH manager] ui: lxc options: disable features edit as non-root when container is privileged Fabian Ebner
2021-08-12 9:45 ` Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox