From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager v11 02/13] api: allow all users to (partially) read datacenter.cfg
Date: Wed, 16 Nov 2022 16:48:04 +0100 [thread overview]
Message-ID: <20221116154815.358385-11-d.csapak@proxmox.com> (raw)
In-Reply-To: <20221116154815.358385-1-d.csapak@proxmox.com>
it contains most ui relevant options, like the console preference and tag-style
so allow these for users without 'Sys.Audit' on '/'
(unchanged for all others)
we also add the list of allowed tags. while not strictly a datacenter
config, it's derived from the current users privileges and the
datacenter config.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
PVE/API2.pm | 3 ++-
PVE/API2/Cluster.pm | 24 ++++++++++++++++++++++--
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/PVE/API2.pm b/PVE/API2.pm
index a42561604..6703b941a 100644
--- a/PVE/API2.pm
+++ b/PVE/API2.pm
@@ -5,6 +5,7 @@ use warnings;
use PVE::pvecfg;
use PVE::DataCenterConfig;
+use PVE::GuestHelpers;
use PVE::RESTHandler;
use PVE::JSONSchema;
@@ -118,6 +119,7 @@ __PACKAGE__->register_method ({
my $res = {};
+ # TODO remove with next major release
my $datacenter_confg = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
for my $k (qw(console)) {
$res->{$k} = $datacenter_confg->{$k} if exists $datacenter_confg->{$k};
@@ -129,5 +131,4 @@ __PACKAGE__->register_method ({
return $res;
}});
-
1;
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 3ca85caa4..a06dc83a2 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -10,6 +10,7 @@ use PVE::Cluster qw(cfs_register_file cfs_lock_file cfs_read_file cfs_write_file
use PVE::DataCenterConfig;
use PVE::Exception qw(raise_param_exc);
use PVE::Firewall;
+use PVE::GuestHelpers;
use PVE::HA::Config;
use PVE::HA::Env::PVE2;
use PVE::INotify;
@@ -542,8 +543,9 @@ __PACKAGE__->register_method({
name => 'get_options',
path => 'options',
method => 'GET',
- description => "Get datacenter options.",
+ description => "Get datacenter options. Without 'Sys.Audit' on '/' not all options are returned.",
permissions => {
+ user => 'all',
check => ['perm', '/', [ 'Sys.Audit' ]],
},
parameters => {
@@ -557,7 +559,25 @@ __PACKAGE__->register_method({
code => sub {
my ($param) = @_;
- return PVE::Cluster::cfs_read_file('datacenter.cfg');
+ my $res = {};
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $datacenter_config = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
+
+ if ($rpcenv->check($authuser, '/', ['Sys.Audit'], 1)) {
+ $res = $datacenter_config;
+ } else {
+ for my $k (qw(console tag-style)) {
+ $res->{$k} = $datacenter_config->{$k} if exists $datacenter_config->{$k};
+ }
+ }
+
+ my $tags = PVE::GuestHelpers::get_allowed_tags($rpcenv, $authuser);
+ $res->{'allowed-tags'} = [sort keys $tags->%*];
+
+ return $res;
}});
__PACKAGE__->register_method({
--
2.30.2
next prev parent reply other threads:[~2022-11-16 15:48 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 15:47 [pve-devel] [PATCH cluster/guest-common/qemu-server/ct/manager v11] add tags to ui Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 1/5] add CFS_IPC_GET_GUEST_CONFIG_PROPERTIES method Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 2/5] Cluster: add get_guest_config_properties Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 3/5] datacenter.cfg: add option for tag-style Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 4/5] datacenter.cfg: add tag rights control to the datacenter config Dominik Csapak
2022-11-16 15:47 ` [pve-devel] [PATCH cluster v11 5/5] datacenter.cfg: add 'ordering' to 'tag-style' config Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH guest-common v11 1/1] GuestHelpers: add tag related helpers Dominik Csapak
2022-11-17 12:12 ` [pve-devel] applied: " Thomas Lamprecht
2022-11-16 15:48 ` [pve-devel] [PATCH qemu-server v11 1/1] api: update: check for tags permissions with 'assert_tag_permissions' Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH container v11 1/1] check_ct_modify_config_perm: " Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 01/13] api: /cluster/resources: add tags to returned properties Dominik Csapak
2022-11-16 15:48 ` Dominik Csapak [this message]
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 03/13] ui: save ui options from /cluster/options instead of version Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 04/13] ui: parse and save tag infos from /cluster/options Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 05/13] ui: add form/TagColorGrid Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 06/13] ui: add PVE.form.ListField Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 07/13] ui: dc/OptionView: add editors for tag settings Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 08/13] ui: add form/Tag Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 09/13] ui: add form/TagEdit.js Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 10/13] ui: {lxc, qemu}/Config: show Tags and make them editable Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 11/13] ui: tree/ResourceTree: show Tags in tree Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 12/13] ui: add tags to ResourceGrid and GlobalSearchField Dominik Csapak
2022-11-16 15:48 ` [pve-devel] [PATCH manager v11 13/13] ui: implement tag ordering from datacenter.cfg Dominik Csapak
2022-11-17 10:18 ` [pve-devel] partially-applied: [PATCH cluster/guest-common/qemu-server/ct/manager v11] add tags to ui Thomas Lamprecht
2022-11-17 17:22 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221116154815.358385-11-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox