From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4902361D04 for ; Wed, 26 Jul 2023 15:41:54 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3288A7A59 for ; Wed, 26 Jul 2023 15:41:54 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 26 Jul 2023 15:41:53 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9DAE045974 for ; Wed, 26 Jul 2023 15:41:53 +0200 (CEST) From: Lukas Wagner To: pve-devel@lists.proxmox.com Date: Wed, 26 Jul 2023 15:41:45 +0200 Message-Id: <20230726134145.700213-1-l.wagner@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.056 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH manager] ui: acl add: show warning if root@pam is selected X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2023 13:41:54 -0000 Currently, users are able to add ACL entries for the root@pam user. Since this user always has full permissions, no entry in the ACL tree will be saved, and consequently no new entry shows up in the UI after pressing 'Add' in the dialog. This can be irritating if the user does not know about this 'implementation detail'. This commit adds a little warning that pops up if root@pam is selected: 'root@pam always has full permissions. No entry will be added.' The same problem also exists for API token permissions. Here it is not really easy to add the warning though, since we do not know if the token has separated privileges enable or not. Signed-off-by: Lukas Wagner --- www/manager6/dc/ACLView.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/www/manager6/dc/ACLView.js b/www/manager6/dc/ACLView.js index 79f900cd..ec81a487 100644 --- a/www/manager6/dc/ACLView.js +++ b/www/manager6/dc/ACLView.js @@ -35,6 +35,20 @@ Ext.define('PVE.dc.ACLAdd', { xtype: 'pmxUserSelector', name: 'users', fieldLabel: gettext('User'), + listeners: { + change: function(field, newVal) { + this.nextSibling('displayfield[reference=root-selected-warning]') + .setVisible(newVal === 'root@pam'); + } + }, + }); + items.push({ + xtype: 'displayfield', + reference: 'root-selected-warning', + userCls: 'pmx-hint', + hidden: true, + value: '\'root@pam\' ' + + gettext('always has full permissions. No entry will be added.'), }); } else if (me.aclType === 'token') { me.subject = gettext("API Token Permission"); -- 2.39.2