From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0CE4D99209 for ; Tue, 10 Oct 2023 14:10:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DAF6132933 for ; Tue, 10 Oct 2023 14:10:21 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 10 Oct 2023 14:10:20 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7A888449A4 for ; Tue, 10 Oct 2023 14:10:20 +0200 (CEST) Message-ID: <59c6e639-1bcd-250d-f53f-3fc55b7f51b6@proxmox.com> Date: Tue, 10 Oct 2023 14:10:19 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Content-Language: en-US To: Proxmox VE development discussion , Lukas Wagner References: <20230726134145.700213-1-l.wagner@proxmox.com> From: Fiona Ebner In-Reply-To: <20230726134145.700213-1-l.wagner@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 1.536 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -3.339 Looks like a legit reply (A) POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH manager] ui: acl add: show warning if root@pam is selected X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2023 12:10:52 -0000 Am 26.07.23 um 15:41 schrieb Lukas Wagner: > Currently, users are able to add ACL entries for the root@pam user. > Since this user always has full permissions, no entry in the ACL > tree will be saved, and consequently no new entry shows up in the UI > after pressing 'Add' in the dialog. This can be irritating if the > user does not know about this 'implementation detail'. > Should we filter out the root@pam user from the selection dropdown altogether? Or maybe disable the Add button when root@pam is selected (and reword the warning appropriately)? > This commit adds a little warning that pops up if root@pam is > selected: > > 'root@pam always has full permissions. No entry will be added.' > > The same problem also exists for API token permissions. Here it is > not really easy to add the warning though, since we do not know if > the token has separated privileges enable or not. > It seems we do have that information available as a result of the /access/users?full=1 API call, or? > Signed-off-by: Lukas Wagner > --- > www/manager6/dc/ACLView.js | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/www/manager6/dc/ACLView.js b/www/manager6/dc/ACLView.js > index 79f900cd..ec81a487 100644 > --- a/www/manager6/dc/ACLView.js > +++ b/www/manager6/dc/ACLView.js > @@ -35,6 +35,20 @@ Ext.define('PVE.dc.ACLAdd', { > xtype: 'pmxUserSelector', > name: 'users', > fieldLabel: gettext('User'), > + listeners: { > + change: function(field, newVal) { > + this.nextSibling('displayfield[reference=root-selected-warning]') > + .setVisible(newVal === 'root@pam'); > + } eslint complains about a missing trailing comma here > + }, > + }); > + items.push({ > + xtype: 'displayfield', > + reference: 'root-selected-warning', > + userCls: 'pmx-hint', > + hidden: true, > + value: '\'root@pam\' ' + > + gettext('always has full permissions. No entry will be added.'), > }); > } else if (me.aclType === 'token') { > me.subject = gettext("API Token Permission");