From: Lukas Wagner <l.wagner@proxmox.com>
To: Fiona Ebner <f.ebner@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH manager] ui: acl add: show warning if root@pam is selected
Date: Tue, 10 Oct 2023 14:40:30 +0200 [thread overview]
Message-ID: <c7534029-2f35-47fa-9235-88d80f8c3c79@proxmox.com> (raw)
In-Reply-To: <59c6e639-1bcd-250d-f53f-3fc55b7f51b6@proxmox.com>
On 10/10/23 14:10, Fiona Ebner wrote:
> Am 26.07.23 um 15:41 schrieb Lukas Wagner:
>> Currently, users are able to add ACL entries for the root@pam user.
>> Since this user always has full permissions, no entry in the ACL
>> tree will be saved, and consequently no new entry shows up in the UI
>> after pressing 'Add' in the dialog. This can be irritating if the
>> user does not know about this 'implementation detail'.
>>
>
> Should we filter out the root@pam user from the selection dropdown
> altogether? Or maybe disable the Add button when root@pam is selected
> (and reword the warning appropriately)?
I think the second approach might be good idea, I'll try that.
>
>> This commit adds a little warning that pops up if root@pam is
>> selected:
>>
>> 'root@pam always has full permissions. No entry will be added.'
>>
>> The same problem also exists for API token permissions. Here it is
>> not really easy to add the warning though, since we do not know if
>> the token has separated privileges enable or not.
>>
>
> It seems we do have that information available as a result of the
> /access/users?full=1 API call, or?
You are right, I missed that because I did not check the code for
pmxUserSelector.
I'll send a v2 with the suggested improvements.
--
- Lukas
prev parent reply other threads:[~2023-10-10 12:40 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-26 13:41 Lukas Wagner
2023-10-10 12:10 ` Fiona Ebner
2023-10-10 12:40 ` Lukas Wagner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7534029-2f35-47fa-9235-88d80f8c3c79@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox