From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CEBC299226 for ; Tue, 10 Oct 2023 14:40:32 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AA50532CB1 for ; Tue, 10 Oct 2023 14:40:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 10 Oct 2023 14:40:31 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 15A4D449A4 for ; Tue, 10 Oct 2023 14:40:31 +0200 (CEST) Message-ID: Date: Tue, 10 Oct 2023 14:40:30 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: de-AT, en-US To: Fiona Ebner , Proxmox VE development discussion References: <20230726134145.700213-1-l.wagner@proxmox.com> <59c6e639-1bcd-250d-f53f-3fc55b7f51b6@proxmox.com> From: Lukas Wagner In-Reply-To: <59c6e639-1bcd-250d-f53f-3fc55b7f51b6@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.177 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH manager] ui: acl add: show warning if root@pam is selected X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2023 12:40:32 -0000 On 10/10/23 14:10, Fiona Ebner wrote: > Am 26.07.23 um 15:41 schrieb Lukas Wagner: >> Currently, users are able to add ACL entries for the root@pam user. >> Since this user always has full permissions, no entry in the ACL >> tree will be saved, and consequently no new entry shows up in the UI >> after pressing 'Add' in the dialog. This can be irritating if the >> user does not know about this 'implementation detail'. >> > > Should we filter out the root@pam user from the selection dropdown > altogether? Or maybe disable the Add button when root@pam is selected > (and reword the warning appropriately)? I think the second approach might be good idea, I'll try that. > >> This commit adds a little warning that pops up if root@pam is >> selected: >> >> 'root@pam always has full permissions. No entry will be added.' >> >> The same problem also exists for API token permissions. Here it is >> not really easy to add the warning though, since we do not know if >> the token has separated privileges enable or not. >> > > It seems we do have that information available as a result of the > /access/users?full=1 API call, or? You are right, I missed that because I did not check the code for pmxUserSelector. I'll send a v2 with the suggested improvements. -- - Lukas