[pve-devel] [PATCH access-control] pveum: Allow listing of roles and their privileges
Wolfgang Bumiller
w.bumiller at proxmox.com
Mon Sep 25 12:17:37 CEST 2017
On Mon, Sep 25, 2017 at 07:05:03AM +0200, Dietmar Maurer wrote:
> comments inline
>
> > Use the existing 'index' API call from PVE::API2::Role to produce a
> > tidy list of all available roles and their associated privileges.
> > ---
> > Concerns #1502 but doesn't fix it completely.
> > PVE/CLI/pveum.pm | 31 +++++++++++++++++++++++++++++++
> > 1 file changed, 31 insertions(+)
> >
> > diff --git a/PVE/CLI/pveum.pm b/PVE/CLI/pveum.pm
> > index aef7089..26807a5 100755
> > --- a/PVE/CLI/pveum.pm
> > +++ b/PVE/CLI/pveum.pm
> > @@ -54,6 +54,37 @@ our $cmddef = {
> > groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
> > groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
> >
> > + rolelst => [ 'PVE::API2::Role', 'index', [ ], undef,
> > + sub {
> > + my ($res) = @_;
> > + my $longest = 0;
> > + foreach my $role(map($_->{roleid}, @$res)) {
> > + my $len = length $role;
> > + $longest = $len if $len > $longest;
> > + }
> > + $longest += 2;
> > + my $width = 96;
> > + my $maxlength = $width - $longest;
> > + printf("%-${longest}s%s\n", "ROLE", "PRIVILEGES");
> > + for my $role(sort {lc($a->{roleid}) cmp lc($b->{roleid})} @$res) {
> > + my @lines_privs = ("");
> > + my $cur_line = 0;
> > + for my $priv(split(',', $role->{privs})) {
> > + if (length($lines_privs[$cur_line]) == 0) {
> > + $lines_privs[$cur_line] .= "$priv";
> > + } elsif (length($lines_privs[$cur_line]) + length($priv) <= $maxlength)
> > {
> > + $lines_privs[$cur_line] .= ", $priv";
> > + } else {
> > + $lines_privs[++$cur_line] .= "$priv";
> > + }
> > + }
> > + printf("%-${longest}s%s\n", "$role->{roleid}:", $lines_privs[0]);
> > + for my $line(1..(scalar(@lines_privs) - 1)) {
> > + printf("%${longest}s%s\n", "", $lines_privs[$line]);
> > + }
> > + }
>
> I would like to have a generic utility function to print nicely formatted tables
> instead.
Depending on how much code is then still left in the function, I'd also
prefer not to have subs (especially of this size) inlined in the command
definition hash.
my $print_role_list = sub { (...) };
(...)
rolelist => [ (...), $print_role_list ],
More information about the pve-devel
mailing list