[pve-devel] [RFC 05/23] access-control: remove check_permissions/permission
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Oct 17 15:13:59 CEST 2019
they have been handled by PVE::RPCEnvironment for quite some time
already, and the versions there are the complete ones that should be
actually used.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
this requires the corresponding patch for and a versioned breaks on
pve-manager, where a call to check_permissions has been introduced in 2018(!?).
PVE/AccessControl.pm | 37 -------------------------------------
1 file changed, 37 deletions(-)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index aff9137..f246c85 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -1273,43 +1273,6 @@ sub roles {
return @ra;
}
-sub permission {
- my ($cfg, $user, $path) = @_;
-
- $user = PVE::Auth::Plugin::verify_username($user, 1);
- return {} if !$user;
-
- my @ra = roles($cfg, $user, $path);
-
- my $privs = {};
-
- foreach my $role (@ra) {
- if (my $privset = $cfg->{roles}->{$role}) {
- foreach my $p (keys %$privset) {
- $privs->{$p} = 1;
- }
- }
- }
-
- #print "priviledges $user $path = " . Dumper ($privs);
-
- return $privs;
-}
-
-sub check_permissions {
- my ($username, $path, $privlist) = @_;
-
- $path = normalize_path($path);
- my $usercfg = cfs_read_file('user.cfg');
- my $perm = permission($usercfg, $username, $path);
-
- foreach my $priv (split_list($privlist)) {
- return undef if !$perm->{$priv};
- };
-
- return 1;
-}
-
sub remove_vm_access {
my ($vmid) = @_;
my $delVMaccessFn = sub {
--
2.20.1
More information about the pve-devel
mailing list