Proxmox/pve-access-control
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-access-control.git synced 2025-01-06 13:17:54 +03:00
Code Releases Activity

rpcenvironnment: add check_sdn_bridge

Browse Source 
check if user have access to 1 vlan of the bridge
or the bridge itself

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
This commit is contained in:
Alexandre Derumier 2023-06-06 15:19:24 +02:00 committed by Fabian Grünbichler
parent 4d5b0937a3
commit a5616d5c6e
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/PVE/RPCEnvironment.pm
View File

@ -324,6 +324,24 @@ sub check_full {
}
}
sub check_sdn_bridge {
my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
my $path = "/sdn/zones/$zone/$bridge";
my $cfg = $self->{user_cfg};
my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
if ($bridge_acl) {
my $vlans = $bridge_acl->{children};
for my $vlan (keys %$vlans) {
my $vlanpath = "$path/$vlan";
return 1 if $self->check_any($username, $vlanpath, $privs, $noerr);
}
# check access to bridge itself
return 1 if $self->check_any($username, $path, $privs, $noerr);
}
return;
}
sub check_user_enabled {
my ($self, $user, $noerr) = @_;