135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ACLs portctl_no and portctl_only for limiting port control targets

Browse Source
This commit is contained in:
Oliver Gorwits
2021-09-03 06:14:44 +01:00
parent 5c1c973105
commit e953e3945f
3 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/App/Netdisco/Util/Port.pm
View File

@@ -4,6 +4,7 @@ use Dancer qw/:syntax :script/;
use Dancer::Plugin::DBIC 'schema';
use App::Netdisco::Util::Device 'get_device';
use App::Netdisco::Util::Permission qw/check_acl_no check_acl_only/;
use base 'Exporter';
our @EXPORT = ();
@@ -68,6 +69,10 @@ sub vlan_reconfig_check {
=item *
Permission check that C<portctl_no> and C<portctl_only> pass for the device.
=item *
Permission check that C<portctl_nameonly> is false in Netdisco config.
=item *
@@ -99,6 +104,12 @@ sub port_reconfig_check {
my $has_phone = port_has_phone($port);
my $is_vlan = is_vlan_interface($port);
# check for limits on devices
return "forbidden: device [$ip] is in denied ACL"
if check_acl_no($ip, 'portctl_no');
return "forbidden: device [$ip] is not in permitted ACL"
unless check_acl_only($ip, 'portctl_only');
# only permitted to change interface name
return "forbidden: not permitted to change port configuration"
if setting('portctl_nameonly');