From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 933AF1FF183 for ; Wed, 30 Jul 2025 15:10:00 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5FCDCE355; Wed, 30 Jul 2025 15:11:24 +0200 (CEST) Date: Wed, 30 Jul 2025 15:11:18 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20250718150426.166320-1-f.ebner@proxmox.com> In-Reply-To: <20250718150426.166320-1-f.ebner@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1753881023.tvgbrwck0i.astroid@yuna.none> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1753881070341 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, content.pm] Subject: Re: [pve-devel] [PATCH storage] close #5492: api: content: allow listing volumes with Datastore.Audit privilege X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" On July 18, 2025 5:03 pm, Fiona Ebner wrote: > The check_volume_access() method is for checking read access to a > volume. Users should be able to list the images, e.g. to check backup > health via monitoring like reported in #5492 comment 3, with just an > audit privilege. > > Signed-off-by: Fiona Ebner > --- > src/PVE/API2/Storage/Content.pm | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/src/PVE/API2/Storage/Content.pm b/src/PVE/API2/Storage/Content.pm > index 1fe7303..c1f9a1f 100644 > --- a/src/PVE/API2/Storage/Content.pm > +++ b/src/PVE/API2/Storage/Content.pm > @@ -154,12 +154,6 @@ __PACKAGE__->register_method({ > > my $res = []; > foreach my $item (@$vollist) { > - eval { > - PVE::Storage::check_volume_access( > - $rpcenv, $authuser, $cfg, undef, $item->{volid}, > - ); > - }; > - next if $@; the data here also contains things like the notes content for that volume, which might be sensitive.. should we maybe limit the returned information if there is no volume access? e.g., just return volid, format, type, owner, and size information? > $item->{vmid} = int($item->{vmid}) if defined($item->{vmid}); > $item->{size} = int($item->{size}) if defined($item->{size}); > $item->{used} = int($item->{used}) if defined($item->{used}); > -- > 2.47.2 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel