* [pmg-devel] [PATCH v2 pmg-api] api: apt: use actual pmg-style permission for endpoint schema
@ 2021-09-02 8:47 Oguz Bektas
2021-09-03 10:56 ` [pmg-devel] applied: " Stoiko Ivanov
0 siblings, 1 reply; 2+ messages in thread
From: Oguz Bektas @ 2021-09-02 8:47 UTC (permalink / raw)
To: pmg-devel; +Cc: Thomas Lamprecht
it wrongly uses the permission model from PVE, which caused the
endpoints to be root-only as a side effect, since PMG API doesn't
recognize the PVE-specific permissions.
fix those to allow PMG users with administrator role to add/delete
repositories, and auditor role to view the repositories.
reported in a forum thread [0]
[0]:
https://forum.proxmox.com/threads/no-apt-repo-information-for-non-root-on-the-web-gui.95217/
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v1->v2:
* update commit message and explain the root cause
src/PMG/API2/APT.pm | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/PMG/API2/APT.pm b/src/PMG/API2/APT.pm
index 5e132c4..18bb992 100644
--- a/src/PMG/API2/APT.pm
+++ b/src/PMG/API2/APT.pm
@@ -477,9 +477,7 @@ __PACKAGE__->register_method({
method => 'GET',
proxyto => 'node',
description => "Get APT repository information.",
- permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
- },
+ permissions => { check => [ 'admin', 'audit' ] },
parameters => {
additionalProperties => 0,
properties => {
@@ -678,9 +676,7 @@ __PACKAGE__->register_method({
path => 'repositories',
method => 'PUT',
description => "Add a standard repository to the configuration",
- permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
- },
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'node',
parameters => {
@@ -713,9 +709,7 @@ __PACKAGE__->register_method({
path => 'repositories',
method => 'POST',
description => "Change the properties of a repository. Currently only allows enabling/disabling.",
- permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
- },
+ permissions => { check => [ 'admin' ] },
protected => 1,
proxyto => 'node',
parameters => {
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pmg-devel] applied: [PATCH v2 pmg-api] api: apt: use actual pmg-style permission for endpoint schema
2021-09-02 8:47 [pmg-devel] [PATCH v2 pmg-api] api: apt: use actual pmg-style permission for endpoint schema Oguz Bektas
@ 2021-09-03 10:56 ` Stoiko Ivanov
0 siblings, 0 replies; 2+ messages in thread
From: Stoiko Ivanov @ 2021-09-03 10:56 UTC (permalink / raw)
To: Oguz Bektas; +Cc: pmg-devel, Thomas Lamprecht
huge thanks for the patch - tested and applied
On Thu, 2 Sep 2021 10:47:12 +0200
Oguz Bektas <o.bektas@proxmox.com> wrote:
> it wrongly uses the permission model from PVE, which caused the
> endpoints to be root-only as a side effect, since PMG API doesn't
> recognize the PVE-specific permissions.
>
> fix those to allow PMG users with administrator role to add/delete
> repositories, and auditor role to view the repositories.
>
> reported in a forum thread [0]
>
> [0]:
> https://forum.proxmox.com/threads/no-apt-repo-information-for-non-root-on-the-web-gui.95217/
>
> Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> v1->v2:
> * update commit message and explain the root cause
>
> src/PMG/API2/APT.pm | 12 +++---------
> 1 file changed, 3 insertions(+), 9 deletions(-)
>
> diff --git a/src/PMG/API2/APT.pm b/src/PMG/API2/APT.pm
> index 5e132c4..18bb992 100644
> --- a/src/PMG/API2/APT.pm
> +++ b/src/PMG/API2/APT.pm
> @@ -477,9 +477,7 @@ __PACKAGE__->register_method({
> method => 'GET',
> proxyto => 'node',
> description => "Get APT repository information.",
> - permissions => {
> - check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
> - },
> + permissions => { check => [ 'admin', 'audit' ] },
> parameters => {
> additionalProperties => 0,
> properties => {
> @@ -678,9 +676,7 @@ __PACKAGE__->register_method({
> path => 'repositories',
> method => 'PUT',
> description => "Add a standard repository to the configuration",
> - permissions => {
> - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> - },
> + permissions => { check => [ 'admin' ] },
> protected => 1,
> proxyto => 'node',
> parameters => {
> @@ -713,9 +709,7 @@ __PACKAGE__->register_method({
> path => 'repositories',
> method => 'POST',
> description => "Change the properties of a repository. Currently only allows enabling/disabling.",
> - permissions => {
> - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> - },
> + permissions => { check => [ 'admin' ] },
> protected => 1,
> proxyto => 'node',
> parameters => {
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-03 10:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-02 8:47 [pmg-devel] [PATCH v2 pmg-api] api: apt: use actual pmg-style permission for endpoint schema Oguz Bektas
2021-09-03 10:56 ` [pmg-devel] applied: " Stoiko Ivanov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal