From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 8C9001FF16F for ; Tue, 14 Oct 2025 10:56:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F3DBE241A5; Tue, 14 Oct 2025 10:57:07 +0200 (CEST) From: Shan Shaji To: pdm-devel@lists.proxmox.com Date: Tue, 14 Oct 2025 10:56:49 +0200 Message-ID: <20251014085651.73407-1-s.shaji@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1760432188507 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.121 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH datacenter-manager v2 0/2] fix #6901: add explicit permissions for PBS status and RRD endpoints X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" If a non-root user tried to view the overview of a PBS, a "403: permission check failed" error was shown. Additionally, the RRD data for the node and datastores were not visible. To fix the issue, explicit permission checks were added for the PBS RRD endpoints and the PBS status endpoint. Ticket #6901 also reports a similar issue in the EVPN panel, which will be addressed in a separate patch. Changelog ========= since v1: Thanks @Shannon Sterz patch: https://lore.proxmox.com/pdm-devel/20251010151803.257519-1-s.shaji@proxmox.com/T/#t - Updated description for both status and RRD endpoints. - Updated commit message. Shan Shaji (2): fix #6901: api: add permission checks for PBS rrd endpoints fix #6901: api: remove `node` reference from templated privilege path server/src/api/pbs/mod.rs | 3 ++- server/src/api/pbs/rrddata.rs | 11 ++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) -- 2.47.3 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel