From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D075070283 for ; Fri, 3 Sep 2021 12:56:09 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CE4F51A5BE for ; Fri, 3 Sep 2021 12:56:09 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 0A6271A5AE for ; Fri, 3 Sep 2021 12:56:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D3BF44455D for ; Fri, 3 Sep 2021 12:56:07 +0200 (CEST) Date: Fri, 3 Sep 2021 12:56:06 +0200 From: Stoiko Ivanov To: Oguz Bektas Cc: pmg-devel@lists.proxmox.com, Thomas Lamprecht Message-ID: <20210903125606.556881f6@rosa.proxmox.com> In-Reply-To: <20210902084712.42924-1-o.bektas@proxmox.com> References: <20210902084712.42924-1-o.bektas@proxmox.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.411 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [apt.pm, proxmox.com] Subject: [pmg-devel] applied: [PATCH v2 pmg-api] api: apt: use actual pmg-style permission for endpoint schema X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 10:56:09 -0000 huge thanks for the patch - tested and applied On Thu, 2 Sep 2021 10:47:12 +0200 Oguz Bektas wrote: > it wrongly uses the permission model from PVE, which caused the > endpoints to be root-only as a side effect, since PMG API doesn't > recognize the PVE-specific permissions. > > fix those to allow PMG users with administrator role to add/delete > repositories, and auditor role to view the repositories. > > reported in a forum thread [0] > > [0]: > https://forum.proxmox.com/threads/no-apt-repo-information-for-non-root-on-the-web-gui.95217/ > > Reviewed-by: Thomas Lamprecht > Signed-off-by: Oguz Bektas > --- > v1->v2: > * update commit message and explain the root cause > > src/PMG/API2/APT.pm | 12 +++--------- > 1 file changed, 3 insertions(+), 9 deletions(-) > > diff --git a/src/PMG/API2/APT.pm b/src/PMG/API2/APT.pm > index 5e132c4..18bb992 100644 > --- a/src/PMG/API2/APT.pm > +++ b/src/PMG/API2/APT.pm > @@ -477,9 +477,7 @@ __PACKAGE__->register_method({ > method => 'GET', > proxyto => 'node', > description => "Get APT repository information.", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], > - }, > + permissions => { check => [ 'admin', 'audit' ] }, > parameters => { > additionalProperties => 0, > properties => { > @@ -678,9 +676,7 @@ __PACKAGE__->register_method({ > path => 'repositories', > method => 'PUT', > description => "Add a standard repository to the configuration", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], > - }, > + permissions => { check => [ 'admin' ] }, > protected => 1, > proxyto => 'node', > parameters => { > @@ -713,9 +709,7 @@ __PACKAGE__->register_method({ > path => 'repositories', > method => 'POST', > description => "Change the properties of a repository. Currently only allows enabling/disabling.", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], > - }, > + permissions => { check => [ 'admin' ] }, > protected => 1, > proxyto => 'node', > parameters => {