From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D088A6F71C for ; Mon, 30 Aug 2021 15:38:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A3C7B1BED8 for ; Mon, 30 Aug 2021 15:38:25 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5A74A1BEC8 for ; Mon, 30 Aug 2021 15:38:21 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 27EC44386E for ; Mon, 30 Aug 2021 15:38:21 +0200 (CEST) To: Oguz Bektas , pmg-devel@lists.proxmox.com References: <20210830100204.437455-1-o.bektas@proxmox.com> From: Thomas Lamprecht Message-ID: <7544b9a2-e1e6-7e25-479c-7e22f747730b@proxmox.com> Date: Mon, 30 Aug 2021 15:38:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210830100204.437455-1-o.bektas@proxmox.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.618 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.58 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH pmg-api] fix permissions for APT X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 13:38:55 -0000 Looks good in general, just having some comments regarding the commit meta info. The commit subject could also mean that we had the wrong file permissions on the apt executable or the like, it'd be nice if we can be more specific to and clear. "api: apt: use actual pmg-style permission for endpoint schema" Am 8/30/21 um 12:02 PM schrieb Oguz Bektas: > it wrongly uses the permission model from PVE, I'd note that they where root only due to that: "... PVE, which is not recognized by the PMG aPI stack, meaning those endpoints where all root only." With that (or similar in semantics) added information: Reviewed-by: Thomas Lamprecht fix those to allow > PMG users with administrator role to add/delete repositories, and > auditor role to view the repositories. > > reported in forum [0] > > [0]: > https://forum.proxmox.com/threads/no-apt-repo-information-for-non-root-on-the-web-gui.95217/ > > Signed-off-by: Oguz Bektas > --- > src/PMG/API2/APT.pm | 12 +++--------- > 1 file changed, 3 insertions(+), 9 deletions(-) > > diff --git a/src/PMG/API2/APT.pm b/src/PMG/API2/APT.pm > index 5e132c4..18bb992 100644 > --- a/src/PMG/API2/APT.pm > +++ b/src/PMG/API2/APT.pm > @@ -477,9 +477,7 @@ __PACKAGE__->register_method({ > method => 'GET', > proxyto => 'node', > description => "Get APT repository information.", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]], > - }, > + permissions => { check => [ 'admin', 'audit' ] }, > parameters => { > additionalProperties => 0, > properties => { > @@ -678,9 +676,7 @@ __PACKAGE__->register_method({ > path => 'repositories', > method => 'PUT', > description => "Add a standard repository to the configuration", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], > - }, > + permissions => { check => [ 'admin' ] }, > protected => 1, > proxyto => 'node', > parameters => { > @@ -713,9 +709,7 @@ __PACKAGE__->register_method({ > path => 'repositories', > method => 'POST', > description => "Change the properties of a repository. Currently only allows enabling/disabling.", > - permissions => { > - check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]], > - }, > + permissions => { check => [ 'admin' ] }, > protected => 1, > proxyto => 'node', > parameters => { >