From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D9D467874E for ; Fri, 30 Apr 2021 13:28:38 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CEFA627752 for ; Fri, 30 Apr 2021 13:28:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 09DA527747 for ; Fri, 30 Apr 2021 13:28:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D758042998 for ; Fri, 30 Apr 2021 13:28:07 +0200 (CEST) Date: Fri, 30 Apr 2021 13:27:54 +0200 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox VE development discussion References: <20210429094812.51587-1-l.stechauner@proxmox.com> <20210429094907.51883-1-l.stechauner@proxmox.com> In-Reply-To: <20210429094907.51883-1-l.stechauner@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1619781863.a1yl8kqc9l.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.025 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [cluster.pm, proxmox.com, pool.pm] Subject: Re: [pve-devel] [PATCH manager 1/1] fix #3402: add Pool.Audit permission X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2021 11:28:38 -0000 On April 29, 2021 11:49 am, Lorenz Stechauner wrote: > Signed-off-by: Lorenz Stechauner > --- > PVE/API2/Cluster.pm | 2 +- > PVE/API2/Pool.pm | 6 +++--- > 2 files changed, 4 insertions(+), 4 deletions(-) >=20 > diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm > index ab5b28a1..ace5b5b1 100644 > --- a/PVE/API2/Cluster.pm > +++ b/PVE/API2/Cluster.pm > @@ -332,7 +332,7 @@ __PACKAGE__->register_method({ > for my $pool (sort keys %{$usercfg->{pools}}) { > my $d =3D $usercfg->{pools}->{$pool}; > =20 > - next if !$rpcenv->check($authuser, "/pool/$pool", [ 'Pool.Allocate' ],= 1); > + next if !$rpcenv->check($authuser, "/pool/$pool", [ 'Pool.Audit' ], 1)= ; > =20 > my $entry =3D { > id =3D> "/pool/$pool", > diff --git a/PVE/API2/Pool.pm b/PVE/API2/Pool.pm > index 567c7e8d..6ef981fb 100644 > --- a/PVE/API2/Pool.pm > +++ b/PVE/API2/Pool.pm > @@ -23,7 +23,7 @@ __PACKAGE__->register_method ({ > method =3D> 'GET', > description =3D> "Pool index.", > permissions =3D> {=20 > - description =3D> "List all pools where you have Pool.Allocate or VM.All= ocate permissions on /pool/.", > + description =3D> "List all pools where you have Pool.Audit or VM.Alloca= te permissions on /pool/.", for backwards-compat we need to still accept Pool.Allocate as well=20 there might be custom roles out there that have Pool.Allocate, those=20 would now not be able to see their pool anymore unless they happen to=20 have VM.Allocate on that pool as well which is not a given. we could drop Pool.Allocate for 7.0 if we want to break compat at that=20 point.. > user =3D> 'all', > }, > parameters =3D> { > @@ -51,7 +51,7 @@ __PACKAGE__->register_method ({ > my $usercfg =3D $rpcenv->{user_cfg}; > =20 > foreach my $pool (keys %{$usercfg->{pools}}) { > - next if !$rpcenv->check_any($authuser, "/pool/$pool", [ 'Pool.Alloc= ate', 'VM.Allocate' ], 1); > + next if !$rpcenv->check_any($authuser, "/pool/$pool", [ 'Pool.Audit= ', 'VM.Allocate' ], 1); which means this has to be changed > =20 > my $entry =3D { poolid =3D> $pool }; > my $data =3D $usercfg->{pools}->{$pool}; > @@ -202,7 +202,7 @@ __PACKAGE__->register_method ({ > path =3D> '{poolid}',=20 > method =3D> 'GET', > permissions =3D> {=20 > - check =3D> ['perm', '/pool/{poolid}', ['Pool.Allocate']], > + check =3D> ['perm', '/pool/{poolid}', ['Pool.Audit']], same here > }, > description =3D> "Get pool configuration.", > parameters =3D> { > --=20 > 2.20.1 >=20 >=20 > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel >=20 >=20 >=20 =