* [pve-devel] [RFC/PATCH storage] api: disk list: allow if an audit permission for the node is present
@ 2021-03-10 9:26 Fabian Ebner
2021-03-11 13:16 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Ebner @ 2021-03-10 9:26 UTC (permalink / raw)
To: pve-devel
as that seems to be the more natural permission path for listing a nodes local
disks. For backwards compatibility, the old permission check has to be kept
(relevant with propagate=0).
This API call was originally part of the Ceph API and got copied here later,
which might explain the current permission check.
In the UI, the Disk panel is visible with a node audit permission, but the API
call itself failed without the '/' audit permission.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
PVE/API2/Disks.pm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Disks.pm b/PVE/API2/Disks.pm
index d2ee81d..33bca76 100644
--- a/PVE/API2/Disks.pm
+++ b/PVE/API2/Disks.pm
@@ -82,7 +82,10 @@ __PACKAGE__->register_method ({
protected => 1,
proxyto => 'node',
permissions => {
- check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+ check => ['or',
+ ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+ ['perm', '/nodes/{node}', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+ ],
},
parameters => {
additionalProperties => 0,
--
2.20.1
^ permalink raw reply [flat|nested] 2+ messages in thread* [pve-devel] applied: [RFC/PATCH storage] api: disk list: allow if an audit permission for the node is present
2021-03-10 9:26 [pve-devel] [RFC/PATCH storage] api: disk list: allow if an audit permission for the node is present Fabian Ebner
@ 2021-03-11 13:16 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-03-11 13:16 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Ebner
On 10.03.21 10:26, Fabian Ebner wrote:
> as that seems to be the more natural permission path for listing a nodes local
> disks. For backwards compatibility, the old permission check has to be kept
> (relevant with propagate=0).
>
> This API call was originally part of the Ceph API and got copied here later,
> which might explain the current permission check.
>
> In the UI, the Disk panel is visible with a node audit permission, but the API
> call itself failed without the '/' audit permission.
>
> Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
> ---
> PVE/API2/Disks.pm | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-11 13:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-10 9:26 [pve-devel] [RFC/PATCH storage] api: disk list: allow if an audit permission for the node is present Fabian Ebner
2021-03-11 13:16 ` [pve-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox