public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Philipp Hufnagl <p.hufnagl@proxmox.com>
To: Fiona Ebner <f.ebner@proxmox.com>,
	Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH manager] fix #474: allow transfer from container/vms
Date: Thu, 10 Aug 2023 11:47:38 +0200	[thread overview]
Message-ID: <c5c95cc1-fe7b-4fe7-9ef3-b55b0ce50c79@proxmox.com> (raw)
In-Reply-To: <dcf64dc1-a392-d1c1-952c-4a0b4e9ab009@proxmox.com>


On 8/10/23 09:16, Fiona Ebner wrote:
> But it should. After all, the operation is modifying the original pool,
> so the user better have an appropriate permission to do so.

> Currently, Permissions.Modify|VM.Allocate on the VM and Pool.Allocate on
> the target pool would be enough to "steal" the guest, no permissions
> required on the original pool at all. IMHO, the user really should have
> a Pool.Allocate on the original pool as well.

You are right! It would be possible to "steal" a VM in a way that it was 
not before!

Thank you for finding this! Will fix!

> Since I noticed it in v3: we usually use "api:" and "ui:" as prefixes
> rather than "backend:" and "frontend:". Would be nice if you could use
> them too for consistency.

Ok. Good to know. I will do that. Thanks


      reply	other threads:[~2023-08-10  9:47 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-08  9:13 Philipp Hufnagl
2023-08-09 11:32 ` Fiona Ebner
2023-08-09 14:20   ` Philipp Hufnagl
2023-08-10  7:16     ` Fiona Ebner
2023-08-10  9:47       ` Philipp Hufnagl [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c5c95cc1-fe7b-4fe7-9ef3-b55b0ce50c79@proxmox.com \
    --to=p.hufnagl@proxmox.com \
    --cc=f.ebner@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal