[pdm-devel] [PATCH datacenter-manager 2/2] fix #6901: api: remove `node` reference from templated privilege path
Shannon Sterz
s.sterz at proxmox.com
Mon Oct 13 10:41:39 CEST 2025
On Fri Oct 10, 2025 at 5:18 PM CEST, Shan Shaji wrote:
> If a non root user tried to view the overview of a PBS, it was
> showing "403: permission check failed" error. This occured because the
> privilege path included the "node" object which is neither accepted
> as a parameter in the endpoint nor passed from the UI.
>
> To fix the issue removed the "node" reference. Now if the user has
> atleast the `Resource.Audit` permission, they can view PBS status under
> the overview panel.
>
> Signed-off-by: Shan Shaji <s.shaji at proxmox.com>
> ---
> server/src/api/pbs/mod.rs | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/server/src/api/pbs/mod.rs b/server/src/api/pbs/mod.rs
> index dc31f62..65a2e43 100644
> --- a/server/src/api/pbs/mod.rs
> +++ b/server/src/api/pbs/mod.rs
> @@ -272,7 +272,8 @@ pub async fn scan_remote_pbs(
> },
> },
> access: {
> - permission: &Permission::Privilege(&["resource", "{remote}", "node", "{node}"], PRIV_RESOURCE_AUDIT, false),
> + permission: &Permission::Privilege(&["resource", "{remote}"], PRIV_RESOURCE_AUDIT, false),
> + description: "The user needs to have atleast `Resource.Audit` privilege under `/resource`."
nit: same as previous patch, should be:
The user needs to have at least the `Resource.Audit` privilege on `/resource/{remote}/node/{node}`.
> },
> )]
> /// Get status for the PBS remote
other than this and the comments on the previous patch
Reviewed-by: Shannon Sterz <s.sterz at proxmox.com>
More information about the pdm-devel
mailing list