[pdm-devel] [PATCH datacenter-manager v2 0/2] fix #6901: add explicit permissions for PBS status and RRD endpoints
Shannon Sterz
s.sterz at proxmox.com
Tue Oct 14 11:15:52 CEST 2025
On Tue Oct 14, 2025 at 10:56 AM CEST, Shan Shaji wrote:
> If a non-root user tried to view the overview of a PBS, a
> "403: permission check failed" error was shown. Additionally,
> the RRD data for the node and datastores were not visible.
>
> To fix the issue, explicit permission checks were added for
> the PBS RRD endpoints and the PBS status endpoint.
>
> Ticket #6901 also reports a similar issue in the EVPN panel,
> which will be addressed in a separate patch.
>
> Changelog
> =========
>
> since v1: Thanks @Shannon Sterz
> patch: https://lore.proxmox.com/pdm-devel/20251010151803.257519-1-s.shaji@proxmox.com/T/#t
>
> - Updated description for both status and RRD endpoints.
> - Updated commit message.
>
> Shan Shaji (2):
> fix #6901: api: add permission checks for PBS rrd endpoints
> fix #6901: api: remove `node` reference from templated privilege path
>
> server/src/api/pbs/mod.rs | 3 ++-
> server/src/api/pbs/rrddata.rs | 11 ++++++++++-
> 2 files changed, 12 insertions(+), 2 deletions(-)
looks good to me, consider this:
Reviewed-by: Shannon Sterz <s.sterz at proxmox.com>
More information about the pdm-devel
mailing list