[pve-devel] [PATCH manager] api: nodes/subscription: implement reasonable access rights
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Dec 12 07:44:31 CET 2017
any comments?
On 11/30/2017 08:20 AM, Thomas Lamprecht wrote:
> Allow users which have Sys.Audit on a specific node to get the
> subscription status and those with Sys.Modify to set and check
> (update) it.
>
> This mirrors the required permissions from other node specific
> actions, e.g., APT (package management).
>
> We always showed the Subscription Panel and all its elements in the
> WebUI, so no need for change there.
>
> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
> ---
> PVE/API2/Subscription.pm | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
> index bedc6a5b..9d24dce8 100644
> --- a/PVE/API2/Subscription.pm
> +++ b/PVE/API2/Subscription.pm
> @@ -91,6 +91,9 @@ __PACKAGE__->register_method ({
> name => 'get',
> path => '',
> method => 'GET',
> + permissions => {
> + check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
> + },
> description => "Read subscription info.",
> proxyto => 'node',
> permissions => { user => 'all' },
> @@ -128,6 +131,9 @@ __PACKAGE__->register_method ({
> name => 'update',
> path => '',
> method => 'POST',
> + permissions => {
> + check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> + },
> description => "Update subscription info.",
> proxyto => 'node',
> protected => 1,
> @@ -179,6 +185,9 @@ __PACKAGE__->register_method ({
> name => 'set',
> path => '',
> method => 'PUT',
> + permissions => {
> + check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> + },
> description => "Set subscription key.",
> proxyto => 'node',
> protected => 1,
>
More information about the pve-devel
mailing list