[pve-devel] [PATCH manager] fix wrong permissions for subscription info

David Limbeck d.limbeck at proxmox.com
Tue Oct 30 10:33:30 CET 2018


workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription menu in the GUI for unauthorized
users

Signed-off-by: David Limbeck <d.limbeck at proxmox.com>
---
 PVE/API2/Subscription.pm    | 20 +++++++++++++++-----
 www/manager6/node/Config.js | 19 ++++++++++++-------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
index 9d24dce8..efbe70c2 100644
--- a/PVE/API2/Subscription.pm
+++ b/PVE/API2/Subscription.pm
@@ -91,9 +91,6 @@ __PACKAGE__->register_method ({
     name => 'get',
     path => '',
     method => 'GET',
-    permissions => {
-	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
-    },
     description => "Read subscription info.",
     proxyto => 'node',
     permissions => { user => 'all' },
@@ -110,12 +107,25 @@ __PACKAGE__->register_method ({
 	my $server_id = PVE::API2Tools::get_hwaddress();
 	my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
 
+	my $rpcenv = PVE::RPCEnvironment::get();
+	my $authuser = $rpcenv->get_user();
+	my $has_permission = PVE::AccessControl::check_permissions($authuser, '/nodes/{node}', 'Sys.Audit');
+
 	my $info = PVE::INotify::read_file('subscription');
 	if (!$info) {
-	    return {
+	    my $no_subscription_info = {
 		status => "NotFound",
 		message => "There is no subscription key",
-		serverid => $server_id,
+		url => $url,
+	    };
+	    $no_subscription_info->{serverid} = $server_id if $has_permission;
+	    return $no_subscription_info;
+	}
+
+	if (!$has_permission) {
+	    return {
+		status => $info->{status},
+		message => $info->{message},
 		url => $url,
 	    }
 	}
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index e7a38296..37863f09 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -380,15 +380,20 @@ Ext.define('PVE.node.Config', {
 		nodename: nodename,
 		xtype: 'proxmoxNodeTasks'
 	    },
-	    {
-		title: gettext('Subscription'),
-		iconCls: 'fa fa-support',
-		itemId: 'support',
-		xtype: 'pveNodeSubscription',
-		nodename: nodename
-	    }
 	);
 
+	if (caps.nodes['Sys.Audit']) {
+	    me.items.push(
+		{
+		    title: gettext('Subscription'),
+		    iconCls: 'fa fa-support',
+		    itemId: 'support',
+		    xtype: 'pveNodeSubscription',
+		    nodename: nodename
+		}
+	    );
+	}
+
 	me.callParent();
 
 	me.mon(me.statusStore, 'load', function(s, records, success) {
-- 
2.11.0





More information about the pve-devel mailing list