[pve-devel] [PATCH manager] fix wrong permissions for subscription info
David Limbeck
d.limbeck at proxmox.com
Tue Oct 30 10:33:30 CET 2018
workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription menu in the GUI for unauthorized
users
Signed-off-by: David Limbeck <d.limbeck at proxmox.com>
---
PVE/API2/Subscription.pm | 20 +++++++++++++++-----
www/manager6/node/Config.js | 19 ++++++++++++-------
2 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
index 9d24dce8..efbe70c2 100644
--- a/PVE/API2/Subscription.pm
+++ b/PVE/API2/Subscription.pm
@@ -91,9 +91,6 @@ __PACKAGE__->register_method ({
name => 'get',
path => '',
method => 'GET',
- permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
- },
description => "Read subscription info.",
proxyto => 'node',
permissions => { user => 'all' },
@@ -110,12 +107,25 @@ __PACKAGE__->register_method ({
my $server_id = PVE::API2Tools::get_hwaddress();
my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+ my $has_permission = PVE::AccessControl::check_permissions($authuser, '/nodes/{node}', 'Sys.Audit');
+
my $info = PVE::INotify::read_file('subscription');
if (!$info) {
- return {
+ my $no_subscription_info = {
status => "NotFound",
message => "There is no subscription key",
- serverid => $server_id,
+ url => $url,
+ };
+ $no_subscription_info->{serverid} = $server_id if $has_permission;
+ return $no_subscription_info;
+ }
+
+ if (!$has_permission) {
+ return {
+ status => $info->{status},
+ message => $info->{message},
url => $url,
}
}
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index e7a38296..37863f09 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -380,15 +380,20 @@ Ext.define('PVE.node.Config', {
nodename: nodename,
xtype: 'proxmoxNodeTasks'
},
- {
- title: gettext('Subscription'),
- iconCls: 'fa fa-support',
- itemId: 'support',
- xtype: 'pveNodeSubscription',
- nodename: nodename
- }
);
+ if (caps.nodes['Sys.Audit']) {
+ me.items.push(
+ {
+ title: gettext('Subscription'),
+ iconCls: 'fa fa-support',
+ itemId: 'support',
+ xtype: 'pveNodeSubscription',
+ nodename: nodename
+ }
+ );
+ }
+
me.callParent();
me.mon(me.statusStore, 'load', function(s, records, success) {
--
2.11.0
More information about the pve-devel
mailing list