[pve-devel] applied: [PATCH manager] fix wrong permissions for subscription info

Dietmar Maurer dietmar at proxmox.com
Tue Oct 30 11:40:38 CET 2018 

applied without changes to www/manager6/node/Config.js

> On October 30, 2018 at 10:33 AM David Limbeck <d.limbeck at proxmox.com> wrote:
> 
> 
> workaround to keep the subscription popup on login even without 'Sys.Audit'
> permissions but remove the subscription menu in the GUI for unauthorized
> users
> 
> Signed-off-by: David Limbeck <d.limbeck at proxmox.com>
> ---
>  PVE/API2/Subscription.pm    | 20 +++++++++++++++-----
>  www/manager6/node/Config.js | 19 ++++++++++++-------
>  2 files changed, 27 insertions(+), 12 deletions(-)
> 
> diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
> index 9d24dce8..efbe70c2 100644
> --- a/PVE/API2/Subscription.pm
> +++ b/PVE/API2/Subscription.pm
> @@ -91,9 +91,6 @@ __PACKAGE__->register_method ({
>      name => 'get',
>      path => '',
>      method => 'GET',
> -    permissions => {
> -	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
> -    },
>      description => "Read subscription info.",
>      proxyto => 'node',
>      permissions => { user => 'all' },
> @@ -110,12 +107,25 @@ __PACKAGE__->register_method ({
>  	my $server_id = PVE::API2Tools::get_hwaddress();
>  	my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
>  
> +	my $rpcenv = PVE::RPCEnvironment::get();
> +	my $authuser = $rpcenv->get_user();
> +	my $has_permission = PVE::AccessControl::check_permissions($authuser, '/nodes/{node}', 'Sys.Audit');
> +
>  	my $info = PVE::INotify::read_file('subscription');
>  	if (!$info) {
> -	    return {
> +	    my $no_subscription_info = {
>  		status => "NotFound",
>  		message => "There is no subscription key",
> -		serverid => $server_id,
> +		url => $url,
> +	    };
> +	    $no_subscription_info->{serverid} = $server_id if $has_permission;
> +	    return $no_subscription_info;
> +	}
> +
> +	if (!$has_permission) {
> +	    return {
> +		status => $info->{status},
> +		message => $info->{message},
>  		url => $url,
>  	    }
>  	}
> diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
> index e7a38296..37863f09 100644
> --- a/www/manager6/node/Config.js
> +++ b/www/manager6/node/Config.js
> @@ -380,15 +380,20 @@ Ext.define('PVE.node.Config', {
>  		nodename: nodename,
>  		xtype: 'proxmoxNodeTasks'
>  	    },
> -	    {
> -		title: gettext('Subscription'),
> -		iconCls: 'fa fa-support',
> -		itemId: 'support',
> -		xtype: 'pveNodeSubscription',
> -		nodename: nodename
> -	    }
>  	);
>  
> +	if (caps.nodes['Sys.Audit']) {
> +	    me.items.push(
> +		{
> +		    title: gettext('Subscription'),
> +		    iconCls: 'fa fa-support',
> +		    itemId: 'support',
> +		    xtype: 'pveNodeSubscription',
> +		    nodename: nodename
> +		}
> +	    );
> +	}
> +
>  	me.callParent();
>  
>  	me.mon(me.statusStore, 'load', function(s, records, success) {
> -- 
> 2.11.0
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list