[pve-devel] applied: [PATCH access-control] comput coarse UI permissions: also check SDN ones

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Jun 9 11:47:48 CEST 2020


Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---

fixes: https://forum.proxmox.com/threads/proxmox-6-2-sdn-beta-test.69655/page-8#post-318789

 PVE/API2/AccessControl.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 25230ac..8b053dc 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -176,11 +176,12 @@ my $compute_api_permission = sub {
 	access => qr/(User|Group)\.|Permissions\.Modify/,
 	storage => qr/Datastore\.|Permissions\.Modify/,
 	nodes => qr/Sys\.|Permissions\.Modify/,
-	dc => qr/Sys\.Audit/,
+	sdn => qr/SDN\./,
+	dc => qr/Sys\.Audit|SDN\./,
     };
     map { $res->{$_} = {} } keys %$priv_re_map;
 
-    my $required_paths = ['/', '/nodes', '/access/groups', '/vms', '/storage'];
+    my $required_paths = ['/', '/nodes', '/access/groups', '/vms', '/storage', '/sdn'];
 
     my $checked_paths = {};
     foreach my $path (@$required_paths, keys %{$usercfg->{acl}}) {
-- 
2.20.1





More information about the pve-devel mailing list