[pve-devel] [RFC/PATCH storage] api: disk list: allow if an audit permission for the node is present

Fabian Ebner f.ebner at proxmox.com
Wed Mar 10 10:26:27 CET 2021


as that seems to be the more natural permission path for listing a nodes local
disks. For backwards compatibility, the old permission check has to be kept
(relevant with propagate=0).

This API call was originally part of the Ceph API and got copied here later,
which might explain the current permission check.

In the UI, the Disk panel is visible with a node audit permission, but the API
call itself failed without the '/' audit permission.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---
 PVE/API2/Disks.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/PVE/API2/Disks.pm b/PVE/API2/Disks.pm
index d2ee81d..33bca76 100644
--- a/PVE/API2/Disks.pm
+++ b/PVE/API2/Disks.pm
@@ -82,7 +82,10 @@ __PACKAGE__->register_method ({
     protected => 1,
     proxyto => 'node',
     permissions => {
-	check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	check => ['or',
+	    ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	    ['perm', '/nodes/{node}', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	],
     },
     parameters => {
 	additionalProperties => 0,
-- 
2.20.1






More information about the pve-devel mailing list