[pve-devel] [PATCH storage 2/4] check volume accesss: add content type parameter
Fabian Ebner
f.ebner at proxmox.com
Mon Mar 21 14:06:27 CET 2022
Adding such a check here avoids the need to parse at the call sites in
many cases.
Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---
PVE/Storage.pm | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index efa304a..83760c4 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -473,11 +473,16 @@ sub parse_volume_id {
# test if we have read access to volid
sub check_volume_access {
- my ($rpcenv, $user, $cfg, $vmid, $volid) = @_;
+ my ($rpcenv, $user, $cfg, $vmid, $volid, $type) = @_;
my ($sid, $volname) = parse_volume_id($volid, 1);
if ($sid) {
my ($vtype, undef, $ownervm) = parse_volname($cfg, $volid);
+
+ # Need to allow 'images' when expecting 'rootdir' too - not cleanly separated in plugins.
+ die "unable to use volume $volid - content type needs to be '$type'\n"
+ if defined($type) && $vtype ne $type && ($type ne 'rootdir' || $vtype ne 'images');
+
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# require at least read access to storage, (custom) templates/ISOs could be sensitive
$rpcenv->check_any($user, "/storage/$sid", ['Datastore.AllocateSpace', 'Datastore.Audit']);
--
2.30.2
More information about the pve-devel
mailing list