[pve-devel] [PATCH storage 1/4] check volume access: allow if user has VM.Config.Disk

Fabian Ebner f.ebner at proxmox.com
Tue Mar 22 09:31:49 CET 2022


Am 21.03.22 um 14:06 schrieb Fabian Ebner:
> Listing guest images should not require Datastore.Allocate in this
> case. In preparation for adding disk import to the GUI.
> 
> Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
> ---
>  PVE/Storage.pm | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/PVE/Storage.pm b/PVE/Storage.pm
> index 6112991..efa304a 100755
> --- a/PVE/Storage.pm
> +++ b/PVE/Storage.pm
> @@ -486,6 +486,8 @@ sub check_volume_access {
>  	} elsif ($vtype eq 'backup' && $ownervm) {
>  	    $rpcenv->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
>  	    $rpcenv->check($user, "/vms/$ownervm", ['VM.Backup']);
> +	} elsif (($vtype eq 'images' || $vtype eq 'rootdir') && $ownervm) {
> +	    $rpcenv->check($user, "/vms/$ownervm", ['VM.Config.Disk']);

Of course this needs to be or-ed with the Datastore.Allocate privilege.
Will fix it in v2.

>  	} else {
>  	    # allow if we are Datastore administrator
>  	    $rpcenv->check($user, "/storage/$sid", ['Datastore.Allocate']);





More information about the pve-devel mailing list