[pve-devel] [PATCH v2 storage 3/6] check volume access: allow for images/rootdir if user has VM.Config.Disk

Fabian Ebner f.ebner at proxmox.com
Wed Mar 30 12:24:30 CEST 2022


Listing guest images should not require Datastore.Allocate in this
case. In preparation for adding disk import to the GUI.

Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
---

Changes from v1:
    * Also check for Datastore.Audit privilege.

 PVE/Storage.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index 0349564..a864c33 100755
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -488,6 +488,9 @@ sub check_volume_access {
 	} elsif ($vtype eq 'backup' && $ownervm) {
 	    $rpcenv->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
 	    $rpcenv->check($user, "/vms/$ownervm", ['VM.Backup']);
+	} elsif (($vtype eq 'images' || $vtype eq 'rootdir') && $ownervm) {
+	    $rpcenv->check($user, "/storage/$sid", ['Datastore.Audit']);
+	    $rpcenv->check($user, "/vms/$ownervm", ['VM.Config.Disk']);
 	} else {
 	    die "missing privileges to access $volid\n";
 	}
-- 
2.30.2






More information about the pve-devel mailing list