[pve-devel] [PATCH guest-common v2 1/6] guest helpers: add helper to overrule active tasks of a specific type
Friedrich Weber
f.weber at proxmox.com
Mon Apr 8 10:38:06 CEST 2024
On 06/04/2024 10:37, Thomas Lamprecht wrote:
>> Still, right now I think the primary motivation for this overruling
>> feature is to save GUI users some frustration and/or clicks. In this
>> scenario, a user will overrule only their own tasks, which is possible
>> with the current check. What do you think about keeping the check as it
>> is for now, and making it more permissive once the need arises?
>
> I think that allowing users that hold the respective Sys.Modify and
> VM.PowerMgmt to overrule any tasks from the start wouldn't be to much
> "speculative future-proofing" but rather something expected while still
> safe.
Makes sense.
> FWIW, you could also drop the $authuser then and just get it from
> the RPCEnv singleton available in all API call-paths and then do
> the permission check in the helper directly.
> This would IMO be also a bit better w.r.t. conveying why we do it this
> way.
OK, sounds good! I'll send a v3 then.
More information about the pve-devel
mailing list