[pve-devel] [RFC manager 1/3] fix #6094: api: apt: allow to get packages info with Sys.Audit
Daniel Kral
d.kral at proxmox.com
Mon Feb 17 13:19:16 CET 2025
Relax the required permissions to query the current list of available
package updates and the changelog of a package on a node. Both API
endpoints do not modify any system state except caching outputs.
Those were probably only "Sys.Modify" before, since both are used in
conjunction with upgrading packages in the WebGUI, which is only visible
with that permission, but some users might be interested in this
information outside of this and/or without being able to upgrade.
Keep Sys.Modify for backwards compatibility.
Signed-off-by: Daniel Kral <d.kral at proxmox.com>
---
PVE/API2/APT.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/APT.pm b/PVE/API2/APT.pm
index 47c50961..2a1de1e6 100644
--- a/PVE/API2/APT.pm
+++ b/PVE/API2/APT.pm
@@ -202,7 +202,7 @@ __PACKAGE__->register_method({
method => 'GET',
description => "List available updates.",
permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
+ check => ['perm', '/nodes/{node}', [ 'Sys.Audit', 'Sys.Modify' ], any => 1],
},
protected => 1,
proxyto => 'node',
@@ -379,7 +379,7 @@ __PACKAGE__->register_method({
method => 'GET',
description => "Get package changelogs.",
permissions => {
- check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
+ check => ['perm', '/nodes/{node}', [ 'Sys.Audit', 'Sys.Modify' ], any => 1],
},
proxyto => 'node',
parameters => {
--
2.39.5
More information about the pve-devel
mailing list