[pve-devel] [PATCH storage] close #5492: api: content: allow listing volumes with Datastore.Audit privilege
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jul 30 15:11:18 CEST 2025
On July 18, 2025 5:03 pm, Fiona Ebner wrote:
> The check_volume_access() method is for checking read access to a
> volume. Users should be able to list the images, e.g. to check backup
> health via monitoring like reported in #5492 comment 3, with just an
> audit privilege.
>
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
> src/PVE/API2/Storage/Content.pm | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/src/PVE/API2/Storage/Content.pm b/src/PVE/API2/Storage/Content.pm
> index 1fe7303..c1f9a1f 100644
> --- a/src/PVE/API2/Storage/Content.pm
> +++ b/src/PVE/API2/Storage/Content.pm
> @@ -154,12 +154,6 @@ __PACKAGE__->register_method({
>
> my $res = [];
> foreach my $item (@$vollist) {
> - eval {
> - PVE::Storage::check_volume_access(
> - $rpcenv, $authuser, $cfg, undef, $item->{volid},
> - );
> - };
> - next if $@;
the data here also contains things like the notes content for that
volume, which might be sensitive..
should we maybe limit the returned information if there is no volume
access? e.g., just return volid, format, type, owner, and size
information?
> $item->{vmid} = int($item->{vmid}) if defined($item->{vmid});
> $item->{size} = int($item->{size}) if defined($item->{size});
> $item->{used} = int($item->{used}) if defined($item->{used});
> --
> 2.47.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list