[pve-devel] [PATCH manager] api: nodes/subscription: implement reasonable access rights

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Dec 12 07:44:31 CET 2017


any comments?

On 11/30/2017 08:20 AM, Thomas Lamprecht wrote:
> Allow users which have Sys.Audit on a specific node to get the
> subscription status and those with Sys.Modify to set and check
> (update) it.
> 
> This mirrors the required permissions from other node specific
> actions, e.g., APT (package management).
> 
> We always showed the Subscription Panel and all its elements in the
> WebUI, so no need for change there.
> 
> Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
> ---
>  PVE/API2/Subscription.pm | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
> index bedc6a5b..9d24dce8 100644
> --- a/PVE/API2/Subscription.pm
> +++ b/PVE/API2/Subscription.pm
> @@ -91,6 +91,9 @@ __PACKAGE__->register_method ({
>      name => 'get',
>      path => '',
>      method => 'GET',
> +    permissions => {
> +	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
> +    },
>      description => "Read subscription info.",
>      proxyto => 'node',
>      permissions => { user => 'all' },
> @@ -128,6 +131,9 @@ __PACKAGE__->register_method ({
>      name => 'update',
>      path => '',
>      method => 'POST',
> +    permissions => {
> +	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> +    },
>      description => "Update subscription info.",
>      proxyto => 'node',
>      protected => 1,
> @@ -179,6 +185,9 @@ __PACKAGE__->register_method ({
>      name => 'set',
>      path => '',
>      method => 'PUT',
> +    permissions => {
> +	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
> +    },
>      description => "Set subscription key.",
>      proxyto => 'node',
>      protected => 1,
> 





More information about the pve-devel mailing list