[pve-devel] applied: [PATCH manager] fix Subscription api check

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Jan 31 11:16:03 CET 2019


On 1/31/19 10:14 AM, Dominik Csapak wrote:
> when using 'check_permissions' directly, we have to actually
> give the nodename in the path, else we check the wrong permission
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/API2/Subscription.pm | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
> index 896bea7c..ef9499ab 100644
> --- a/PVE/API2/Subscription.pm
> +++ b/PVE/API2/Subscription.pm
> @@ -106,10 +106,11 @@ __PACKAGE__->register_method ({
>  
>  	my $server_id = PVE::API2Tools::get_hwaddress();
>  	my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
> +	my $node = $param->{node};
>  
>  	my $rpcenv = PVE::RPCEnvironment::get();
>  	my $authuser = $rpcenv->get_user();
> -	my $has_permission = PVE::AccessControl::check_permissions($authuser, '/nodes/{node}', 'Sys.Audit');
> +	my $has_permission = PVE::AccessControl::check_permissions($authuser, "/nodes/$node", 'Sys.Audit');
>  
>  	my $info = PVE::INotify::read_file('subscription');
>  	if (!$info) {
> 

applied, thanks!




More information about the pve-devel mailing list