diff --git a/src/PVE/API2/Disks/Directory.pm b/src/PVE/API2/Disks/Directory.pm index 5cddddb..099afae 100644 --- a/src/PVE/API2/Disks/Directory.pm +++ b/src/PVE/API2/Disks/Directory.pm @@ -165,7 +165,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'add_storage'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Create a Filesystem on an unused disk. Will be mounted under '/mnt/pve/NAME'.", parameters => { @@ -221,6 +222,8 @@ __PACKAGE__->register_method ({ my $verify_params = [qw(path)]; if ($param->{add_storage}) { + $rpcenv->check($user, "/storage", ['Datastore.Allocate']); + # reserve the name and add as disabled, will be enabled below if creation works out PVE::API2::Storage::Config->create_or_update( $name, $node, $storage_params, $verify_params, 1); @@ -317,7 +320,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'cleanup-config'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Unmounts the storage and removes the mount unit.", parameters => { @@ -347,6 +351,8 @@ __PACKAGE__->register_method ({ my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); + $rpcenv->check($user, "/storage", ['Datastore.Allocate']) if $param->{'cleanup-config'}; + my $name = $param->{name}; my $node = $param->{node}; diff --git a/src/PVE/API2/Disks/LVM.pm b/src/PVE/API2/Disks/LVM.pm index f0419f6..3c5bdfa 100644 --- a/src/PVE/API2/Disks/LVM.pm +++ b/src/PVE/API2/Disks/LVM.pm @@ -117,7 +117,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'add_storage'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Create an LVM Volume Group", parameters => { @@ -162,6 +163,8 @@ __PACKAGE__->register_method ({ my $verify_params = [qw(vgname)]; if ($param->{add_storage}) { + $rpcenv->check($user, "/storage", ['Datastore.Allocate']); + # reserve the name and add as disabled, will be enabled below if creation works out PVE::API2::Storage::Config->create_or_update( $name, $node, $storage_params, $verify_params, 1); @@ -199,7 +202,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'cleanup-config'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Remove an LVM Volume Group.", parameters => { @@ -229,6 +233,8 @@ __PACKAGE__->register_method ({ my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); + $rpcenv->check($user, "/storage", ['Datastore.Allocate']) if $param->{'cleanup-config'}; + my $name = $param->{name}; my $node = $param->{node}; diff --git a/src/PVE/API2/Disks/LVMThin.pm b/src/PVE/API2/Disks/LVMThin.pm index bd6d47b..f1c3957 100644 --- a/src/PVE/API2/Disks/LVMThin.pm +++ b/src/PVE/API2/Disks/LVMThin.pm @@ -75,7 +75,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'add_storage'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Create an LVM thinpool", parameters => { @@ -120,6 +121,8 @@ __PACKAGE__->register_method ({ my $verify_params = [qw(vgname thinpool)]; if ($param->{add_storage}) { + $rpcenv->check($user, "/storage", ['Datastore.Allocate']); + # reserve the name and add as disabled, will be enabled below if creation works out PVE::API2::Storage::Config->create_or_update( $name, $node, $storage_params, $verify_params, 1); @@ -178,7 +181,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'cleanup-config'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Remove an LVM thin pool.", parameters => { @@ -209,6 +213,8 @@ __PACKAGE__->register_method ({ my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); + $rpcenv->check($user, "/storage", ['Datastore.Allocate']) if $param->{'cleanup-config'}; + my $vg = $param->{'volume-group'}; my $lv = $param->{name}; my $node = $param->{node}; diff --git a/src/PVE/API2/Disks/ZFS.pm b/src/PVE/API2/Disks/ZFS.pm index 6a4381c..6fb6bd6 100644 --- a/src/PVE/API2/Disks/ZFS.pm +++ b/src/PVE/API2/Disks/ZFS.pm @@ -300,7 +300,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'add_storage'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Create a ZFS pool.", parameters => { @@ -383,6 +384,8 @@ __PACKAGE__->register_method ({ my $verify_params = [qw(pool)]; if ($param->{add_storage}) { + $rpcenv->check($user, "/storage", ['Datastore.Allocate']); + # reserve the name and add as disabled, will be enabled below if creation works out PVE::API2::Storage::Config->create_or_update( $name, $node, $storage_params, $verify_params, 1); @@ -507,7 +510,8 @@ __PACKAGE__->register_method ({ proxyto => 'node', protected => 1, permissions => { - check => ['perm', '/', ['Sys.Modify', 'Datastore.Allocate']], + description => "Requires additionally 'Datastore.Allocate' on /storage when setting 'cleanup-config'", + check => ['perm', '/', ['Sys.Modify']], }, description => "Destroy a ZFS pool.", parameters => { @@ -537,6 +541,8 @@ __PACKAGE__->register_method ({ my $rpcenv = PVE::RPCEnvironment::get(); my $user = $rpcenv->get_user(); + $rpcenv->check($user, "/storage", ['Datastore.Allocate']) if $param->{'cleanup-config'}; + my $name = $param->{name}; my $node = $param->{node};