From b755bdb0f99c1f677672c34296b9d3ff57e74f17 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 22 Feb 2012 12:08:54 +0100 Subject: [PATCH] delete volume requires Datastore.Allocate --- Makefile | 2 +- PVE/API2/Storage/Content.pm | 23 ++++++++++++++++++----- changelog.Debian | 6 ++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 9fc919e..c6db209 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ RELEASE=2.0 VERSION=2.0 PACKAGE=libpve-storage-perl -PKGREL=11 +PKGREL=12 DESTDIR= PREFIX=/usr diff --git a/PVE/API2/Storage/Content.pm b/PVE/API2/Storage/Content.pm index 38cd1e9..eab5c30 100644 --- a/PVE/API2/Storage/Content.pm +++ b/PVE/API2/Storage/Content.pm @@ -177,6 +177,7 @@ my $real_volume_id = sub { raise_param_exc({ storage => "storage ID missmatch" }) if $storeid && $sid ne $storeid; $volid = $volume; + $storeid = $sid; }; raise_param_exc({ volume => $@}) if $@; @@ -187,7 +188,7 @@ my $real_volume_id = sub { $volid = "$storeid:$volume"; } - return $volid; + return wantarray ? ($volid, $storeid) : $volid; }; __PACKAGE__->register_method ({ @@ -196,7 +197,8 @@ __PACKAGE__->register_method ({ method => 'GET', description => "Get volume attributes", permissions => { - check => ['perm', '/storage/{storage}', ['Datastore.Audit', 'Datastore.AllocateSpace'], any => 1], + description => "You need 'Datastore.Audit' or 'Datastore.AllocateSpace' privilege on the storage.", + user => 'all', }, protected => 1, proxyto => 'node', @@ -215,7 +217,12 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - my $volid = &$real_volume_id($param->{storage}, $param->{volume}); + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my ($volid, $storeid) = &$real_volume_id($param->{storage}, $param->{volume}); + + $rpcenv->check_any($authuser, "/storage/$storeid", ['Datastore.Audit', 'Datastore.AllocateSpace']); my $cfg = cfs_read_file('storage.cfg'); @@ -236,7 +243,8 @@ __PACKAGE__->register_method ({ method => 'DELETE', description => "Delete volume", permissions => { - check => ['perm', '/storage/{storage}', ['Datastore.AllocateSpace']], + description => "You need 'Datastore.Allocate' privilege on the storage ('Datastore.AllocateSpace' is not enough).", + user => 'all', }, protected => 1, proxyto => 'node', @@ -255,8 +263,13 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - my $volid = &$real_volume_id($param->{storage}, $param->{volume}); + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + + my ($volid, $storeid) = &$real_volume_id($param->{storage}, $param->{volume}); + $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.Allocate']); + my $cfg = cfs_read_file('storage.cfg'); PVE::Storage::vdisk_free ($cfg, $volid); diff --git a/changelog.Debian b/changelog.Debian index fc0b2c4..75b713a 100644 --- a/changelog.Debian +++ b/changelog.Debian @@ -1,3 +1,9 @@ +libpve-storage-perl (2.0-12) unstable; urgency=low + + * fix permission checks (delete volume requires Datastore.Allocate) + + -- Proxmox Support Team Wed, 22 Feb 2012 12:08:16 +0100 + libpve-storage-perl (2.0-11) unstable; urgency=low * only list iscsi when enabled (content == images)