yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix access rights

Browse Source 
Try to use $rpcenv->check_volume_access() everywhere.
This commit is contained in:
Dietmar Maurer
2013-02-28 10:15:44 +01:00
parent a7442cf523
commit b8744249a2
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
PVE/API2/Storage/Content.pm
View File

@ -58,13 +58,17 @@ __PACKAGE__->register_method ({
code => sub { code => sub {
my ($param) = @_; my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $cts = $param->{content} ? [ $param->{content} ] : [ @ctypes ]; my $cts = $param->{content} ? [ $param->{content} ] : [ @ctypes ];
my $storeid = $param->{storage}; my $storeid = $param->{storage};
my $cfg = cfs_read_file("storage.cfg"); my $cfg = cfs_read_file("storage.cfg");
my $scfg = PVE::Storage::storage_config ($cfg, $storeid); my $scfg = PVE::Storage::storage_config($cfg, $storeid);
my $res = []; my $res = [];
foreach my $ct (@$cts) { foreach my $ct (@$cts) {
@ -82,6 +86,8 @@ __PACKAGE__->register_method ({
next if !$data || !$data->{$storeid}; next if !$data || !$data->{$storeid};
foreach my $item (@{$data->{$storeid}}) { foreach my $item (@{$data->{$storeid}}) {
eval { $rpcenv->check_volume_access($authuser, $cfg, undef, $item->{volid}); };
next if $@;
$item->{content} = $ct; $item->{content} = $ct;
push @$res, $item; push @$res, $item;
} }
@ -197,7 +203,7 @@ __PACKAGE__->register_method ({
method => 'GET', method => 'GET',
description => "Get volume attributes", description => "Get volume attributes",
permissions => { permissions => {
description => "You need 'Datastore.Audit' or 'Datastore.AllocateSpace' privilege on the storage.", description => "You need read access for the volume.",
user => 'all', user => 'all',
}, },
protected => 1, protected => 1,
@ -222,10 +228,10 @@ __PACKAGE__->register_method ({
my ($volid, $storeid) = &$real_volume_id($param->{storage}, $param->{volume}); my ($volid, $storeid) = &$real_volume_id($param->{storage}, $param->{volume});
$rpcenv->check_any($authuser, "/storage/$storeid", ['Datastore.Audit', 'Datastore.AllocateSpace']);
my $cfg = cfs_read_file('storage.cfg'); my $cfg = cfs_read_file('storage.cfg');
$rpcenv->check_volume_access($authuser, $cfg, undef, $volid);
my $path = PVE::Storage::path($cfg, $volid); my $path = PVE::Storage::path($cfg, $volid);
my ($size, $format, $used) = PVE::Storage::file_size_info ($path); my ($size, $format, $used) = PVE::Storage::file_size_info ($path);

2
changelog.Debian
View File

@ -2,6 +2,8 @@ libpve-storage-perl (2.3-4) unstable; urgency=low
* rbd: rework pool - username - auth_supported options * rbd: rework pool - username - auth_supported options
* API: fix access rights: use $rpcenv->check_volume_access()
-- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 06:41:58 +0100 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 06:41:58 +0100
libpve-storage-perl (2.3-3) unstable; urgency=low libpve-storage-perl (2.3-3) unstable; urgency=low