fix Permission::Privilege path check

when checking a path, we only pushed the components to the checked value
that would contain a parameter and not fixed ones

e.g. from the path components (with params datastore="foo")
["datastore", "{datastore}"]

only ["foo"] was given to the lookup_privs function
instead of ["datastore", "foo"]

this fixes an issue where e.g. a prune on /datastore/foo would fail
for a user that has the role DatastorePowerUser on /datastore (with
propagate) or /datastore/foo

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-06-04 16:52:12 +02:00 committed by Dietmar Maurer
parent 2ca2559c94
commit 72974335a4

View File

@ -142,6 +142,8 @@ fn check_api_permission_tail(
new_path.push(value);
}
}
} else {
new_path.push(comp);
}
}
match userid {