fix Permission::Privilege path check

when checking a path, we only pushed the components to the checked value that would contain a parameter and not fixed ones e.g. from the path components (with params datastore="foo") ["datastore", "{datastore}"] only ["foo"] was given to the lookup_privs function instead of ["datastore", "foo"] this fixes an issue where e.g. a prune on /datastore/foo would fail for a user that has the role DatastorePowerUser on /datastore (with propagate) or /datastore/foo Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2025-08-13 13:40:15 +00:00 · 2020-06-04 16:52:12 +02:00 · 2020-06-04 16:52:12 +02:00 · 72974335a4
commit 72974335a4
parent 2ca2559c94
1 changed files with 2 additions and 0 deletions
--- a/proxmox/src/api/permission.rs
+++ b/proxmox/src/api/permission.rs
@ -142,6 +142,8 @@ fn check_api_permission_tail(
                            new_path.push(value);
                        }
                    }
+                } else {
+                    new_path.push(comp);
                }
            }
            match userid {