From 72974335a4a76fc636208ecdb10f076c49de2229 Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Thu, 4 Jun 2020 16:52:12 +0200
Subject: [PATCH] fix Permission::Privilege path check

when checking a path, we only pushed the components to the checked value
that would contain a parameter and not fixed ones

e.g. from the path components (with params datastore="foo")
["datastore", "{datastore}"]

only ["foo"] was given to the lookup_privs function
instead of ["datastore", "foo"]

this fixes an issue where e.g. a prune on /datastore/foo would fail
for a user that has the role DatastorePowerUser on /datastore (with
propagate) or /datastore/foo

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 proxmox/src/api/permission.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/proxmox/src/api/permission.rs b/proxmox/src/api/permission.rs
index 6428c18d..c423ec63 100644
--- a/proxmox/src/api/permission.rs
+++ b/proxmox/src/api/permission.rs
@@ -142,6 +142,8 @@ fn check_api_permission_tail(
                             new_path.push(value);
                         }
                     }
+                } else {
+                    new_path.push(comp);
                 }
             }
             match userid {