From 62873951147185f521af52617ddd7cb392eb8e33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Tue, 5 Nov 2024 09:30:38 +0100
Subject: [PATCH] api: permissions: allow users to view their own permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

even when specifying an explicit userid matching their own.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Daniel Kral <d.kral@proxmox.com>
---
 src/PVE/API2/AccessControl.pm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index c55a7b3..157a5ee 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -486,14 +486,14 @@ __PACKAGE__->register_method({
 	my ($param) = @_;
 
 	my $rpcenv = PVE::RPCEnvironment::get();
+	my $authid = $rpcenv->get_user();
 
 	my $userid = $param->{userid};
-	if (defined($userid)) {
-	    $rpcenv->check($rpcenv->get_user(), '/access', ['Sys.Audit']);
-	} else {
-	    $userid = $rpcenv->get_user();
-	}
+	$userid = $authid if !defined($userid);
 
+	if ($userid ne $authid) {
+	    $rpcenv->check($rpcenv->get_user(), '/access', ['Sys.Audit']);
+	}
 	my $res;
 
 	if (my $path = $param->{path}) {