proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 14:18:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api: permissions: allow users to view their own permissions

Browse Source 
even when specifying an explicit userid matching their own.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Daniel Kral <d.kral@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2024-11-05 09:30:38 +01:00 committed by Thomas Lamprecht
parent 37a813d721
commit 6287395114
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/PVE/API2/AccessControl.pm
View File

@ -486,14 +486,14 @@ __PACKAGE__->register_method({
my ($param) = @_; my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get(); my $rpcenv = PVE::RPCEnvironment::get();
my $authid = $rpcenv->get_user();
my $userid = $param->{userid}; my $userid = $param->{userid};
if (defined($userid)) { $userid = $authid if !defined($userid);
$rpcenv->check($rpcenv->get_user(), '/access', ['Sys.Audit']);
} else {
$userid = $rpcenv->get_user();
}
if ($userid ne $authid) {
$rpcenv->check($rpcenv->get_user(), '/access', ['Sys.Audit']);
}
my $res; my $res;
if (my $path = $param->{path}) { if (my $path = $param->{path}) {