proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-14 14:34:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

RPCEnvironment: removed check_volume_access() to avoid cyclic dependency

Browse Source 
moved to PVE::Storage
This commit is contained in:
Dietmar Maurer 2017-01-18 17:35:50 +01:00
parent c104e4abe6
commit e83e0ed584
1 changed files with 0 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
PVE/RPCEnvironment.pm
View File

@ -15,8 +15,6 @@ use PVE::AccessControl;
use base qw(PVE::RESTEnvironment);
# FIXME: remove dependency to PVE::Storage;
# ACL cache
my $compile_acl_path = sub {
@ -211,33 +209,6 @@ sub check_vm_perm {
return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr);
};
sub check_volume_access {
my ($self, $user, $storecfg, $vmid, $volid) = @_;
# test if we have read access to volid
my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
if ($sid) {
my ($vtype, undef, $ownervm) = PVE::Storage::parse_volname($storecfg, $volid);
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# we simply allow access
} elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
# we are owner - allow access
} elsif ($vtype eq 'backup' && $ownervm) {
$self->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
$self->check($user, "/vms/$ownervm", ['VM.Backup']);
} else {
# allow if we are Datastore administrator
$self->check($user, "/storage/$sid", ['Datastore.Allocate']);
}
} else {
die "Only root can pass arbitrary filesystem paths."
if $user ne 'root@pam';
}
return undef;
}
sub is_group_member {
my ($self, $group, $user) = @_;