proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-14 16:19:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

moved check_volume_access from qemu-server

Browse Source
This commit is contained in:
Dietmar Maurer 2012-02-06 12:34:24 +01:00
parent 4fb3cc5841
commit fef1bc1717
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
PVE/RPCEnvironment.pm
View File

@ -282,6 +282,30 @@ sub check_vm_perm {
return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr); return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr);
}; };
sub check_volume_access = sub {
my ($self, $user, $storecfg, $vmid, $volid) = @_;
# test if we have read access to volid
my $path;
if (my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1)) {
my ($ownervm, $vtype);
($path, $ownervm, $vtype) = PVE::Storage::path($storecfg, $volid);
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# we simply allow access
} elsif (!$ownervm || ($ownervm != $vmid)) {
# allow if we are Datastore administrator
$self->check($user, "/storage/$sid", ['Datastore.Allocate']);
}
} else {
die "Only root can pass arbitrary filesystem paths."
if $user ne 'root@pam';
$path = abs_path($volid);
}
return $path;
}
sub is_group_member { sub is_group_member {
my ($self, $group, $user) = @_; my ($self, $group, $user) = @_;