proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-04-28 16:36:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix wrong permissions for subscription info

Browse Source 
workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription details in the GUI for unauthorized
users.
This commit is contained in:
Dietmar Maurer 2018-10-30 11:36:14 +01:00
parent 3e1d7320d0
commit 2d2ed7ab53
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
PVE/API2/Subscription.pm
View File

@ -91,9 +91,6 @@ __PACKAGE__->register_method ({
name => 'get',
path => '',
method => 'GET',
permissions => {
check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
},
description => "Read subscription info.",
proxyto => 'node',
permissions => { user => 'all' },
@ -110,12 +107,25 @@ __PACKAGE__->register_method ({
my $server_id = PVE::API2Tools::get_hwaddress();
my $url = "http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $has_permission = PVE::AccessControl::check_permissions($authuser, '/nodes/{node}', 'Sys.Audit');
my $info = PVE::INotify::read_file('subscription');
if (!$info) {
return {
my $no_subscription_info = {
status => "NotFound",
message => "There is no subscription key",
serverid => $server_id,
url => $url,
};
$no_subscription_info->{serverid} = $server_id if $has_permission;
return $no_subscription_info;
}
if (!$has_permission) {
return {
status => $info->{status},
message => $info->{message},
url => $url,
}
}