proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-08-07 20:15:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

set permissions for VZDump API

Browse Source
This commit is contained in:
Dietmar Maurer 2012-02-06 11:15:31 +01:00
parent d0289a19e5
commit 98e84b16d5
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
PVE/API2/VZDump.pm
View File

@ -22,6 +22,10 @@ __PACKAGE__->register_method ({
path => '', path => '',
method => 'POST', method => 'POST',
description => "Create backup.", description => "Create backup.",
permissions => {
description => "The user needs VM.Backup permissions on any VM.",
user => 'all',
},
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
parameters => { parameters => {
@ -99,6 +103,11 @@ __PACKAGE__->register_method ({
die "you can only backup a single VM with option --stdout\n" die "you can only backup a single VM with option --stdout\n"
if $param->{stdout} && scalar(@vmids) != 1; if $param->{stdout} && scalar(@vmids) != 1;
foreach my $key (qw(maxfiles tmpdir dumpdir script size bwlimit ionice)) {
raise_param_exc({ $key => "Only root may set this option."})
if defined($param->{$key}) && ($user ne 'root@pam');
}
my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist); my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);
my $worker = sub { my $worker = sub {
@ -115,7 +124,7 @@ __PACKAGE__->register_method ({
PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$"); PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
} }
} }
$vzdump->exec_backup(); $vzdump->exec_backup($rpcenv, $user);
}; };
open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout}; open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};

5
PVE/VZDump.pm
View File

@ -10,6 +10,7 @@ use IO::Select;
use IPC::Open3; use IPC::Open3;
use POSIX qw(strftime); use POSIX qw(strftime);
use File::Path; use File::Path;
use PVE::RPCEnvironment;
use PVE::Storage; use PVE::Storage;
use PVE::Cluster qw(cfs_read_file); use PVE::Cluster qw(cfs_read_file);
use PVE::VZDump::OpenVZ; use PVE::VZDump::OpenVZ;
@ -953,7 +954,7 @@ sub exec_backup_task {
} }
sub exec_backup { sub exec_backup {
my ($self) = @_; my ($rpcenv, $authuser, $self) = @_;
my $opts = $self->{opts}; my $opts = $self->{opts};
@ -968,6 +969,7 @@ sub exec_backup {
my $vmlist = $plugin->vmlist(); my $vmlist = $plugin->vmlist();
foreach my $vmid (sort @$vmlist) { foreach my $vmid (sort @$vmlist) {
next if grep { $_ eq $vmid } @{$opts->{exclude}}; next if grep { $_ eq $vmid } @{$opts->{exclude}};
next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Backup' ], 1);
push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin }; push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin };
} }
} }
@ -981,6 +983,7 @@ sub exec_backup {
last; last;
} }
} }
$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Backup' ]);
push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin }; push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin };
} }
} }