commit 2d2ed7ab53 had a valid cause but
unnecessarily used the static PVE::AccessControl::check_permissions.
As the RPCEnvironment based check method has a "$noerr" parameter and
we already have a rpcenv instance readily available, we can use that
one just fine.
this is the last caller of PVE::AccessControl::check_permissions(),
which is the last caller of PVE::AccessControl::permission(). both can
thus be dropped altogether.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
when using 'check_permissions' directly, we have to actually use the
nodename in the path, else we check the wrong permission and one
needed to have propagating 'Sys.Audit' permissions on '/nodes' for
this to work.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription details in the GUI for unauthorized
users.
Allow users which have Sys.Audit on a specific node to get the
subscription status and those with Sys.Modify to set and check
(update) it.
This mirrors the required permissions from other node specific
actions, e.g., APT (package management).
We always showed the Subscription Panel and all its elements in the
WebUI, so no need for change there.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
