proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-06-15 13:12:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

restore: allow to overwrite existing VMs if user has VM.Backup permissions

Browse Source 
The requirement to have VM.Allocate it non-obvious and confusing
if the VM already exists. If the user can backup, he should also be able
to restore that backup.
This commit is contained in:
Dietmar Maurer 2013-05-03 07:47:08 +02:00
parent 9418baad81
commit f9bfceefa6
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
PVE/API2/Qemu.pm
View File

@ -7,7 +7,7 @@ use Cwd 'abs_path';
use PVE::Cluster qw (cfs_read_file cfs_write_file);; use PVE::Cluster qw (cfs_read_file cfs_write_file);;
use PVE::SafeSyslog; use PVE::SafeSyslog;
use PVE::Tools qw(extract_param); use PVE::Tools qw(extract_param);
use PVE::Exception qw(raise raise_param_exc); use PVE::Exception qw(raise raise_param_exc raise_perm_exc);
use PVE::Storage; use PVE::Storage;
use PVE::JSONSchema qw(get_standard_option); use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler; use PVE::RESTHandler;
@ -254,11 +254,10 @@ __PACKAGE__->register_method({
method => 'POST', method => 'POST',
description => "Create or restore a virtual machine.", description => "Create or restore a virtual machine.",
permissions => { permissions => {
description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. If you create disks you need 'Datastore.AllocateSpace' on any used storage.", description => "You need 'VM.Allocate' permissions on /vms/{vmid} or on the VM pool /pool/{pool}. " .
check => [ 'or', "For restore (option 'archive'), it is enough if the user has 'VM.Backup' permission and the VM already exists. " .
[ 'perm', '/vms/{vmid}', ['VM.Allocate']], "If you create disks you need 'Datastore.AllocateSpace' on any used storage.",
[ 'perm', '/pool/{pool}', ['VM.Allocate'], require_param => 'pool'], user => 'all', # check inside
],
}, },
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
@ -334,6 +333,17 @@ __PACKAGE__->register_method({
$rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace']) $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
if defined($storage); if defined($storage);
if ($rpcenv->check($authuser, "/vms/$vmid", ['VM.Allocate'], 1)) {
# OK
} elsif ($pool && $rpcenv->check($authuser, "/pool/$pool", ['VM.Allocate'], 1)) {
# OK
} elsif ($archive && $force && (-f $filename) &&
$rpcenv->check($authuser, "/vms/$vmid", ['VM.Backup'], 1)) {
# OK: user has VM.Backup permissions, and want to restore an existing VM
} else {
raise_perm_exc();
}
if (!$archive) { if (!$archive) {
&$resolve_cdrom_alias($param); &$resolve_cdrom_alias($param);