The userid-* permission check variants work on
$param->{userid} directly which does not exist for this
call. Also, they work on the realm of the user being
checked, rather than the realm provided as parameter.
The result was that as non-root user this always failed
with the message "userid '' too short"
Fix this by making the check explicitly work like in the
description.
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
src/PVE/API2/Domains.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/Domains.pm b/src/PVE/API2/Domains.pm
index 9c2b254..56e8394 100644
--- a/src/PVE/API2/Domains.pm
+++ b/src/PVE/API2/Domains.pm
@@ -397,8 +397,8 @@ __PACKAGE__->register_method ({
description => "'Realm.AllocateUser' on '/access/realm/<realm>' and "
." 'User.Modify' permissions to '/access/groups/'.",
check => [ 'and',
- [ 'userid-param', 'Realm.AllocateUser' ],
- [ 'userid-group', ['User.Modify'] ],
+ ['perm', '/access/realm/{realm}', ['Realm.AllocateUser']],
+ ['perm', '/access/groups', ['User.Modify']],
],
},
description => "Syncs users and/or groups from the configured LDAP to
user.cfg."
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
