Signed-off-by: Alexandre Derumier <aderum...@odiso.com>
---
PVE/API2/Network.pm | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index b3faba1a..ba3b3e0e 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -240,22 +240,20 @@ __PACKAGE__->register_method({
if (my $tfilter = $param->{type}) {
my $vnets;
- my $vnet_cfg;
- my $can_access_vnet = sub { # only matters for the $have_sdn case,
checked implict
- return 1 if $authuser eq 'root@pam' || !defined($vnets);
- return 1 if
!defined(PVE::Network::SDN::Vnets::sdn_vnets_config($vnet_cfg, $_[0], 1)); #
not a vnet
- $rpcenv->check_any($authuser, "/sdn/vnets/$_[0]", ['SDN.Audit',
'SDN.Allocate'], 1)
+ #check access for local bridges
+ my $can_access_vnet = sub {
+ return 1 if $authuser eq 'root@pam';
+ return 1 if $rpcenv->check_any($authuser, "/sdn/zones/local",
['SDN.Audit', 'SDN.Allocate'], 1);
+ return 1 if $rpcenv->check_any($authuser, "/sdn/vnets/$_[0]",
['SDN.Audit', 'SDN.Allocate'], 1);
};
if ($have_sdn && $param->{type} eq 'any_bridge') {
$vnets = PVE::Network::SDN::get_local_vnets(); # returns
already access-filtered
- $vnet_cfg = PVE::Network::SDN::Vnets::config();
}
for my $k (sort keys $ifaces->%*) {
my $type = $ifaces->{$k}->{type};
my $match = $tfilter eq $type || ($tfilter =~
/^any(_local)?_bridge$/ && ($type eq 'bridge' || $type eq 'OVSBridge'));
-
delete $ifaces->{$k} if !($match && $can_access_vnet->($k));
}
--
2.30.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
