Since `48a66a12ee19a8d14e92827623aa005c2ab2c06c` (ui: api token:
rewrite), the TokenEdit edit modal is prefilled with the userid, which
is currently logged in.
The selector items in Proxmox.form.UserSelector used in the TokenEdit
component are filled from the `/access/users` API endpoint, therefore
the user selection is restricted to which the user has "Sys.Audit" or
"User.Modify" permissions and the current authenticated user themselves.
Therefore, the button can be accessible to unprivileged users as well.
This change allows users without the "User.Modify" permission to add API
tokens, since this is already allowed by the API endpoint
`/access/users/{userid}/token/{tokenid}`.
Signed-off-by: Daniel Kral <d.k...@proxmox.com>
---
www/manager6/dc/TokenView.js | 1 -
1 file changed, 1 deletion(-)
diff --git a/www/manager6/dc/TokenView.js b/www/manager6/dc/TokenView.js
index 7d6d4274..d275a1c5 100644
--- a/www/manager6/dc/TokenView.js
+++ b/www/manager6/dc/TokenView.js
@@ -74,7 +74,6 @@ Ext.define('PVE.dc.TokenView', {
let tbar = [
{
text: gettext('Add'),
- disabled: !caps.access['User.Modify'],
handler: function(btn, e) {
let data = {};
let win = Ext.create('PVE.dc.TokenEdit', {
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
