[pve-devel] [PATCH manager] fix wrong permissions for subscription info

[David Limbeck]

workaround to keep the subscription popup on login even without 'Sys.Audit'
permissions but remove the subscription menu in the GUI for unauthorized
users

Signed-off-by: David Limbeck <d.limb...@proxmox.com>
---
 PVE/API2/Subscription.pm    | 20 +++++++++++++++-----
 www/manager6/node/Config.js | 19 ++++++++++++-------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/PVE/API2/Subscription.pm b/PVE/API2/Subscription.pm
index 9d24dce8..efbe70c2 100644
--- a/PVE/API2/Subscription.pm
+++ b/PVE/API2/Subscription.pm
@@ -91,9 +91,6 @@ __PACKAGE__->register_method ({
     name => 'get',
     path => '',
     method => 'GET',
-    permissions => {
-       check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
-    },
     description => "Read subscription info.",
     proxyto => 'node',
     permissions => { user => 'all' },
@@ -110,12 +107,25 @@ __PACKAGE__->register_method ({
        my $server_id = PVE::API2Tools::get_hwaddress();
        my $url = 
"http://www.proxmox.com/products/proxmox-ve/subscription-service-plans";;
 
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $authuser = $rpcenv->get_user();
+       my $has_permission = PVE::AccessControl::check_permissions($authuser, 
'/nodes/{node}', 'Sys.Audit');
+
        my $info = PVE::INotify::read_file('subscription');
        if (!$info) {
-           return {
+           my $no_subscription_info = {
                status => "NotFound",
                message => "There is no subscription key",
-               serverid => $server_id,
+               url => $url,
+           };
+           $no_subscription_info->{serverid} = $server_id if $has_permission;
+           return $no_subscription_info;
+       }
+
+       if (!$has_permission) {
+           return {
+               status => $info->{status},
+               message => $info->{message},
                url => $url,
            }
        }
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index e7a38296..37863f09 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -380,15 +380,20 @@ Ext.define('PVE.node.Config', {
                nodename: nodename,
                xtype: 'proxmoxNodeTasks'
            },
-           {
-               title: gettext('Subscription'),
-               iconCls: 'fa fa-support',
-               itemId: 'support',
-               xtype: 'pveNodeSubscription',
-               nodename: nodename
-           }
        );
 
+       if (caps.nodes['Sys.Audit']) {
+           me.items.push(
+               {
+                   title: gettext('Subscription'),
+                   iconCls: 'fa fa-support',
+                   itemId: 'support',
+                   xtype: 'pveNodeSubscription',
+                   nodename: nodename
+               }
+           );
+       }
+
        me.callParent();
 
        me.mon(me.statusStore, 'load', function(s, records, success) {
-- 
2.11.0


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel