On 1/21/20 1:54 PM, Fabian Grünbichler wrote:
> to filter out API paths that are not available with API tokens for
> security reasons, such as access control related endpoints.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
> ---
>
> Notes:
> pairs with patch in pve-common that adds this to the schema-schema. any
> modules
> setting that flag need a corresponding versioned depends on
> libpve-common-perl..
>
> v2->v3:
> - rename to allowtoken, negate default value/semantics
>
> PVE/HTTPServer.pm | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
> index 65f3a1d8..7859081b 100755
> --- a/PVE/HTTPServer.pm
> +++ b/PVE/HTTPServer.pm
> @@ -7,7 +7,7 @@ use PVE::SafeSyslog;
> use PVE::INotify;
> use PVE::Tools;
> use PVE::APIServer::AnyEvent;
> -use PVE::Exception qw(raise_param_exc raise);
> +use PVE::Exception qw(raise_param_exc raise_perm_exc raise);
>
> use PVE::RPCEnvironment;
> use PVE::AccessControl;
> @@ -148,6 +148,9 @@ sub rest_handler {
> $uri_param->{$p} = $params->{$p};
> }
>
> + raise_perm_exc("URI '$rel_uri' not available with API token, need
> proper ticket.\n")
> + if $auth->{api_token} && !$info->{allowtoken};
> +
> # check access permissions
> $rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid},
> $uri_param);
>
>
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
