X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=PVE%2FHTTPServer.pm;fp=PVE%2FHTTPServer.pm;h=7859081bfa7c4a597db5d82a9f152010e7e5cfce;hb=7af404b2016856992669f4f6ac3ce8543edd227b;hp=65f3a1d8591f2d855c9486d9203ea724a2e4215a;hpb=a589aab35eb452cf3993d9f21eefde4ccf02f8bb;p=pve-manager.git

diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 65f3a1d8..7859081b 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -7,7 +7,7 @@ use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
 use PVE::APIServer::AnyEvent;
-use PVE::Exception qw(raise_param_exc raise);
+use PVE::Exception qw(raise_param_exc raise_perm_exc raise);
 
 use PVE::RPCEnvironment;
 use PVE::AccessControl;
@@ -148,6 +148,9 @@ sub rest_handler {
 	    $uri_param->{$p} = $params->{$p};
 	}
 
+	raise_perm_exc("URI '$rel_uri' not available with API token, need proper ticket.\n")
+	    if $auth->{api_token} && !$info->{allowtoken};
+
 	# check access permissions
 	$rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid}, $uri_param);