api: replication: allow users to enumerate accessible replication jobs

Previously, the /cluster/replication API handler would fail completely
with a HTTP 403 if a user does have VM.Audit permissions for
a single VM/CT. That was due to the 'noerr' parameter not set for
$rpcenv->check()

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/PVE/API2/ReplicationConfig.pm b/PVE/API2/ReplicationConfig.pm
index 8af62621437dc0a23735f7ebae9c9c4bcb6d4397..d0e8a49ee7d466fcb61d729738a2f42ab9597681 100644 (file)
--- a/PVE/API2/ReplicationConfig.pm
+++ b/PVE/API2/ReplicationConfig.pm
@@ -20,7 +20,8 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "List replication jobs.",
     permissions => {
-       description => "Requires the VM.Audit permission on /vms/<vmid>.",
+       description => "Will only return replication jobs for which the calling user has"
+           . " VM.Audit permission on /vms/<vmid>.",
        user => 'all',
     },
     parameters => {
@@ -47,7 +48,7 @@ __PACKAGE__->register_method ({
        foreach my $id (sort keys %{$cfg->{ids}}) {
            my $d = $cfg->{ids}->{$id};
            my $vmid = $d->{guest};
-           next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ]);
+           next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
            $d->{id} = $id;
            push @$res, $d;
        }