From: Wolfgang Bumiller Date: Mon, 20 Dec 2021 10:31:15 +0000 (+0100) Subject: fix realm sync permissions X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=0c503211837009ab77ea35320450d7bc73c0578f;hp=2974aa334536d57b6baf5032bec58ce2e06ae31c;p=pve-access-control.git fix realm sync permissions The userid-* permission check variants work on $param->{userid} directly which does not exist for this call. Also, they work on the realm of the user being checked, rather than the realm provided as parameter. The result was that as non-root user this always failed with the message "userid '' too short" Fix this by making the check explicitly work like in the description. Signed-off-by: Wolfgang Bumiller Signed-off-by: Thomas Lamprecht --- diff --git a/src/PVE/API2/Domains.pm b/src/PVE/API2/Domains.pm index 9c2b254..56e8394 100644 --- a/src/PVE/API2/Domains.pm +++ b/src/PVE/API2/Domains.pm @@ -397,8 +397,8 @@ __PACKAGE__->register_method ({ description => "'Realm.AllocateUser' on '/access/realm/' and " ." 'User.Modify' permissions to '/access/groups/'.", check => [ 'and', - [ 'userid-param', 'Realm.AllocateUser' ], - [ 'userid-group', ['User.Modify'] ], + ['perm', '/access/realm/{realm}', ['Realm.AllocateUser']], + ['perm', '/access/groups', ['User.Modify']], ], }, description => "Syncs users and/or groups from the configured LDAP to user.cfg."