From db5051b462b57675c4e57d4e13d15a14190a876f Mon Sep 17 00:00:00 2001
From: Dominik Csapak <d.csapak@proxmox.com>
Date: Thu, 11 Jan 2018 09:38:43 +0100
Subject: [PATCH] let all users read user data

but qmanager only their own

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 PMG/API2/Users.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/PMG/API2/Users.pm b/PMG/API2/Users.pm
index 6c19137..f7e8287 100644
--- a/PMG/API2/Users.pm
+++ b/PMG/API2/Users.pm
@@ -9,6 +9,7 @@ use PVE::Tools qw(extract_param);
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::RESTHandler;
 use PVE::INotify;
+use PVE::Exception qw(raise_perm_exc);
 
 use PMG::RESTEnvironment;
 use PMG::UserConfig;
@@ -118,6 +119,7 @@ __PACKAGE__->register_method ({
     path => '{userid}',
     method => 'GET',
     description => "Read User data.",
+    permissions => { check => [ 'admin', 'qmanager', 'audit' ] },
     proxyto => 'master',
     protected => 1,
     parameters => {
@@ -135,6 +137,13 @@ __PACKAGE__->register_method ({
 
 	my $cfg = PMG::UserConfig->new();
 
+	my $rpcenv = PMG::RESTEnvironment->get();
+	my $authuser = $rpcenv->get_user();
+	my $role = $rpcenv->get_role();
+
+	raise_perm_exc()
+	    if $role eq 'qmanager' && $authuser ne $param->{userid};
+
 	my $data = $cfg->lookup_user_data($param->{userid});
 
 	my $res = $extract_userdata->($data);
-- 
2.39.2