allow user to see his own entry

[pve-access-control.git] / PVE / API2 / User.pm

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 459356704fcc7b499fbb1e230a093de5ef56b17a..8b063641178197feecb376ecd42041e2675feca9 100644 (file)
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -36,6 +36,7 @@ __PACKAGE__->register_method ({
     path => '', 
     method => 'GET',
     description => "User index.",
+    permissions => { user => 'all' },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -59,13 +60,17 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
     
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $authuser = $rpcenv->get_user();
+
        my $res = [];
 
        my $usercfg = cfs_read_file("user.cfg");
  
        foreach my $user (keys %{$usercfg->{users}}) {
-           next if $user eq 'root';
-           
+           # root sees all entries, a user only sees its own entry
+           next if $authuser ne 'root@pam' && $user ne $authuser;
+
            my $entry = &$extract_user_data($usercfg->{users}->{$user});
 
            if (defined($param->{enabled})) {