RPCEnvironment: removed check_volume_access() to avoid cyclic dependency

[pve-access-control.git] / PVE / RPCEnvironment.pm

diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index 727a2aa6733203c57c8f965c2263a367f10e35bc..c661edad906a9ef64b0c24fef193d053e9c56085 100644 (file)
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -15,8 +15,6 @@ use PVE::AccessControl;
 
 use base qw(PVE::RESTEnvironment);
 
-# FIXME: remove dependency to PVE::Storage;
-
 # ACL cache
 
 my $compile_acl_path = sub {
@@ -211,33 +209,6 @@ sub check_vm_perm {
     return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr);
 };
 
-sub check_volume_access {
-    my ($self, $user, $storecfg, $vmid, $volid) = @_;
-
-    # test if we have read access to volid
-
-    my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
-    if ($sid) {
-       my ($vtype, undef, $ownervm) = PVE::Storage::parse_volname($storecfg, $volid);
-       if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
-           # we simply allow access
-       } elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
-           # we are owner - allow access
-       } elsif ($vtype eq 'backup' && $ownervm) {
-           $self->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
-           $self->check($user, "/vms/$ownervm", ['VM.Backup']);
-       } else {
-           # allow if we are Datastore administrator
-           $self->check($user, "/storage/$sid", ['Datastore.Allocate']);
-       }
-    } else {
-       die "Only root can pass arbitrary filesystem paths."
-           if $user ne 'root@pam';
-    }
-
-    return undef;
-}
-
 sub is_group_member {
     my ($self, $group, $user) = @_;