X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FRPCEnvironment.pm;h=95d3029886183e488bd8bdbf76213f888eb8d83e;hp=727a2aa6733203c57c8f965c2263a367f10e35bc;hb=b54b7474bbd31dfea36a773b848a343d2d13aedd;hpb=c104e4abe6211c764060c02e30d32115c0203b2b

diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index 727a2aa..95d3029 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -15,8 +15,6 @@ use PVE::AccessControl;
 
 use base qw(PVE::RESTEnvironment);
 
-# FIXME: remove dependency to PVE::Storage;
-
 # ACL cache
 
 my $compile_acl_path = sub {
@@ -211,33 +209,6 @@ sub check_vm_perm {
     return $self->check_full($user, "/vms/$vmid", $privs, $any, $noerr);
 };
 
-sub check_volume_access {
-    my ($self, $user, $storecfg, $vmid, $volid) = @_;
-
-    # test if we have read access to volid
-
-    my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1);
-    if ($sid) {
-	my ($vtype, undef, $ownervm) = PVE::Storage::parse_volname($storecfg, $volid);
-	if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
-	    # we simply allow access
-	} elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
-	    # we are owner - allow access
-	} elsif ($vtype eq 'backup' && $ownervm) {
-	    $self->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
-	    $self->check($user, "/vms/$ownervm", ['VM.Backup']);
-	} else {
-	    # allow if we are Datastore administrator
-	    $self->check($user, "/storage/$sid", ['Datastore.Allocate']);
-	}
-    } else {
-	die "Only root can pass arbitrary filesystem paths."
-	    if $user ne 'root@pam';
-    }
-
-    return undef;
-}
-
 sub is_group_member {
     my ($self, $group, $user) = @_;
 
@@ -380,7 +351,7 @@ sub exec_api2_perm_check {
 sub check_api2_permissions {
     my ($self, $perm, $username, $param) = @_;
 
-    return 1 if !$username && $perm->{user} eq 'world';
+    return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
 
     raise_perm_exc("user != null") if !$username;