projects / pve-access-control.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dd9e95b) | patch
tfa list: account for admin permissions
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Mon, 6 Dec 2021 13:33:44 +0000 (14:33 +0100)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 7 Dec 2021 08:08:01 +0000 (09:08 +0100)
commitdc7ef2401a0b099183d4463b23da55fc8d99e961
tree30773d99ffee976db9f85a9afda9daf4ac1dedcftree
parentdd9e95b18773b97131ab65d76110f1c4489bf9f6commit | diff
tfa list: account for admin permissions

instead of restricting listing tfa entries of others to
root@pam, perform the same checks the user-list does and
which also reflect the permissions of the api calls actually
operating on those users, so, `User.Modify` on the user (but
also `Sys.Audit`, since it's only a read-operation, just
like the user index API call)

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
src/PVE/API2/TFA.pm diff | blob | blame | history
Access control framework