fix realm sync permissions

The userid-* permission check variants work on
$param->{userid} directly which does not exist for this
call. Also, they work on the realm of the user being
checked, rather than the realm provided as parameter.

The result was that as non-root user this always failed
with the message "userid '' too short"

Fix this by making the check explicitly work like in the
description.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/API2/Domains.pm b/src/PVE/API2/Domains.pm
index 9c2b2548028790f19baaa81bde4cf0f071bb7719..56e8394e0165787998081a2b76eeb2494a4b5ac9 100644 (file)
--- a/src/PVE/API2/Domains.pm
+++ b/src/PVE/API2/Domains.pm
@@ -397,8 +397,8 @@ __PACKAGE__->register_method ({
        description => "'Realm.AllocateUser' on '/access/realm/<realm>' and "
            ." 'User.Modify' permissions to '/access/groups/'.",
        check => [ 'and',
-           [ 'userid-param', 'Realm.AllocateUser' ],
-           [ 'userid-group', ['User.Modify'] ],
+           ['perm', '/access/realm/{realm}', ['Realm.AllocateUser']],
+           ['perm', '/access/groups', ['User.Modify']],
        ],
     },
     description => "Syncs users and/or groups from the configured LDAP to user.cfg."