From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 28 Feb 2013 09:01:04 +0000 (+0100)
Subject: fix access permissions for backup files
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=e5ae548727ea87783f1f6bfaac9181133981d2e9;ds=sidebyside

fix access permissions for backup files

bump version to 1.0-26
---

diff --git a/Makefile b/Makefile
index f541e51..ed340ab 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
-RELEASE=2.2
+RELEASE=2.3
 
 VERSION=1.0
 PACKAGE=libpve-access-control
-PKGREL=25
+PKGREL=26
 
 DESTDIR=
 PREFIX=/usr
diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index faa4fb2..eb7b3c7 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -295,7 +295,12 @@ sub check_volume_access {
 	($path, $ownervm, $vtype) = PVE::Storage::path($storecfg, $volid);
 	if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
 	    # we simply allow access 
-	} elsif (!$ownervm || ($ownervm != $vmid)) {
+	} elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
+	    # we are owner - allow access 
+	} elsif ($vtype eq 'backup' && $ownervm) {
+	    $self->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
+	    $self->check($user, "/vms/$ownervm", ['VM.Backup']);
+	} else {
 	    # allow if we are Datastore administrator
 	    $self->check($user, "/storage/$sid", ['Datastore.Allocate']);
 	}
diff --git a/changelog.Debian b/changelog.Debian
index 50b6c39..6e4790e 100644
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,3 +1,9 @@
+libpve-access-control (1.0-26) unstable; urgency=low
+
+  * check_volume_access: fix access permissions for backup files
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100
+
 libpve-access-control (1.0-25) unstable; urgency=low
 
   * add VM.Snapshot permission