Require Sys.Audit to read the cluster configuration

Up to now only root could see the corosync cluster config.

Sys.Audit is the same permission required
for reading the HA Config and the HA Resources Config.

diff --git a/data/PVE/API2/ClusterConfig.pm b/data/PVE/API2/ClusterConfig.pm
index ab807bd8ce00c4475b06eabda2d722410adc7612..65b376f11b77963c1cc3e87035cd5a828193910b 100644 (file)
--- a/data/PVE/API2/ClusterConfig.pm
+++ b/data/PVE/API2/ClusterConfig.pm
@@ -16,6 +16,9 @@ __PACKAGE__->register_method({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => {
+       check => ['perm', '/', [ 'Sys.Audit' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -44,6 +47,9 @@ __PACKAGE__->register_method({
     path => 'nodes',
     method => 'GET',
     description => "Corosync node list.",
+    permissions => {
+       check => ['perm', '/', [ 'Sys.Audit' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -73,6 +79,9 @@ __PACKAGE__->register_method({
     path => 'totem',
     method => 'GET',
     description => "Get corosync totem protocol settings.",
+    permissions => {
+       check => ['perm', '/', [ 'Sys.Audit' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => {},