api: create/modify: add content type checks

author Fabian Ebner <f.ebner@proxmox.com>

Wed, 30 Mar 2022 10:24:36 +0000 (12:24 +0200)

committer Fabian Grünbichler <f.gruenbichler@proxmox.com>

Fri, 1 Apr 2022 07:57:45 +0000 (09:57 +0200)
author Fabian Ebner <f.ebner@proxmox.com>
Wed, 30 Mar 2022 10:24:36 +0000 (12:24 +0200)
committer Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fri, 1 Apr 2022 07:57:45 +0000 (09:57 +0200)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm

index 84712f79b505bbacee0afa7af7704534948f66d1..ea4827fcf92426f0e375d93f110cac355fd0fdcd 100644 (file)
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -283,7 +283,15 @@ __PACKAGE__->register_method({
             $archive = '-';
             die "restore from pipe requires rootfs parameter\n" if !defined($param->{rootfs});
         } else {
-           PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, $vmid, $ostemplate);
+           my $content_type = $restore ? 'backup' : 'vztmpl';
+           PVE::Storage::check_volume_access(
+               $rpcenv,
+               $authuser,
+               $storage_cfg,
+               $vmid,
+               $ostemplate,
+               $content_type,
+           );
             $archive = $ostemplate;
         }
  
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm

index b07d986087fa4037b2a2fa960bbde0a51c8c55ed..fe630875470ef533601d1ea7fee887f01150396b 100644 (file)
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -1272,7 +1272,14 @@ sub check_ct_modify_config_perm {
                 my $sid = $1;
                 $rpcenv->check($authuser, "/storage/$sid", ['Datastore.AllocateSpace']);
             } else {
-               PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, $vmid, $volid);
+               PVE::Storage::check_volume_access(
+                   $rpcenv,
+                   $authuser,
+                   $storage_cfg,
+                   $vmid,
+                   $volid,
+                   'rootdir',
+               );
             }
         } elsif ($opt eq 'memory' || $opt eq 'swap') {
             $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
author	Fabian Ebner <f.ebner@proxmox.com>
	Wed, 30 Mar 2022 10:24:36 +0000 (12:24 +0200)
committer	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Fri, 1 Apr 2022 07:57:45 +0000 (09:57 +0200)
src/PVE/API2/LXC.pm		patch \| blob \| blame \| history
src/PVE/LXC.pm		patch \| blob \| blame \| history