]> git.proxmox.com Git - pve-manager.git/blobdiff - PVE/HTTPServer.pm
projects / pve-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rest_handler: implement 'allowtoken' property
[pve-manager.git] / PVE / HTTPServer.pm
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index 65f3a1d8591f2d855c9486d9203ea724a2e4215a..7859081bfa7c4a597db5d82a9f152010e7e5cfce 100755 (executable)
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -7,7 +7,7 @@ use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::Tools;
 use PVE::APIServer::AnyEvent;
-use PVE::Exception qw(raise_param_exc raise);
+use PVE::Exception qw(raise_param_exc raise_perm_exc raise);
 
 use PVE::RPCEnvironment;
 use PVE::AccessControl;
@@ -148,6 +148,9 @@ sub rest_handler {
            $uri_param->{$p} = $params->{$p};
        }
 
+       raise_perm_exc("URI '$rel_uri' not available with API token, need proper ticket.\n")
+           if $auth->{api_token} && !$info->{allowtoken};
+
        # check access permissions
        $rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid}, $uri_param);
 
The Proxmox VE Management API and Web UI