api: vzdump: extract config: check for VM.Backup privilege

In preparation to have check_volume_access() always allow access for
users with Datastore.Allocate privilege. As to not automatically give
all such users permission to extract the config too.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>

diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm
index 2c0df4c37e127e9883330c6a4846b675c63502e5..a6c4d111f5c61513590343f4208bfdadf9d19351 100644 (file)
--- a/PVE/API2/VZDump.pm
+++ b/PVE/API2/VZDump.pm
@@ -269,6 +269,11 @@ __PACKAGE__->register_method ({
        my $storage_cfg = PVE::Storage::config();
        PVE::Storage::check_volume_access($rpcenv, $authuser, $storage_cfg, undef, $volume);
 
+       if (PVE::Storage::parse_volume_id($volume, 1)) {
+           my (undef, undef, $ownervm) = PVE::Storage::parse_volname($storage_cfg, $volume);
+           $rpcenv->check($authuser, "/vms/$ownervm", ['VM.Backup']);
+       }
+
        return PVE::Storage::extract_vzdump_config($storage_cfg, $volume);
     }});