api: notification: make the 'mail-to-root' target visible to any user

Since the target does not require Mapping.Use, it should also be
visible and testable by all users.

Short explanation why the 'mail-to-root' is exempt from priv checks:

To ensure backwards compatibility, the 'mail-to-root' target does not
require the `Mapping.Use` privs. This is needed due to the fact that
this target is used as a fallback in case no other target is
configured for an event. For instance, the /node/<name>/apt/update API
call only requires Sys.Modify for the node, but it can also send a
notification. If we were to require Mapping.Use, we could break the
apt/update API compat in the case that a notification shall be sent,
but without any configured notification target (which will then
default to 'mail-to-root').

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>

diff --git a/PVE/API2/Cluster/Notifications.pm b/PVE/API2/Cluster/Notifications.pm
index 9c9e824387cf282a68444a1aa565a0d30599bb26..ec666903420b2bb3f2646355fa01f23c68a58dec 100644 (file)
--- a/PVE/API2/Cluster/Notifications.pm
+++ b/PVE/API2/Cluster/Notifications.pm
@@ -68,7 +68,7 @@ sub filter_entities_by_privs {
            "/mapping/notification/$_->{name}",
            $can_see_mapping_privs,
            1
-       )
+       ) || $_->{name} eq PVE::Notify::default_target();
     } @$entities];
 
     return $filtered;
@@ -165,7 +165,8 @@ __PACKAGE__->register_method ({
        ' (endpoints and groups).',
     permissions => {
        description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or"
-           . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'.",
+           . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'."
+           . " The special 'mail-to-root' target is available to all users.",
        user => 'all',
     },
     protected => 1,
@@ -244,11 +245,10 @@ __PACKAGE__->register_method ({
     method => 'POST',
     description => 'Send a test notification to a provided target.',
     permissions => {
-       check => ['or',
-           ['perm', '/mapping/notification/{name}', ['Mapping.Use']],
-           ['perm', '/mapping/notification/{name}', ['Mapping.Modify']],
-           ['perm', '/mapping/notification/{name}', ['Mapping.Audit']],
-       ],
+       description => "The user requires 'Mapping.Modify', 'Mapping.Use' or"
+           . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'."
+           . " The special 'mail-to-root' target can be accessed by all users.",
+       user => 'all',
     },
     parameters => {
        additionalProperties => 0,
@@ -264,10 +264,23 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
        my $name = extract_param($param, 'name');
-
-       my $config = PVE::Notify::read_config();
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $authuser = $rpcenv->get_user();
+
+       my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
+
+       if ($name ne PVE::Notify::default_target()) {
+           # Due to backwards compatibility reasons the 'mail-to-root'
+           # target must be accessible for any user
+           $rpcenv->check_any(
+               $authuser,
+               "/mapping/notification/$name",
+               $privs,
+           );
+       }
 
        eval {
+           my $config = PVE::Notify::read_config();
            $config->test_target($name);
        };