method => 'POST',
protected => 1,
permissions => {
- check => ['perm', '/', [ 'VM.PowerMgmt' ]],
+ description => "The 'VM.PowerMgmt' permission is required on '/' or on '/vms/<ID>' for "
+ ."each ID passed via the 'vms' parameter.",
+ user => 'all',
},
proxyto => 'node',
description => "Start all VMs and containers located on this node (by default only those with onboot=1).",
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
+ if (!$rpcenv->check($authuser, "/", [ 'VM.PowerMgmt' ], 1)) {
+ my @vms = PVE::Tools::split_list($param->{vms});
+ if (scalar(@vms) > 0) {
+ $rpcenv->check($authuser, "/vms/$_", [ 'VM.PowerMgmt' ]) for @vms;
+ } else {
+ raise_perm_exc("/, VM.PowerMgmt");
+ }
+ }
+
my $nodename = $param->{node};
$nodename = PVE::INotify::nodename() if $nodename eq 'localhost';
method => 'POST',
protected => 1,
permissions => {
- check => ['perm', '/', [ 'VM.PowerMgmt' ]],
+ description => "The 'VM.PowerMgmt' permission is required on '/' or on '/vms/<ID>' for "
+ ."each ID passed via the 'vms' parameter.",
+ user => 'all',
},
proxyto => 'node',
description => "Stop all VMs and Containers.",
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
+ if (!$rpcenv->check($authuser, "/", [ 'VM.PowerMgmt' ], 1)) {
+ my @vms = PVE::Tools::split_list($param->{vms});
+ if (scalar(@vms) > 0) {
+ $rpcenv->check($authuser, "/vms/$_", [ 'VM.PowerMgmt' ]) for @vms;
+ } else {
+ raise_perm_exc("/, VM.PowerMgmt");
+ }
+ }
+
my $nodename = $param->{node};
$nodename = PVE::INotify::nodename() if $nodename eq 'localhost';
proxyto => 'node',
protected => 1,
permissions => {
- check => ['perm', '/', [ 'VM.Migrate' ]],
+ description => "The 'VM.Migrate' permission is required on '/' or on '/vms/<ID>' for each "
+ ."ID passed via the 'vms' parameter.",
+ user => 'all',
},
description => "Migrate all VMs and Containers.",
parameters => {
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
+ if (!$rpcenv->check($authuser, "/", [ 'VM.Migrate' ], 1)) {
+ my @vms = PVE::Tools::split_list($param->{vms});
+ if (scalar(@vms) > 0) {
+ $rpcenv->check($authuser, "/vms/$_", [ 'VM.Migrate' ]) for @vms;
+ } else {
+ raise_perm_exc("/, VM.Migrate");
+ }
+ }
+
my $nodename = $param->{node};
$nodename = PVE::INotify::nodename() if $nodename eq 'localhost';