followup: improve comment

[pve-storage.git] / PVE / Storage.pm

diff --git a/PVE/Storage.pm b/PVE/Storage.pm
index a1c4a148a790956dab348f59ec72679e9a4f749c..6ad88d3d41b92b9a975a91d8b89af3578a78c0c1 100755 (executable)
--- a/PVE/Storage.pm
+++ b/PVE/Storage.pm
@@ -399,7 +399,7 @@ sub check_volume_access {
     if ($sid) {
        my ($vtype, undef, $ownervm) = parse_volname($cfg, $volid);
        if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
-           # at least read access to storage
+           # require at least read access to storage, (custom) templates/ISOs could be sensitive
            $rpcenv->check_any($user, "/storage/$sid", ['Datastore.AllocateSpace', 'Datastore.Audit']);
        } elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
            # we are owner - allow access