api: disk list: allow if an audit permission for the node is present

as that seems to be the more natural permission path for listing a nodes local
disks. For backwards compatibility, the old permission check has to be kept
(relevant with propagate=0).

This API call was originally part of the Ceph API and got copied here later,
which might explain the current permission check.

In the UI, the Disk panel is visible with a node audit permission, but the API
call itself failed without the '/' audit permission.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>

diff --git a/PVE/API2/Disks.pm b/PVE/API2/Disks.pm
index d2ee81dd613fec3c95619504e9becbe082ee4036..33bca7655b54f874e5a730ff88d665e05b8d3905 100644 (file)
--- a/PVE/API2/Disks.pm
+++ b/PVE/API2/Disks.pm
@@ -82,7 +82,10 @@ __PACKAGE__->register_method ({
     protected => 1,
     proxyto => 'node',
     permissions => {
-       check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+       check => ['or',
+           ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+           ['perm', '/nodes/{node}', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+       ],
     },
     parameters => {
        additionalProperties => 0,