From 1d6c548889f33950f0d255daaa4d795608999e92 Mon Sep 17 00:00:00 2001
From: Fabian Ebner <f.ebner@proxmox.com>
Date: Wed, 10 Mar 2021 10:26:27 +0100
Subject: [PATCH] api: disk list: allow if an audit permission for the node is
 present

as that seems to be the more natural permission path for listing a nodes local
disks. For backwards compatibility, the old permission check has to be kept
(relevant with propagate=0).

This API call was originally part of the Ceph API and got copied here later,
which might explain the current permission check.

In the UI, the Disk panel is visible with a node audit permission, but the API
call itself failed without the '/' audit permission.

Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
 PVE/API2/Disks.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/PVE/API2/Disks.pm b/PVE/API2/Disks.pm
index d2ee81d..33bca76 100644
--- a/PVE/API2/Disks.pm
+++ b/PVE/API2/Disks.pm
@@ -82,7 +82,10 @@ __PACKAGE__->register_method ({
     protected => 1,
     proxyto => 'node',
     permissions => {
-	check => ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	check => ['or',
+	    ['perm', '/', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	    ['perm', '/nodes/{node}', ['Sys.Audit', 'Datastore.Audit'], any => 1],
+	],
     },
     parameters => {
 	additionalProperties => 0,
-- 
2.39.2