From b8744249a2aafe39daacc70d4df3bae5f38e1a22 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 28 Feb 2013 10:15:44 +0100
Subject: [PATCH] fix access rights

Try to use $rpcenv->check_volume_access() everywhere.
---
 PVE/API2/Storage/Content.pm | 14 ++++++++++----
 changelog.Debian            |  2 ++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/PVE/API2/Storage/Content.pm b/PVE/API2/Storage/Content.pm
index eab5c30..7a8249c 100644
--- a/PVE/API2/Storage/Content.pm
+++ b/PVE/API2/Storage/Content.pm
@@ -58,13 +58,17 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
+	my $rpcenv = PVE::RPCEnvironment::get();
+
+	my $authuser = $rpcenv->get_user();
+
 	my $cts = $param->{content} ? [ $param->{content} ] : [ @ctypes ];
 
 	my $storeid = $param->{storage};
 
 	my $cfg = cfs_read_file("storage.cfg");
 
-	my $scfg = PVE::Storage::storage_config ($cfg, $storeid);
+	my $scfg = PVE::Storage::storage_config($cfg, $storeid);
 
 	my $res = [];
 	foreach my $ct (@$cts) {
@@ -82,6 +86,8 @@ __PACKAGE__->register_method ({
 	    next if !$data || !$data->{$storeid};
 
 	    foreach my $item (@{$data->{$storeid}}) {
+		eval { $rpcenv->check_volume_access($authuser, $cfg, undef, $item->{volid}); };
+		next if $@;
 		$item->{content} = $ct;
 		push @$res, $item;
 	    }
@@ -197,7 +203,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "Get volume attributes",
     permissions => { 
-	description => "You need 'Datastore.Audit' or 'Datastore.AllocateSpace' privilege on the storage.",
+	description => "You need read access for the volume.",
 	user => 'all',
     },
     protected => 1,
@@ -222,10 +228,10 @@ __PACKAGE__->register_method ({
 
 	my ($volid, $storeid) = &$real_volume_id($param->{storage}, $param->{volume});
 
-	$rpcenv->check_any($authuser, "/storage/$storeid", ['Datastore.Audit', 'Datastore.AllocateSpace']);
-
 	my $cfg = cfs_read_file('storage.cfg');
 
+	$rpcenv->check_volume_access($authuser, $cfg, undef, $volid);
+
 	my $path = PVE::Storage::path($cfg, $volid);
 	my ($size, $format, $used) = PVE::Storage::file_size_info ($path);
 
diff --git a/changelog.Debian b/changelog.Debian
index 4122a07..5a3022a 100644
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -2,6 +2,8 @@ libpve-storage-perl (2.3-4) unstable; urgency=low
 
   * rbd: rework pool - username - auth_supported options
   
+  * API: fix access rights: use $rpcenv->check_volume_access()
+  
  -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 06:41:58 +0100
 
 libpve-storage-perl (2.3-3) unstable; urgency=low
-- 
2.39.2