proxyto => 'node',
description => "Execute Qemu monitor commands.",
permissions => {
+ description => "Sys.Modify is required for (sub)commands which are not read-only ('info *' and 'help')",
check => ['perm', '/vms/{vmid}', [ 'VM.Monitor' ]],
},
parameters => {
code => sub {
my ($param) = @_;
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my $is_ro = sub {
+ my $command = shift;
+ return $command =~ m/^\s*info(\s+|$)/
+ || $command =~ m/^\s*help\s*$/;
+ };
+
+ $rpcenv->check_full($authuser, "/", ['Sys.Modify'])
+ if !&$is_ro($param->{command});
+
my $vmid = $param->{vmid};
my $conf = PVE::QemuConfig->load_config ($vmid); # check if VM exists