};
my $check_volume_access = sub {
- my ($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool) = @_;
+ my ($rpcenv, $authuser, $storecfg, $vmid, $volid) = @_;
my $path;
if (my ($sid, $volname) = PVE::Storage::parse_volume_id($volid, 1)) {
# we simply allow access
} elsif (!$ownervm || ($ownervm != $vmid)) {
# allow if we are Datastore administrator
- $rpcenv->check_storage_perm($authuser, $vmid, $pool, $sid, [ 'Datastore.Allocate' ]);
+ $rpcenv->check($authuser, "/storage/$sid", ['Datastore.Allocate']);
}
} else {
die "Only root can pass arbitrary filesystem paths."
};
my $check_storage_access = sub {
- my ($rpcenv, $authuser, $storecfg, $vmid, $pool, $settings, $default_storage) = @_;
+ my ($rpcenv, $authuser, $storecfg, $vmid, $settings, $default_storage) = @_;
PVE::QemuServer::foreach_drive($settings, sub {
my ($ds, $drive) = @_;
} elsif (!$isCDROM && ($volid =~ m/^(([^:\s]+):)?(\d+(\.\d+)?)$/)) {
my ($storeid, $size) = ($2 || $default_storage, $3);
die "no storage ID specified (and no default storage)\n" if !$storeid;
- $rpcenv->check_storage_perm($authuser, $vmid, $pool, $storeid, [ 'Datastore.AllocateSpace' ]);
+ $rpcenv->check($authuser, "/storage/$storeid", ['Datastore.AllocateSpace']);
} else {
- my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool);
+ my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
die "image '$path' does not exists\n" if (!(-f $path || -b $path));
}
});
delete $disk->{format}; # no longer needed
$res->{$ds} = PVE::QemuServer::print_drive($vmid, $disk);
} else {
- my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid, $pool);
+ my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $volid);
die "image '$path' does not exists\n" if (!(-f $path || -b $path));
$res->{$ds} = $settings->{$ds};
}
$rpcenv->check_perm_modify($authuser, "/pool/$pool");
}
- $rpcenv->check_storage_perm($authuser, $vmid, $pool, $storage, [ 'Datastore.AllocateSpace' ])
+ $rpcenv->check($authuser, "/storage/$storage", ['Datastore.AllocateSpace'])
if defined($storage);
if (!$archive) {
&$resolve_cdrom_alias($param);
- &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $pool, $param, $storage);
+ &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param, $storage);
&$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, $pool, [ keys %$param]);
die "pipe requires cli environment\n"
&& $rpcenv->{type} ne 'cli';
} else {
- my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive, $pool);
+ my $path = &$check_volume_access($rpcenv, $authuser, $storecfg, $vmid, $archive);
die "can't find archive file '$archive'\n" if !($path && -f $path);
$archive = $path;
}
my $drive = PVE::QemuServer::parse_drive($opt, $conf->{$opt});
if (my $sid = &$test_deallocate_drive($storecfg, $vmid, $opt, $drive, $force)) {
- $rpcenv->check_storage_perm($authuser, $vmid, undef, $sid, [ 'Datastore.Allocate' ]);
+ $rpcenv->check($authuser, "/storage/$sid", ['Datastore.Allocate']);
}
}
&$check_vm_modify_config_perm($rpcenv, $authuser, $vmid, undef, [keys %$param]);
- &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, undef, $param);
+ &$check_storage_access($rpcenv, $authuser, $storecfg, $vmid, $param);
my $updatefn = sub {