Commit 16639eb6 authored by Dietmar Maurer's avatar Dietmar Maurer

add permissions for task API

parent 947edbf7
...@@ -19,7 +19,10 @@ __PACKAGE__->register_method({ ...@@ -19,7 +19,10 @@ __PACKAGE__->register_method({
name => 'node_tasks', name => 'node_tasks',
path => '', path => '',
method => 'GET', method => 'GET',
permissions => { user => 'all' }, permissions => {
description => "List task associated with the current user, or all task the user has 'Sys.Audit' permissions on /nodes/<node> (the <node> the task runs on).",
user => 'all'
},
description => "Read task list for one node (finished tasks).", description => "Read task list for one node (finished tasks).",
proxyto => 'node', proxyto => 'node',
parameters => { parameters => {
...@@ -153,7 +156,10 @@ __PACKAGE__->register_method({ ...@@ -153,7 +156,10 @@ __PACKAGE__->register_method({
path => '{upid}', path => '{upid}',
method => 'DELETE', method => 'DELETE',
description => 'Stop a task.', description => 'Stop a task.',
permissions => { user => 'all' }, permissions => {
description => "The user needs 'Sys.Modify' permissions on '/nodes/<node>' if the task does not belong to him.",
user => 'all',
},
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
parameters => { parameters => {
...@@ -176,7 +182,7 @@ __PACKAGE__->register_method({ ...@@ -176,7 +182,7 @@ __PACKAGE__->register_method({
my $node = $param->{node}; my $node = $param->{node};
if ($user ne $task->{user}) { if ($user ne $task->{user}) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Console' ]); $rpcenv->check($user, "/nodes/$node", [ 'Sys.Modify' ]);
} }
PVE::RPCEnvironment::check_worker($param->{upid}, 1); PVE::RPCEnvironment::check_worker($param->{upid}, 1);
...@@ -188,7 +194,10 @@ __PACKAGE__->register_method({ ...@@ -188,7 +194,10 @@ __PACKAGE__->register_method({
name => 'read_task_log', name => 'read_task_log',
path => '{upid}/log', path => '{upid}/log',
method => 'GET', method => 'GET',
permissions => { user => 'all' }, permissions => {
description => "The user needs 'Sys.Audit' permissions on '/nodes/<node>' if the task does not belong to him.",
user => 'all',
},
protected => 1, protected => 1,
description => "Read task log.", description => "Read task log.",
proxyto => 'node', proxyto => 'node',
...@@ -274,7 +283,10 @@ __PACKAGE__->register_method({ ...@@ -274,7 +283,10 @@ __PACKAGE__->register_method({
name => 'read_task_status', name => 'read_task_status',
path => '{upid}/status', path => '{upid}/status',
method => 'GET', method => 'GET',
permissions => { user => 'all' }, permissions => {
description => "The user needs 'Sys.Audit' permissions on '/nodes/<node>' if the task does not belong to him.",
user => 'all',
},
protected => 1, protected => 1,
description => "Read task status.", description => "Read task status.",
proxyto => 'node', proxyto => 'node',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment