On July 18, 2025 5:03 pm, Fiona Ebner wrote:
> The check_volume_access() method is for checking read access to a
> volume. Users should be able to list the images, e.g. to check backup
> health via monitoring like reported in #5492 comment 3, with just an
> audit privilege.
>
> Signed-off-by: Fiona Ebner <f.eb...@proxmox.com>
> ---
> src/PVE/API2/Storage/Content.pm | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/src/PVE/API2/Storage/Content.pm b/src/PVE/API2/Storage/Content.pm
> index 1fe7303..c1f9a1f 100644
> --- a/src/PVE/API2/Storage/Content.pm
> +++ b/src/PVE/API2/Storage/Content.pm
> @@ -154,12 +154,6 @@ __PACKAGE__->register_method({
>
> my $res = [];
> foreach my $item (@$vollist) {
> - eval {
> - PVE::Storage::check_volume_access(
> - $rpcenv, $authuser, $cfg, undef, $item->{volid},
> - );
> - };
> - next if $@;
the data here also contains things like the notes content for that
volume, which might be sensitive..
should we maybe limit the returned information if there is no volume
access? e.g., just return volid, format, type, owner, and size
information?
> $item->{vmid} = int($item->{vmid}) if defined($item->{vmid});
> $item->{size} = int($item->{size}) if defined($item->{size});
> $item->{used} = int($item->{used}) if defined($item->{used});
> --
> 2.47.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
