On 1/16/19 7:02 AM, Dietmar Maurer wrote: > >>> check => ['perm', '/nodes/', [ 'Sys.PowerMgmt' ]], >>> >> >> No, this does not gets proxied to the {node}, > > Yes - that is exactly my point (it makes no sense to have Sys.PowerMgnt on > node).
It makes fully sense. They way this inteded to work is like: We have three nodes A, B, C. C is powered off. An user has the Sys.PowerMgmt permissions on only Node C. As it's powered off he naturally cannot do the API call to this node, so the user post it to any other node (lets say A), *but* with node C in the API path, e.g.: POST /nodes/C/wakeonlan (send over Node *A*) Node A thus gets a call to it's wakeonlan code path but with "C" as value for the node parameter, and thus it checks correctly if you can power manage node C. I tested this, it works. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel