On 1/16/19 7:02 AM, Dietmar Maurer wrote:
>
>>> check => ['perm', '/nodes/', [ 'Sys.PowerMgmt' ]],
>>>
>>
>> No, this does not gets proxied to the {node},
>
> Yes - that is exactly my point (it makes no sense to have Sys.PowerMgnt on
> node).
It makes fully sense. They way this inteded to work is like: We have three nodes
A, B, C. C is powered off. An user has the Sys.PowerMgmt permissions on only
Node
C. As it's powered off he naturally cannot do the API call to this node, so the
user post it to any other node (lets say A), *but* with node C in the API path,
e.g.:
POST /nodes/C/wakeonlan (send over Node *A*)
Node A thus gets a call to it's wakeonlan code path but with "C" as value for
the
node parameter, and thus it checks correctly if you can power manage node C.
I tested this, it works.
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
