From 463c03462af32165dde97610e85e5c7bfedb065b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 16 Sep 2020 11:51:12 +0200
Subject: [PATCH] fix #2957: allow Sys.Audit access to node RRD
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

this is the same privilege needed to query the node status.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/api2/node/rrd.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/api2/node/rrd.rs b/src/api2/node/rrd.rs
index 99881461..cc18f30e 100644
--- a/src/api2/node/rrd.rs
+++ b/src/api2/node/rrd.rs
@@ -1,9 +1,10 @@
 use anyhow::Error;
 use serde_json::{Value, json};
 
-use proxmox::api::{api, Router};
+use proxmox::api::{api, Permission, Router};
 
 use crate::api2::types::*;
+use crate::config::acl::PRIV_SYS_AUDIT;
 use crate::rrd::{extract_cached_data, RRD_DATA_ENTRIES};
 
 pub fn create_value_from_rrd(
@@ -56,6 +57,9 @@ pub fn create_value_from_rrd(
             },
         },
     },
+    access: {
+        permission: &Permission::Privilege(&["system", "status"], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// Read node stats
 fn get_node_stats(