always allow retrieving (censored) subscription info

like we do for PVE. this is visible on the dashboard, and caused 403 on
each update which bothers me when looking at the dev console.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

src/api2/node/subscription.rs

@@ -1,11 +1,12 @@
 use anyhow::{Error};
 use serde_json::{json, Value};
 
-use proxmox::api::{api, Router, Permission};
+use proxmox::api::{api, Router, RpcEnvironment, Permission};
 
 use crate::tools;
 use crate::config::acl::PRIV_SYS_AUDIT;
-use crate::api2::types::NODE_SCHEMA;
+use crate::config::cached_user_info::CachedUserInfo;
+use crate::api2::types::{NODE_SCHEMA, Userid};
 
 #[api(
     input: {
@@ -28,7 +29,7 @@ use crate::api2::types::NODE_SCHEMA;
             },
             serverid: {
                 type: String,
-                description: "The unique server ID.",
+                description: "The unique server ID, if permitted to access.",
             },
             url: {
                 type: String,
@@ -37,17 +38,28 @@ use crate::api2::types::NODE_SCHEMA;
         },
     },
     access: {
-        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+        permission: &Permission::Anybody,
     },
 )]
 /// Read subscription info.
-fn get_subscription(_param: Value) -> Result<Value, Error> {
+fn get_subscription(
+    _param: Value,
+    rpcenv: &mut dyn RpcEnvironment,
+) -> Result<Value, Error> {
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
+    let user_info = CachedUserInfo::new()?;
+    let user_privs = user_info.lookup_privs(&userid, &[]);
+    let server_id = if (user_privs & PRIV_SYS_AUDIT) != 0 {
+        tools::get_hardware_address()?
+    } else {
+        "hidden".to_string()
+    };
 
     let url = "https://www.proxmox.com/en/proxmox-backup-server/pricing";
     Ok(json!({
         "status": "NotFound",
         "message": "There is no subscription key",
-	"serverid": tools::get_hardware_address()?,
+        "serverid": server_id,
         "url":  url,
      }))
 }