include privilege names in check_privs error
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
3e4994a54f
commit
d1fba4de1d
@ -9,7 +9,7 @@ use proxmox_router::UserInformation;
|
||||
use proxmox_section_config::SectionConfigData;
|
||||
use proxmox_time::epoch_i64;
|
||||
|
||||
use pbs_api_types::{ApiToken, Authid, User, Userid, ROLE_ADMIN};
|
||||
use pbs_api_types::{privs_to_priv_names, ApiToken, Authid, User, Userid, ROLE_ADMIN};
|
||||
|
||||
use crate::acl::{AclTree, ROLE_NAMES};
|
||||
use crate::ConfigVersionCache;
|
||||
@ -123,7 +123,16 @@ impl CachedUserInfo {
|
||||
if !allowed {
|
||||
// printing the path doesn't leaks any information as long as we
|
||||
// always check privilege before resource existence
|
||||
bail!("no permissions on '/{}'", path.join("/"));
|
||||
let priv_names = privs_to_priv_names(required_privs);
|
||||
let priv_names = if partial {
|
||||
priv_names.join("|")
|
||||
} else {
|
||||
priv_names.join("&")
|
||||
};
|
||||
bail!(
|
||||
"missing permissions '{priv_names}' on '/{}'",
|
||||
path.join("/")
|
||||
);
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user