From d28ddb8e04d665ad62764b5799052fe51b19a8ba Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 17 Apr 2020 10:03:09 +0200
Subject: [PATCH] src/api2/access/acl.rs: add access permissions

---
 src/api2/access/acl.rs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/api2/access/acl.rs b/src/api2/access/acl.rs
index a97d0239..82d89072 100644
--- a/src/api2/access/acl.rs
+++ b/src/api2/access/acl.rs
@@ -1,11 +1,12 @@
 use failure::*;
 use ::serde::{Deserialize, Serialize};
 
-use proxmox::api::{api, Router, RpcEnvironment};
+use proxmox::api::{api, Router, RpcEnvironment, Permission};
 use proxmox::api::schema::{Schema, StringSchema, BooleanSchema, ApiStringFormat};
 
 use crate::api2::types::*;
 use crate::config::acl;
+use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
 
 pub const ACL_PROPAGATE_SCHEMA: Schema = BooleanSchema::new(
     "Allow to propagate (inherit) permissions.")
@@ -119,7 +120,10 @@ fn extract_acl_node_data(
         items: {
             type: AclListItem,
         }
-    }
+    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// Read Access Control List (ACLs).
 pub fn read_acl(
@@ -169,6 +173,9 @@ pub fn read_acl(
             },
        },
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Update Access Control List (ACLs).
 pub fn update_acl(