[pbs-devel] [PATCH proxmox-backup 4/8] clippy: rewrite ifs with identical return values
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jan 20 17:23:51 CET 2021
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/api2/access.rs | 32 +++++++++++++-------------------
src/api2/node/tasks.rs | 16 ++++++----------
2 files changed, 19 insertions(+), 29 deletions(-)
diff --git a/src/api2/access.rs b/src/api2/access.rs
index 61d0f74e..b4d78395 100644
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@@ -25,6 +25,7 @@ pub mod role;
pub mod tfa;
pub mod user;
+#[allow(clippy::large_enum_variant)]
enum AuthResult {
/// Successful authentication which does not require a new ticket.
Success,
@@ -329,27 +330,20 @@ pub fn list_permissions(
let user_info = CachedUserInfo::new()?;
let user_privs = user_info.lookup_privs(¤t_auth_id, &["access"]);
- let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
- match auth_id {
- Some(auth_id) => {
- if auth_id == current_auth_id {
- auth_id
- } else if auth_id.is_token()
+ let auth_id = match auth_id {
+ Some(auth_id) if auth_id == current_auth_id => current_auth_id,
+ Some(auth_id) => {
+ if user_privs & PRIV_SYS_AUDIT != 0
+ || (auth_id.is_token()
&& !current_auth_id.is_token()
- && auth_id.user() == current_auth_id.user()
- {
- auth_id
- } else {
- bail!("not allowed to list permissions of {}", auth_id);
- }
+ && auth_id.user() == current_auth_id.user())
+ {
+ auth_id
+ } else {
+ bail!("not allowed to list permissions of {}", auth_id);
}
- None => current_auth_id,
- }
- } else {
- match auth_id {
- Some(auth_id) => auth_id,
- None => current_auth_id,
- }
+ },
+ None => current_auth_id,
};
fn populate_acl_paths(
diff --git a/src/api2/node/tasks.rs b/src/api2/node/tasks.rs
index 8de35ca9..99470531 100644
--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
} else {
let user_info = CachedUserInfo::new()?;
- let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
- if task_privs & PRIV_SYS_AUDIT != 0 {
- // allowed to read all tasks in general
- Ok(())
- } else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
- // job which the user/token could have configured/manually executed
- Ok(())
- } else {
- bail!("task access not allowed");
- }
+ // access to all tasks
+ // or task == job which the user/token could have configured/manually executed
+
+ user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
+ .or_else(|_| check_job_privs(&auth_id, &user_info, upid))
+ .or_else(|_| bail!("task access not allowed"))
}
}
--
2.20.1
More information about the pbs-devel
mailing list