[pbs-devel] [PATCH proxmox-backup 4/8] clippy: rewrite ifs with identical return values

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Jan 20 17:23:51 CET 2021


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 src/api2/access.rs     | 32 +++++++++++++-------------------
 src/api2/node/tasks.rs | 16 ++++++----------
 2 files changed, 19 insertions(+), 29 deletions(-)

diff --git a/src/api2/access.rs b/src/api2/access.rs
index 61d0f74e..b4d78395 100644
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@@ -25,6 +25,7 @@ pub mod role;
 pub mod tfa;
 pub mod user;
 
+#[allow(clippy::large_enum_variant)]
 enum AuthResult {
     /// Successful authentication which does not require a new ticket.
     Success,
@@ -329,27 +330,20 @@ pub fn list_permissions(
     let user_info = CachedUserInfo::new()?;
     let user_privs = user_info.lookup_privs(&current_auth_id, &["access"]);
 
-    let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
-        match auth_id {
-            Some(auth_id) => {
-                if auth_id == current_auth_id {
-                    auth_id
-                } else if auth_id.is_token()
+    let auth_id = match auth_id {
+        Some(auth_id) if auth_id == current_auth_id => current_auth_id,
+        Some(auth_id) => {
+            if user_privs & PRIV_SYS_AUDIT != 0 
+                || (auth_id.is_token()
                     && !current_auth_id.is_token()
-                    && auth_id.user() == current_auth_id.user()
-                {
-                    auth_id
-                } else {
-                    bail!("not allowed to list permissions of {}", auth_id);
-                }
+                    && auth_id.user() == current_auth_id.user())
+            {
+                auth_id
+            } else {
+                bail!("not allowed to list permissions of {}", auth_id);
             }
-            None => current_auth_id,
-        }
-    } else {
-        match auth_id {
-            Some(auth_id) => auth_id,
-            None => current_auth_id,
-        }
+        },
+        None => current_auth_id,
     };
 
     fn populate_acl_paths(
diff --git a/src/api2/node/tasks.rs b/src/api2/node/tasks.rs
index 8de35ca9..99470531 100644
--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
     } else {
         let user_info = CachedUserInfo::new()?;
 
-        let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
-        if task_privs & PRIV_SYS_AUDIT != 0 {
-            // allowed to read all tasks in general
-            Ok(())
-        } else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
-            // job which the user/token could have configured/manually executed
-            Ok(())
-        } else {
-            bail!("task access not allowed");
-        }
+        // access to all tasks
+        // or task == job which the user/token could have configured/manually executed
+
+        user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
+            .or_else(|_| check_job_privs(&auth_id, &user_info, upid))
+            .or_else(|_| bail!("task access not allowed"))
     }
 }
 
-- 
2.20.1






More information about the pbs-devel mailing list