[pbs-devel] applied: [PATCH proxmox-backup v2 3/8] api2/tape/restore: factor out check_datastore_privs
Dietmar Maurer
dietmar at proxmox.com
Thu May 6 08:01:51 CEST 2021
applied
On 5/5/21 12:09 PM, Dominik Csapak wrote:
> so that we can reuse it
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> src/api2/tape/restore.rs | 39 +++++++++++++++++++++++++--------------
> 1 file changed, 25 insertions(+), 14 deletions(-)
>
> diff --git a/src/api2/tape/restore.rs b/src/api2/tape/restore.rs
> index 1dd6ba11..b7bf6670 100644
> --- a/src/api2/tape/restore.rs
> +++ b/src/api2/tape/restore.rs
> @@ -157,6 +157,30 @@ impl DataStoreMap {
> }
> }
>
> +fn check_datastore_privs(
> + user_info: &CachedUserInfo,
> + store: &str,
> + auth_id: &Authid,
> + owner: &Option<Authid>,
> +) -> Result<(), Error> {
> + let privs = user_info.lookup_privs(&auth_id, &["datastore", &store]);
> + if (privs & PRIV_DATASTORE_BACKUP) == 0 {
> + bail!("no permissions on /datastore/{}", store);
> + }
> +
> + if let Some(ref owner) = owner {
> + let correct_owner = owner == auth_id
> + || (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user());
> +
> + // same permission as changing ownership after syncing
> + if !correct_owner && privs & PRIV_DATASTORE_MODIFY == 0 {
> + bail!("no permission to restore as '{}'", owner);
> + }
> + }
> +
> + Ok(())
> +}
> +
> pub const ROUTER: Router = Router::new().post(&API_METHOD_RESTORE);
>
> #[api(
> @@ -212,20 +236,7 @@ pub fn restore(
> }
>
> for store in used_datastores.iter() {
> - let privs = user_info.lookup_privs(&auth_id, &["datastore", &store]);
> - if (privs & PRIV_DATASTORE_BACKUP) == 0 {
> - bail!("no permissions on /datastore/{}", store);
> - }
> -
> - if let Some(ref owner) = owner {
> - let correct_owner = owner == &auth_id
> - || (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user());
> -
> - // same permission as changing ownership after syncing
> - if !correct_owner && privs & PRIV_DATASTORE_MODIFY == 0 {
> - bail!("no permission to restore as '{}'", owner);
> - }
> - }
> + check_datastore_privs(&user_info, &store, &auth_id, &owner)?;
> }
>
> let privs = user_info.lookup_privs(&auth_id, &["tape", "drive", &drive]);
More information about the pbs-devel
mailing list