[pbs-devel] [PATCH proxmox-backup 2/5] api: add Sys.Modify on /system/disks as permission to endpoints handling removable datastores
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Nov 26 15:14:28 CET 2024
On November 26, 2024 2:53 pm, Hannes Laimer wrote:
>
>
> On 11/26/24 13:07, Fabian Grünbichler wrote:
>> On November 26, 2024 12:43 pm, Hannes Laimer wrote:
>>> @@ -551,7 +554,10 @@ pub fn update_datastore(
>>> },
>>> },
>>> access: {
>>> - permission: &Permission::Privilege(&["datastore", "{name}"], PRIV_DATASTORE_ALLOCATE, false),
>>> + permission: &Permission::And(&[
>>> + &Permission::Privilege(&["datastore", "{name}"], PRIV_DATASTORE_ALLOCATE, false),
>>> + &Permission::Privilege(&["system", "disks"], PRIV_SYS_MODIFY, false)
>>> + ]),
>>
>> and this is not needed at all, since path and backing_device are fixed
>> after creation?
>>
>
> not sure why git diff shows `update_datastore` this is for the delete
> endpoint. But I'll chnage that to only check when it is actually
> removable(as above)
oh, missed that. yeah, for deletion one can argue that mirroring the
creation ACL checks makes sense..
I think the API macro often confuses `git diff/format-patch` and gets
the context wrong, not sure whether a different diff algorithm or other
settings might help?
More information about the pbs-devel
mailing list