[pbs-devel] [PATCH proxmox-backup 1/3] api: sync: restrict edit permissions for push sync jobs

[Christian Ebner]

Users require `Datastore.Audit` on the source datastore to read sync
jobs. Further restrict also the permissions to modify sync jobs in
push direction to include the `Datastore.Audit` permission on the
source, as otherwise a user is able to create or edit sync jobs in
push direction, but not able to see them.

Reported-by: Friedrich Weber <f.weber at proxmox.com>
Suggested-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 src/api2/config/sync.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs
index bc012744a..eb97ef940 100644
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@@ -129,6 +129,11 @@ pub fn check_sync_job_modify_access(
             }
 
             let source_privs = user_info.lookup_privs(auth_id, &job.acl_path());
+            // only allow to modify jobs the user is also allowed to read
+            if source_privs & PRIV_DATASTORE_AUDIT == 0 {
+                return false;
+            }
+
             // check user is allowed to read from (local) source datastore/namespace, independent
             // of job ownership
             if source_privs & PRIV_DATASTORE_READ != 0 {
-- 
2.39.5