[pbs-devel] [PATCH v3 proxmox-backup 13/33] config: acl: allow namespace components for remote datastores
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Oct 10 16:49:09 CEST 2024
On September 12, 2024 4:33 pm, Christian Ebner wrote:
> Extend the component limit for ACL paths of `remote` to include
> possible namespace components.
>
> This allows to limit the permissions for sync jobs in push direction
> to a namespace subset on the remote datastore.
>
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
> changes since version 2:
> - not present in previous version
>
> pbs-config/src/acl.rs | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/pbs-config/src/acl.rs b/pbs-config/src/acl.rs
> index 6b6500f34..5177e22f0 100644
> --- a/pbs-config/src/acl.rs
> +++ b/pbs-config/src/acl.rs
> @@ -89,10 +89,13 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> {
> }
> }
> "remote" => {
> - // /remote/{remote}/{store}
> + // /remote/{remote}/{store}/{namespace}
> if components_len <= 3 {
> return Ok(());
> }
> + if components_len > 3 && components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH {
> + return Ok(());
> + }
these two ifs can just be combined into a single one with
components_len <= 3 + pbs_api_types::MAX_NAMESPACE_DEPTH
as condition. the same applies to the corresponding variant shifted by 1
for local datastores/namespaces.
> }
> "system" => {
> if components_len == 1 {
> --
> 2.39.2
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
>
More information about the pbs-devel
mailing list