[pbs-devel] [PATCH v5 proxmox-backup 15/31] api: config: factor out sync job owner check

Christian Ebner c.ebner at proxmox.com
Fri Oct 18 10:42:26 CEST 2024


Move the sync job owner check to its own helper function, for it to
be reused for the owner check for sync jobs in push direction.

No functional change intended.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
changes since version 4:
- no changes

changes since version 3:
- not present in previous version

 src/api2/config/sync.rs | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs
index ad6ba0c85..aed46aeb0 100644
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@@ -35,6 +35,17 @@ pub fn check_sync_job_read_access(
     }
 }
 
+fn is_correct_owner(auth_id: &Authid, job: &SyncJobConfig) -> bool {
+    match job.owner {
+        Some(ref owner) => {
+            owner == auth_id
+                || (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user())
+        }
+        // default sync owner
+        None => auth_id == Authid::root_auth_id(),
+    }
+}
+
 /// checks whether user can run the corresponding pull job
 ///
 /// namespace creation/deletion ACL and backup group ownership checks happen in the pull code directly.
@@ -55,17 +66,8 @@ pub fn check_sync_job_modify_access(
         }
     }
 
-    let correct_owner = match job.owner {
-        Some(ref owner) => {
-            owner == auth_id
-                || (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user())
-        }
-        // default sync owner
-        None => auth_id == Authid::root_auth_id(),
-    };
-
     // same permission as changing ownership after syncing
-    if !correct_owner && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
+    if !is_correct_owner(auth_id, job) && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
         return false;
     }
 
-- 
2.39.5





More information about the pbs-devel mailing list