[pbs-devel] [PATCH proxmox-backup v2 3/5] fix #4382: api: remove permissions and tokens of user on deletion
Christian Ebner
c.ebner at proxmox.com
Fri Apr 4 17:14:43 CEST 2025
On 4/4/25 17:10, Hannes Laimer wrote:
> Signed-off-by: Hannes Laimer <h.laimer at proxmox.com>
> ---
> src/api2/access/user.rs | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs
> index bba5bb2c0..a51ee8f3f 100644
> --- a/src/api2/access/user.rs
> +++ b/src/api2/access/user.rs
> @@ -353,6 +353,7 @@ pub async fn update_user(
> pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {
> let _lock = pbs_config::user::lock_config()?;
> let _tfa_lock = crate::config::tfa::write_lock()?;
> + let _acl_lock = pbs_config::acl::lock_config()?;
>
> let (mut config, expected_digest) = pbs_config::user::config()?;
>
> @@ -380,6 +381,19 @@ pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error>
> eprintln!("error updating TFA config after deleting user {userid:?} {err}",);
> }
>
> + let user_tokens: Vec<ApiToken> = config
> + .convert_to_typed_array::<ApiToken>("token")?
> + .into_iter()
> + .filter(|token| token.tokenid.user().eq(&userid))
> + .collect();
> +
> + let (mut acl_tree, _digest) = pbs_config::acl::config()?;
> + for token in user_tokens {
> + if let Some(name) = token.tokenid.tokenname() {
> + do_delete_token(name.to_owned(), &userid, &mut config, &mut acl_tree)?;
> + }
> + }
Unfortunately you were faster with the rebase an probably missed my
previous comment. Referencing it for this series, so it does get
considered:
https://lore.proxmox.com/pbs-devel/20fe5ca6-889d-4930-ae18-457bc3abf5a5@proxmox.com/
> Ok(())
> }
>
More information about the pbs-devel
mailing list