[pbs-devel] [PATCH proxmox-backup 3/6] fix #4382: api: remove permissions and tokens of user on deletion
Hannes Laimer
h.laimer at proxmox.com
Thu Mar 20 14:57:45 CET 2025
Signed-off-by: Hannes Laimer <h.laimer at proxmox.com>
---
src/api2/access/user.rs | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs
index 39cffdba..9bed14a4 100644
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@@ -353,6 +353,7 @@ pub async fn update_user(
pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {
let _lock = pbs_config::user::lock_config()?;
let _tfa_lock = crate::config::tfa::write_lock()?;
+ let _acl_lock = pbs_config::acl::lock_config()?;
let (mut config, expected_digest) = pbs_config::user::config()?;
@@ -380,6 +381,19 @@ pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error>
eprintln!("error updating TFA config after deleting user {userid:?} {err}",);
}
+ let user_tokens: Vec<ApiToken> = config
+ .convert_to_typed_array::<ApiToken>("token")?
+ .into_iter()
+ .filter(|token| token.tokenid.user().eq(&userid))
+ .collect();
+
+ let (mut acl_tree, _digest) = pbs_config::acl::config()?;
+ for token in user_tokens {
+ if let Some(name) = token.tokenid.tokenname() {
+ do_delete_token(name.to_owned(), &userid, &mut config, &mut acl_tree)?;
+ }
+ }
+
Ok(())
}
--
2.39.5
More information about the pbs-devel
mailing list