[pdm-devel] [PATCH datacenter-manager 2/8] server: api: subscription: include basic info about remotes without permissions
Dominik Csapak
d.csapak at proxmox.com
Mon Dec 1 11:39:04 CET 2025
to enable a global permission check that reaches over all remotes,
we have to return (very basic) info about remotes even when the user
don't have permissions for these remotes. In that case, only return the
subscription state, but not the remote name or node details.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
alternatively, we could try to return a different structure with just,
counts, but this would achieve the same effect, but we'd need to handle
two different api calls/return values, this way it's always the same,
and the remote names aren't interesting to us for the checks anyway
server/src/api/resources.rs | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/server/src/api/resources.rs b/server/src/api/resources.rs
index 22871362..6fd96b64 100644
--- a/server/src/api/resources.rs
+++ b/server/src/api/resources.rs
@@ -608,7 +608,7 @@ pub async fn get_subscription_status(
let view = views::get_optional_view(view.as_deref())?;
- let check_priv = |remote_name: &str| -> bool {
+ let check_priv = move |remote_name: &str| -> bool {
user_info
.check_privs(
&auth_id,
@@ -624,11 +624,10 @@ pub async fn get_subscription_status(
if view.can_skip_remote(&remote_name) {
continue;
}
- } else if !allow_all && !check_priv(&remote_name) {
- continue;
}
let view = view.clone();
+ let check_priv = check_priv.clone();
let future = async move {
let (node_status, error) =
@@ -664,6 +663,13 @@ pub async fn get_subscription_status(
RemoteSubscriptionState::Unknown
};
+ let (remote_name, verbose) = if !allow_all && !check_priv(&remote_name) {
+ // prevent info leak
+ ("".to_string(), false)
+ } else {
+ (remote_name, verbose)
+ };
+
Some(RemoteSubscriptions {
remote: remote_name,
error,
--
2.47.3
More information about the pdm-devel
mailing list