[pve-devel] [PATCH v2 manager 4/9] api/tasks: attribute token tasks to user
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Nov 21 15:43:47 CET 2019
and store token ID in separate, currently unused member.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
versioned depends on libpve-access-control
alternatively, we could also change the fork_worker signature and encode this
inside the task information on disk, but that would be a more invasive
solution..
PVE/API2/Cluster.pm | 3 +++
PVE/API2/Tasks.pm | 15 +++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 3b62953f..ca7b2d31 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -461,6 +461,9 @@ __PACKAGE__->register_method({
my $all = $rpcenv->check($authuser, "/", [ 'Sys.Audit' ], 1);
foreach my $task (@$tlist) {
+ if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+ ($task->{user}, $task->{tokenid}) = PVE::AccessControl::split_tokenid($task->{user});
+ }
push @$res, $task if $all || ($task->{user} eq $authuser);
}
diff --git a/PVE/API2/Tasks.pm b/PVE/API2/Tasks.pm
index 73e398eb..5dc6a4ad 100644
--- a/PVE/API2/Tasks.pm
+++ b/PVE/API2/Tasks.pm
@@ -16,6 +16,14 @@ use PVE::AccessControl;
use base qw(PVE::RESTHandler);
+my $convert_token_task = sub {
+ my ($task) = @_;
+
+ if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+ ($task->{user}, $task->{tokenid}) = PVE::AccessControl::split_tokenid($task->{user});
+ }
+};
+
__PACKAGE__->register_method({
name => 'node_tasks',
path => '',
@@ -142,6 +150,7 @@ __PACKAGE__->register_method({
$task->{endtime} = hex($endtime) if $endtime;
$task->{status} = $status if $status;
+ $convert_token_task->($task);
if (!$filter_task->($task)) {
push @$res, $task;
$limit--;
@@ -242,6 +251,8 @@ __PACKAGE__->register_method({
my $user = $rpcenv->get_user();
my $node = $param->{node};
+ $convert_token_task->($task);
+
if ($user ne $task->{user}) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Modify' ]);
}
@@ -309,6 +320,8 @@ __PACKAGE__->register_method({
my $start = $param->{start} // 0;
my $limit = $param->{limit} // 50;
+ $convert_token_task->($task);
+
if ($user ne $task->{user}) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
}
@@ -365,6 +378,8 @@ __PACKAGE__->register_method({
my $user = $rpcenv->get_user();
my $node = $param->{node};
+ $convert_token_task->($task);
+
if ($user ne $task->{user}) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
}
--
2.20.1
More information about the pve-devel
mailing list