[pve-devel] [RFC 23/23] api/tasks: attribute token tasks to user

Fabian Grünbichler f.gruenbichler at proxmox.com
Thu Oct 17 15:14:18 CEST 2019


and store token ID in separate, currently unused member.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    versioned depends on libpve-access-control
    
    alternatively, we could also change the fork_worker signature and encode this
    inside the task information on disk, but that would be a more invasive
    solution..

 PVE/API2/Cluster.pm |  3 +++
 PVE/API2/Tasks.pm   | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 382a2c12..00f811cd 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -460,6 +460,9 @@ __PACKAGE__->register_method({
 	my $all = $rpcenv->check($authuser, "/", [ 'Sys.Audit' ], 1);
 
 	foreach my $task (@$tlist) {
+	    if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+		($task->{user}, $task->{tokenid}) = PVE::AccessControl::split_tokenid($task->{user});
+	    }
 	    push @$res, $task if $all || ($task->{user} eq $authuser);
 	}
    
diff --git a/PVE/API2/Tasks.pm b/PVE/API2/Tasks.pm
index 73e398eb..5dc6a4ad 100644
--- a/PVE/API2/Tasks.pm
+++ b/PVE/API2/Tasks.pm
@@ -16,6 +16,14 @@ use PVE::AccessControl;
 
 use base qw(PVE::RESTHandler);
 
+my $convert_token_task = sub {
+    my ($task) = @_;
+
+    if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+	($task->{user}, $task->{tokenid}) = PVE::AccessControl::split_tokenid($task->{user});
+    }
+};
+
 __PACKAGE__->register_method({
     name => 'node_tasks',
     path => '',
@@ -142,6 +150,7 @@ __PACKAGE__->register_method({
 		    $task->{endtime} = hex($endtime) if $endtime;
 		    $task->{status} = $status if $status;
 
+		    $convert_token_task->($task);
 		    if (!$filter_task->($task)) {
 			push @$res, $task;
 			$limit--;
@@ -242,6 +251,8 @@ __PACKAGE__->register_method({
 	my $user = $rpcenv->get_user();
 	my $node = $param->{node};
 
+	$convert_token_task->($task);
+
 	if ($user ne $task->{user}) {
 	    $rpcenv->check($user, "/nodes/$node", [ 'Sys.Modify' ]);
 	}
@@ -309,6 +320,8 @@ __PACKAGE__->register_method({
 	my $start = $param->{start} // 0;
 	my $limit = $param->{limit} // 50;
 
+	$convert_token_task->($task);
+
 	if ($user ne $task->{user})  {
 	    $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
 	}
@@ -365,6 +378,8 @@ __PACKAGE__->register_method({
 	my $user = $rpcenv->get_user();
 	my $node = $param->{node};
 
+	$convert_token_task->($task);
+
 	if ($user ne $task->{user}) {
 	    $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
 	}
-- 
2.20.1





More information about the pve-devel mailing list