From 1401f4be5f06570a4145b63ef276d4c01c60dbe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Fri, 30 Oct 2020 12:36:37 +0100 Subject: [PATCH] privs: allow reading notes with Datastore.Audit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit they are returned when reading the manifest, which just requires Datastore.Audit as well. Datastore.Read is for reading backup contents, not metadata. Signed-off-by: Fabian Grünbichler --- src/api2/admin/datastore.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index 2e41c28a..41e270a1 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -1562,7 +1562,7 @@ fn get_rrd_stats( }, }, access: { - permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP, true), + permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP, true), }, )] /// Get "notes" for a specific backup @@ -1578,7 +1578,7 @@ fn get_notes( let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; let backup_dir = BackupDir::new(backup_type, backup_id, backup_time)?; - check_priv_or_backup_owner(&datastore, backup_dir.group(), &auth_id, PRIV_DATASTORE_READ)?; + check_priv_or_backup_owner(&datastore, backup_dir.group(), &auth_id, PRIV_DATASTORE_AUDIT)?; let (manifest, _) = datastore.load_manifest(&backup_dir)?;