api: tape: use check_privs instead of manual lookup

these all contain the path in the error message already, so no (new)
potential for leakage..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

src/api2/tape/backup.rs

@@ -47,20 +47,11 @@ fn check_backup_permission(
 ) -> Result<(), Error> {
     let user_info = CachedUserInfo::new()?;
 
-    let privs = user_info.lookup_privs(auth_id, &["datastore", store]);
-    if (privs & PRIV_DATASTORE_READ) == 0 {
-        bail!("no permissions on /datastore/{}", store);
-    }
+    user_info.check_privs(auth_id, &["datastore", store], PRIV_DATASTORE_READ, false)?;
 
-    let privs = user_info.lookup_privs(auth_id, &["tape", "drive", drive]);
-    if (privs & PRIV_TAPE_WRITE) == 0 {
-        bail!("no permissions on /tape/drive/{}", drive);
-    }
+    user_info.check_privs(auth_id, &["tape", "drive", drive], PRIV_TAPE_WRITE, false)?;
 
-    let privs = user_info.lookup_privs(auth_id, &["tape", "pool", pool]);
-    if (privs & PRIV_TAPE_WRITE) == 0 {
-        bail!("no permissions on /tape/pool/{}", pool);
-    }
+    user_info.check_privs(auth_id, &["tape", "pool", pool], PRIV_TAPE_WRITE, false)?;
 
     Ok(())
 }

src/api2/tape/restore.rs

@@ -361,10 +361,7 @@ pub fn restore(
         }
     }
 
-    let privs = user_info.lookup_privs(&auth_id, &["tape", "drive", &drive]);
-    if (privs & PRIV_TAPE_READ) == 0 {
-        bail!("no permissions on /tape/drive/{}", drive);
-    }
+    user_info.check_privs(&auth_id, &["tape", "drive", &drive], PRIV_TAPE_READ, false)?;
 
     let media_set_uuid = media_set.parse()?;
 
@@ -376,10 +373,7 @@ pub fn restore(
 
     let pool = inventory.lookup_media_set_pool(&media_set_uuid)?;
 
-    let privs = user_info.lookup_privs(&auth_id, &["tape", "pool", &pool]);
-    if (privs & PRIV_TAPE_READ) == 0 {
-        bail!("no permissions on /tape/pool/{}", pool);
-    }
+    user_info.check_privs(&auth_id, &["tape", "pool", &pool], PRIV_TAPE_READ, false)?;
 
     let (drive_config, _digest) = pbs_config::drive::config()?;