clippy: rewrite ifs with identical return values
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
43313c2ee7
commit
4d08e25913
@ -27,6 +27,7 @@ pub mod role;
|
||||
pub mod tfa;
|
||||
pub mod user;
|
||||
|
||||
#[allow(clippy::large_enum_variant)]
|
||||
enum AuthResult {
|
||||
/// Successful authentication which does not require a new ticket.
|
||||
Success,
|
||||
@ -331,27 +332,20 @@ pub fn list_permissions(
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
let user_privs = user_info.lookup_privs(¤t_auth_id, &["access"]);
|
||||
|
||||
let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
|
||||
match auth_id {
|
||||
Some(auth_id) => {
|
||||
if auth_id == current_auth_id {
|
||||
auth_id
|
||||
} else if auth_id.is_token()
|
||||
let auth_id = match auth_id {
|
||||
Some(auth_id) if auth_id == current_auth_id => current_auth_id,
|
||||
Some(auth_id) => {
|
||||
if user_privs & PRIV_SYS_AUDIT != 0
|
||||
|| (auth_id.is_token()
|
||||
&& !current_auth_id.is_token()
|
||||
&& auth_id.user() == current_auth_id.user()
|
||||
{
|
||||
auth_id
|
||||
} else {
|
||||
bail!("not allowed to list permissions of {}", auth_id);
|
||||
}
|
||||
&& auth_id.user() == current_auth_id.user())
|
||||
{
|
||||
auth_id
|
||||
} else {
|
||||
bail!("not allowed to list permissions of {}", auth_id);
|
||||
}
|
||||
None => current_auth_id,
|
||||
}
|
||||
} else {
|
||||
match auth_id {
|
||||
Some(auth_id) => auth_id,
|
||||
None => current_auth_id,
|
||||
}
|
||||
},
|
||||
None => current_auth_id,
|
||||
};
|
||||
|
||||
fn populate_acl_paths(
|
||||
|
@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
|
||||
} else {
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
|
||||
let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
|
||||
if task_privs & PRIV_SYS_AUDIT != 0 {
|
||||
// allowed to read all tasks in general
|
||||
Ok(())
|
||||
} else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
|
||||
// job which the user/token could have configured/manually executed
|
||||
Ok(())
|
||||
} else {
|
||||
bail!("task access not allowed");
|
||||
}
|
||||
// access to all tasks
|
||||
// or task == job which the user/token could have configured/manually executed
|
||||
|
||||
user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
|
||||
.or_else(|_| check_job_privs(&auth_id, &user_info, upid))
|
||||
.or_else(|_| bail!("task access not allowed"))
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user