clippy: rewrite ifs with identical return values

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-20 17:23:51 +01:00 · 2021-01-20 17:23:51 +01:00 · 4d08e25913
commit 4d08e25913
parent 43313c2ee7
2 changed files with 19 additions and 29 deletions
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@ -27,6 +27,7 @@ pub mod role;
 pub mod tfa;
 pub mod user;
 #[allow(clippy::large_enum_variant)]
 enum AuthResult {
    /// Successful authentication which does not require a new ticket.
    Success,
@ -331,27 +332,20 @@ pub fn list_permissions(
    let user_info = CachedUserInfo::new()?;
    let user_privs = user_info.lookup_privs(&current_auth_id, &["access"]);
-    let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
+    let auth_id = match auth_id {
-        match auth_id {
+        Some(auth_id) if auth_id == current_auth_id => current_auth_id,
-            Some(auth_id) => {
+        Some(auth_id) => {
-                if auth_id == current_auth_id {
+            if user_privs & PRIV_SYS_AUDIT != 0 
-                    auth_id
+                || (auth_id.is_token()
                } else if auth_id.is_token()
                    && !current_auth_id.is_token()
-                    && auth_id.user() == current_auth_id.user()
+                    && auth_id.user() == current_auth_id.user())
-                {
+            {
-                    auth_id
+                auth_id
-                } else {
+            } else {
-                    bail!("not allowed to list permissions of {}", auth_id);
+                bail!("not allowed to list permissions of {}", auth_id);
                }
            }
-            None => current_auth_id,
+        },
-        }
+        None => current_auth_id,
    } else {
        match auth_id {
            Some(auth_id) => auth_id,
            None => current_auth_id,
        }
    };
    fn populate_acl_paths(
--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
    } else {
        let user_info = CachedUserInfo::new()?;
-        let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
+        // access to all tasks
-        if task_privs & PRIV_SYS_AUDIT != 0 {
+        // or task == job which the user/token could have configured/manually executed
-            // allowed to read all tasks in general
+
-            Ok(())
+        user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
-        } else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
+            .or_else(|_| check_job_privs(&auth_id, &user_info, upid))
-            // job which the user/token could have configured/manually executed
+            .or_else(|_| bail!("task access not allowed"))
            Ok(())
        } else {
            bail!("task access not allowed");
        }
    }
 }