tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

config: s/propagating/only_propagated/ and style nits 

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-06-04 14:46:50 +02:00
parent 87d8aa4278
commit 4ef6b7d1f0
1 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pbs-config/src/acl.rs
View File

@ -302,18 +302,16 @@ impl AclTreeNode {
} }
} }
///
/// Check if auth_id has any of the provided privileges on the current note. /// Check if auth_id has any of the provided privileges on the current note.
/// ///
/// If `propagating` is set to true only propagating privileges will be checked. /// If `only_propagated` is set to true only propagating privileges will be checked.
///
fn check_any_privs( fn check_any_privs(
&self, &self,
auth_id: &Authid, auth_id: &Authid,
privs: u64, privs: u64,
propagating: bool, only_propagated: bool,
) -> Result<bool, Error> { ) -> Result<bool, Error> {
for role in self.extract_roles(&auth_id, !propagating).into_keys() { for role in self.extract_roles(&auth_id, !only_propagated).into_keys() {
let current_privs = Role::from_str(&role) let current_privs = Role::from_str(&role)
.map_err(|e| format_err!("invalid role in current node: {role} - {e}"))? .map_err(|e| format_err!("invalid role in current node: {role} - {e}"))?
as u64; as u64;
@ -326,13 +324,10 @@ impl AclTreeNode {
return Ok(false); return Ok(false);
} }
///
/// Checks if the given auth_id has any of the privileges specified by `privs` on the sub-tree /// Checks if the given auth_id has any of the privileges specified by `privs` on the sub-tree
/// below the current node. /// below the current node.
///
///
fn any_privs_below(&self, auth_id: &Authid, privs: u64) -> Result<bool, Error> { fn any_privs_below(&self, auth_id: &Authid, privs: u64) -> Result<bool, Error> {
// set propagating to false to check all roles on the current node // set only_propagated to false to check all roles on the current node
if self.check_any_privs(auth_id, privs, false)? { if self.check_any_privs(auth_id, privs, false)? {
return Ok(true); return Ok(true);
} }
@ -673,15 +668,12 @@ impl AclTree {
role_map role_map
} }
///
/// Checks whether the `auth_id` has any of the privilegs `privs` on any object below `path`. /// Checks whether the `auth_id` has any of the privilegs `privs` on any object below `path`.
///
pub fn any_priv_below(&self, auth_id: &Authid, path: &str, privs: u64) -> Result<bool, Error> { pub fn any_priv_below(&self, auth_id: &Authid, path: &str, privs: u64) -> Result<bool, Error> {
let comps = split_acl_path(path); let comps = split_acl_path(path);
let mut node = &self.root; let mut node = &self.root;
// first traverse the path to see if we have any propagating privileges we need to be aware // check first if there's any propagated priv we need to be aware of
// of
for c in comps { for c in comps {
// set propagate to false to get only propagating roles // set propagate to false to get only propagating roles
if node.check_any_privs(auth_id, privs, true)? { if node.check_any_privs(auth_id, privs, true)? {