verify jobs: add permissions
equivalent to verifying a whole datastore, except for reading job (entries), which is accessible to regular Datastore.Audit/Backup users as well. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
09f6a24078
commit
b7ce2e575f
@ -2,10 +2,17 @@ use anyhow::{bail, Error};
|
||||
use serde_json::Value;
|
||||
use ::serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox::api::{api, Router, RpcEnvironment};
|
||||
use proxmox::api::{api, Permission, Router, RpcEnvironment};
|
||||
use proxmox::tools::fs::open_file_locked;
|
||||
|
||||
use crate::api2::types::*;
|
||||
|
||||
use crate::config::acl::{
|
||||
PRIV_DATASTORE_AUDIT,
|
||||
PRIV_DATASTORE_BACKUP,
|
||||
PRIV_DATASTORE_VERIFY,
|
||||
};
|
||||
|
||||
use crate::config::verify::{self, VerificationJobConfig};
|
||||
|
||||
#[api(
|
||||
@ -17,6 +24,12 @@ use crate::config::verify::{self, VerificationJobConfig};
|
||||
type: Array,
|
||||
items: { type: verify::VerificationJobConfig },
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(
|
||||
&["datastore", "{store}"],
|
||||
PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_VERIFY,
|
||||
true),
|
||||
},
|
||||
)]
|
||||
/// List all verification jobs
|
||||
pub fn list_verification_jobs(
|
||||
@ -61,7 +74,13 @@ pub fn list_verification_jobs(
|
||||
schema: VERIFICATION_SCHEDULE_SCHEMA,
|
||||
},
|
||||
}
|
||||
}
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(
|
||||
&["datastore", "{store}"],
|
||||
PRIV_DATASTORE_VERIFY,
|
||||
true),
|
||||
},
|
||||
)]
|
||||
/// Create a new verification job.
|
||||
pub fn create_verification_job(param: Value) -> Result<(), Error> {
|
||||
@ -97,6 +116,12 @@ pub fn create_verification_job(param: Value) -> Result<(), Error> {
|
||||
description: "The verification job configuration.",
|
||||
type: verify::VerificationJobConfig,
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(
|
||||
&["datastore", "{store}"],
|
||||
PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_VERIFY,
|
||||
true),
|
||||
},
|
||||
)]
|
||||
/// Read a verification job configuration.
|
||||
pub fn read_verification_job(
|
||||
@ -167,6 +192,12 @@ pub enum DeletableProperty {
|
||||
},
|
||||
},
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(
|
||||
&["datastore", "{store}"],
|
||||
PRIV_DATASTORE_VERIFY,
|
||||
true),
|
||||
},
|
||||
)]
|
||||
/// Update verification job config.
|
||||
pub fn update_verification_job(
|
||||
@ -238,6 +269,12 @@ pub fn update_verification_job(
|
||||
},
|
||||
},
|
||||
},
|
||||
access: {
|
||||
permission: &Permission::Privilege(
|
||||
&["datastore", "{store}"],
|
||||
PRIV_DATASTORE_VERIFY,
|
||||
true),
|
||||
},
|
||||
)]
|
||||
/// Remove a verification job configuration
|
||||
pub fn delete_verification_job(id: String, digest: Option<String>) -> Result<(), Error> {
|
||||
|
Loading…
Reference in New Issue
Block a user