sync job: fix worker ID parsing

the namespace is optional, but should be captured to allow ACL checks
for unprivileged non-job-owners.

also add FIXME for other job types and workers that (might) need
updating.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

src/api2/backup/mod.rs

@@ -117,6 +117,7 @@ fn upgrade_to_backup_protocol(
             proxmox_router::http_bail!(NOT_FOUND, "namespace not found");
         }
 
+        // FIXME: include namespace here?
         let worker_id = format!("{}:{}/{}", store, backup_dir_arg.ty(), backup_dir_arg.id());
 
         let env_type = rpcenv.env_type();

src/api2/node/tasks.rs

@@ -22,6 +22,7 @@ use proxmox_rest_server::{upid_log_path, upid_read_status, TaskListInfoIterator,
 // matches respective job execution privileges
 fn check_job_privs(auth_id: &Authid, user_info: &CachedUserInfo, upid: &UPID) -> Result<(), Error> {
     match (upid.worker_type.as_str(), &upid.worker_id) {
+        // FIXME: parse namespace here?
         ("verificationjob", Some(workerid)) => {
             if let Some(captures) = VERIFICATION_JOB_WORKER_ID_REGEX.captures(workerid) {
                 if let Some(store) = captures.get(1) {

src/api2/pull.rs

@@ -263,6 +263,7 @@ async fn pull(
     let client = pull_params.client().await?;
 
     // fixme: set to_stdout to false?
+    // FIXME: add namespace to worker id?
     let upid_str = WorkerTask::spawn(
         "sync",
         Some(store.clone()),

src/api2/reader/mod.rs

@@ -134,6 +134,7 @@ fn upgrade_to_backup_reader_protocol(
 
         //let files = BackupInfo::list_files(&path, &backup_dir)?;
 
+        // FIXME: include namespace here?
         let worker_id = format!(
             "{}:{}/{}/{:08X}",
             store,