tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

src/api2/admin/datastore.rs: add access permissions - first try

Browse Source 
We need to refine this later (introduce backup owner concept?)
This commit is contained in:
Dietmar Maurer 2020-04-17 14:36:27 +02:00
parent 5972def5ec
commit bb34b58910
1 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/api2/admin/datastore.rs
View File

@ -8,8 +8,9 @@ use hyper::http::request::Parts;
use hyper::{header, Body, Response, StatusCode};
use serde_json::{json, Value};
use proxmox::api::api;
use proxmox::api::{ApiResponseFuture, ApiHandler, ApiMethod, Router, RpcEnvironment, RpcEnvironmentType};
use proxmox::api::{
api, ApiResponseFuture, ApiHandler, ApiMethod, Router,
RpcEnvironment, RpcEnvironmentType, Permission};
use proxmox::api::router::SubdirMap;
use proxmox::api::schema::*;
use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
@ -21,6 +22,7 @@ use crate::backup::*;
use crate::config::datastore;
use crate::server::WorkerTask;
use crate::tools;
use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_ALLOCATE_SPACE};
fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<BackupContent>, Error> {
@ -78,6 +80,9 @@ fn group_backups(backup_list: Vec<BackupInfo>) -> HashMap<String, Vec<BackupInfo
type: GroupListItem,
}
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// List backup groups.
fn list_groups(
@ -136,6 +141,9 @@ fn list_groups(
type: BackupContent,
}
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// List snapshot files.
pub fn list_snapshot_files(
@ -184,6 +192,9 @@ pub fn list_snapshot_files(
},
},
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
},
)]
/// Delete backup snapshot.
fn delete_snapshot(
@ -227,6 +238,9 @@ fn delete_snapshot(
type: SnapshotListItem,
}
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// List backup snapshots.
pub fn list_snapshots (
@ -291,6 +305,9 @@ pub fn list_snapshots (
returns: {
type: StorageStatus,
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// Get datastore status.
pub fn status(
@ -389,7 +406,7 @@ const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
("store", false, &DATASTORE_SCHEMA),
])
)
);
).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
fn prune(
param: Value,
@ -512,6 +529,9 @@ fn prune(
returns: {
schema: UPID_SCHEMA,
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
},
)]
/// Start garbage collection.
fn start_garbage_collection(
@ -546,7 +566,10 @@ fn start_garbage_collection(
},
returns: {
type: GarbageCollectionStatus,
}
},
access: {
permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// Garbage collection status.
pub fn garbage_collection_status(
@ -562,7 +585,12 @@ pub fn garbage_collection_status(
Ok(status)
}
#[api(
access: {
permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_AUDIT, false),
},
)]
/// Datastore list
fn get_datastore_list(
_param: Value,
_info: &ApiMethod,
@ -587,7 +615,7 @@ pub const API_METHOD_DOWNLOAD_FILE: ApiMethod = ApiMethod::new(
("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
]),
)
);
).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
fn download_file(
_parts: Parts,
@ -646,7 +674,7 @@ pub const API_METHOD_UPLOAD_BACKUP_LOG: ApiMethod = ApiMethod::new(
("backup-time", false, &BACKUP_TIME_SCHEMA),
]),
)
);
).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
fn upload_backup_log(
_parts: Parts,
@ -751,10 +779,5 @@ const DATASTORE_INFO_ROUTER: Router = Router::new()
pub const ROUTER: Router = Router::new()
.get(
&ApiMethod::new(
&ApiHandler::Sync(&get_datastore_list),
&ObjectSchema::new("Directory index.", &[])
)
)
.get(&API_METHOD_GET_DATASTORE_LIST)
.match_all("store", &DATASTORE_INFO_ROUTER);