tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

src/api2/config/datastore.rs: impl digest check for delete, add access permissions

Browse Source
This commit is contained in:
Dietmar Maurer 2020-04-17 14:51:29 +02:00
parent 9f9f7eefa3
commit c0ef209aeb
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/api2/config/datastore.rs
View File

@ -3,11 +3,12 @@ use std::path::PathBuf;
use failure::*; use failure::*;
use serde_json::Value; use serde_json::Value;
use proxmox::api::{api, ApiMethod, Router, RpcEnvironment}; use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
use crate::api2::types::*; use crate::api2::types::*;
use crate::backup::*; use crate::backup::*;
use crate::config::datastore; use crate::config::datastore;
use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_ALLOCATE};
#[api( #[api(
input: { input: {
@ -20,6 +21,9 @@ use crate::config::datastore;
type: datastore::DataStoreConfig, type: datastore::DataStoreConfig,
}, },
}, },
access: {
permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_AUDIT, false),
},
)] )]
/// List all datastores /// List all datastores
pub fn list_datastores( pub fn list_datastores(
@ -49,6 +53,9 @@ pub fn list_datastores(
}, },
}, },
}, },
access: {
permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_ALLOCATE, false),
},
)] )]
/// Create new datastore config. /// Create new datastore config.
pub fn create_datastore(name: String, param: Value) -> Result<(), Error> { pub fn create_datastore(name: String, param: Value) -> Result<(), Error> {
@ -87,6 +94,9 @@ pub fn create_datastore(name: String, param: Value) -> Result<(), Error> {
description: "The datastore configuration (with config digest).", description: "The datastore configuration (with config digest).",
type: datastore::DataStoreConfig, type: datastore::DataStoreConfig,
}, },
access: {
permission: &Permission::Privilege(&["datastore", "{name}"], PRIV_DATASTORE_AUDIT, false),
},
)] )]
/// Read a datastore configuration. /// Read a datastore configuration.
pub fn read_datastore(name: String) -> Result<Value, Error> { pub fn read_datastore(name: String) -> Result<Value, Error> {
@ -114,6 +124,9 @@ pub fn read_datastore(name: String) -> Result<Value, Error> {
}, },
}, },
}, },
access: {
permission: &Permission::Privilege(&["datastore", "{name}"], PRIV_DATASTORE_ALLOCATE, false),
},
)] )]
/// Create new datastore config. /// Create new datastore config.
pub fn update_datastore( pub fn update_datastore(
@ -157,16 +170,27 @@ pub fn update_datastore(
name: { name: {
schema: DATASTORE_SCHEMA, schema: DATASTORE_SCHEMA,
}, },
digest: {
optional: true,
schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
}, },
}, },
},
access: {
permission: &Permission::Privilege(&["datastore", "{name}"], PRIV_DATASTORE_ALLOCATE, false),
},
)] )]
/// Remove a datastore configuration. /// Remove a datastore configuration.
pub fn delete_datastore(name: String) -> Result<(), Error> { pub fn delete_datastore(name: String, digest: Option<String>) -> Result<(), Error> {
// fixme: locking ? let _lock = crate::tools::open_file_locked(datastore::DATASTORE_CFG_LOCKFILE, std::time::Duration::new(10, 0))?;
// fixme: check digest ?
let (mut config, _digest) = datastore::config()?; let (mut config, expected_digest) = datastore::config()?;
if let Some(ref digest) = digest {
let digest = proxmox::tools::hex_to_digest(digest)?;
crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
}
match config.sections.get(&name) { match config.sections.get(&name) {
Some(_) => { config.sections.remove(&name); }, Some(_) => { config.sections.remove(&name); },