tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

src/config/acl.rs: introduce more/better datastore privileges

Browse Source
This commit is contained in:
Dietmar Maurer
2020-04-27 07:13:06 +02:00
parent 9c7fe29dfc
commit d00e1a216f
5 changed files with 33 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api2/pull.rs
View File

@ -16,7 +16,7 @@ use crate::backup::*;
use crate::client::*;
use crate::config::remote;
use crate::api2::types::*;
use crate::config::acl::PRIV_DATASTORE_ALLOCATE_SPACE;
use crate::config::acl::{PRIV_DATASTORE_CREATE_BACKUP, PRIV_DATASTORE_READ};
use crate::config::cached_user_info::CachedUserInfo;
// fixme: implement filters
@ -391,7 +391,7 @@ pub async fn pull_store(
},
access: {
// Note: used parameters are no uri parameters, so we need to test inside function body
description: "The user needs Datastore.AllocateSpace privilege on '/datastore/{store}' and '/remote/{remote}/{remote-store}'.",
description: "The user needs Datastore.CreateBackup privilege on '/datastore/{store}' and Datastore.Read on '/remote/{remote}/{remote-store}'.",
permission: &Permission::Anybody,
},
)]
@ -408,8 +408,8 @@ async fn pull (
let user_info = CachedUserInfo::new()?;
let username = rpcenv.get_user().unwrap();
user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
user_info.check_privs(&username, &["remote", &remote, &remote_store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_CREATE_BACKUP, false)?;
user_info.check_privs(&username, &["remote", &remote, &remote_store], PRIV_DATASTORE_READ, false)?;
let delete = delete.unwrap_or(true);