tasks: allow access to job tasks

if the user/token could have either configured/manually executed the task, but it was either executed via the schedule (root@pam) or another user/token. without this change, semi-privileged users (that cannot read all tasks globally, but are DatastoreAdmin) could schedule jobs, but not read their logs once the schedule executes them. it also makes sense for multiple such users to see eachothers manually executed jobs, as long as the privilege level on the datastore (or remote/remote_store/local store) itself is sufficient. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-11-06 11:23:09 +01:00
parent 4c979d5450
commit dbd45a72c3
4 changed files with 86 additions and 7 deletions
--- a/src/server/verify_job.rs
+++ b/src/server/verify_job.rs
@ -50,11 +50,13 @@ pub fn do_verification_job(

    let (email, notify) = crate::server::lookup_datastore_notify_settings(&verification_job.store);

-    let job_id = job.jobname().to_string();
+    let job_id = format!("{}:{}",
+                         &verification_job.store,
+                         job.jobname());
    let worker_type = job.jobtype().to_string();
    let upid_str = WorkerTask::new_thread(
        &worker_type,
-        Some(job.jobname().to_string()),
+        Some(job_id.clone()),
        auth_id.clone(),
        false,
        move |worker| {