From df768ebea90579b13582908bce04d5d7ad03f0d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Fri, 29 Apr 2022 11:17:25 +0200
Subject: [PATCH] pull: filter local removal candidates by owner
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

else this might remove groups which are not part of the pull scope. note
that setting/using remove_vanished already checks the required privs
earlier.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/server/pull.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/server/pull.rs b/src/server/pull.rs
index 097bd5cb..c0831417 100644
--- a/src/server/pull.rs
+++ b/src/server/pull.rs
@@ -28,7 +28,7 @@ use pbs_datastore::index::IndexFile;
 use pbs_datastore::manifest::{
     archive_type, ArchiveType, BackupManifest, FileInfo, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME,
 };
-use pbs_datastore::{DataStore, StoreProgress};
+use pbs_datastore::{check_backup_owner, DataStore, StoreProgress};
 use pbs_tools::sha::sha256;
 use proxmox_rest_server::WorkerTask;
 
@@ -801,6 +801,10 @@ pub async fn pull_store(
                 if new_groups.contains(local_group.as_ref()) {
                     continue;
                 }
+                let owner = params.store.get_owner(&local_group.group())?;
+                if check_backup_owner(&owner, &params.owner).is_err() {
+                    continue;
+                }
                 if let Some(ref group_filter) = &params.group_filter {
                     if !apply_filters(local_group.as_ref(), group_filter) {
                         continue;