pull: filter local removal candidates by owner

else this might remove groups which are not part of the pull scope. note
that setting/using remove_vanished already checks the required privs
earlier.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

src/server/pull.rs

@@ -28,7 +28,7 @@ use pbs_datastore::index::IndexFile;
 use pbs_datastore::manifest::{
     archive_type, ArchiveType, BackupManifest, FileInfo, CLIENT_LOG_BLOB_NAME, MANIFEST_BLOB_NAME,
 };
-use pbs_datastore::{DataStore, StoreProgress};
+use pbs_datastore::{check_backup_owner, DataStore, StoreProgress};
 use pbs_tools::sha::sha256;
 use proxmox_rest_server::WorkerTask;
 
@@ -801,6 +801,10 @@ pub async fn pull_store(
                 if new_groups.contains(local_group.as_ref()) {
                     continue;
                 }
+                let owner = params.store.get_owner(&local_group.group())?;
+                if check_backup_owner(&owner, &params.owner).is_err() {
+                    continue;
+                }
                 if let Some(ref group_filter) = &params.group_filter {
                     if !apply_filters(local_group.as_ref(), group_filter) {
                         continue;