prune datastore: support max-depth and improve priv checks

use the relatively new variant of ListAccessibleBackupGroups to also allow pruning the groups that one doesn't own but has the respective privileges on their namespace level. This was previously handled by the API endpoint itself, which was ok as long as only one level was looked at. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-05-19 13:31:06 +02:00
parent 65aba79a9b
commit e3c26aea31
2 changed files with 31 additions and 21 deletions
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -1063,6 +1063,10 @@ pub fn prune(
                type: BackupNamespace,
                optional: true,
            },
+            "max-depth": {
+                schema: NS_MAX_DEPTH_SCHEMA,
+                optional: true,
+            },
        },
    },
    returns: {
@ -1079,6 +1083,7 @@ pub fn prune_datastore(
    prune_options: PruneOptions,
    store: String,
    ns: Option<BackupNamespace>,
+    max_depth: Option<usize>,
    _param: Value,
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {
@ -1090,15 +1095,21 @@ pub fn prune_datastore(

    let to_stdout = rpcenv.env_type() == RpcEnvironmentType::CLI;

-    // FIXME: add max-depth
-
    let upid_str = WorkerTask::new_thread(
        "prune",
        Some(worker_id),
        auth_id.to_string(),
        to_stdout,
        move |worker| {
-            crate::server::prune_datastore(worker, auth_id, prune_options, datastore, ns, dry_run)
+            crate::server::prune_datastore(
+                worker,
+                auth_id,
+                prune_options,
+                datastore,
+                ns,
+                max_depth.unwrap_or(MAX_NAMESPACE_DEPTH), //  canoot rely on schema default
+                dry_run,
+            )
        },
    )?;