src/api2/pull.rs: require Datastore.Prune if delete flag is set.

This commit is contained in:
Dietmar Maurer 2020-04-29 07:11:03 +02:00
parent 8247db5b39
commit ec67af9af3
1 changed files with 7 additions and 1 deletions

View File

@ -16,7 +16,7 @@ use crate::backup::*;
use crate::client::*; use crate::client::*;
use crate::config::remote; use crate::config::remote;
use crate::api2::types::*; use crate::api2::types::*;
use crate::config::acl::{PRIV_DATASTORE_BACKUP, PRIV_REMOTE_READ}; use crate::config::acl::{PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ};
use crate::config::cached_user_info::CachedUserInfo; use crate::config::cached_user_info::CachedUserInfo;
// fixme: implement filters // fixme: implement filters
@ -406,6 +406,7 @@ pub async fn pull_store(
// Note: used parameters are no uri parameters, so we need to test inside function body // Note: used parameters are no uri parameters, so we need to test inside function body
description: r###"The user needs Datastore.Backup privilege on '/datastore/{store}', description: r###"The user needs Datastore.Backup privilege on '/datastore/{store}',
and needs to own the backup group. Remote.Read is required on '/remote/{remote}/{remote-store}'. and needs to own the backup group. Remote.Read is required on '/remote/{remote}/{remote-store}'.
The delete flag additionally requires the Datastore.Prune privilege on '/datastore/{store}'.
"###, "###,
permission: &Permission::Anybody, permission: &Permission::Anybody,
}, },
@ -428,6 +429,11 @@ async fn pull (
let delete = delete.unwrap_or(true); let delete = delete.unwrap_or(true);
if delete {
user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_PRUNE, false)?;
}
let tgt_store = DataStore::lookup_datastore(&store)?; let tgt_store = DataStore::lookup_datastore(&store)?;
let (remote_config, _digest) = remote::config()?; let (remote_config, _digest) = remote::config()?;