acl: use /tape/device instead of /tape/drive and /tape/changer

This commit is contained in:
Dietmar Maurer 2021-03-05 10:06:19 +01:00
parent 90e16be3ae
commit ee33795b72
4 changed files with 13 additions and 20 deletions

View File

@ -52,7 +52,7 @@ use crate::{
},
},
access: {
permission: &Permission::Privilege(&["tape", "changer"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device"], PRIV_TAPE_MODIFY, false),
},
)]
/// Create a new changer device
@ -107,7 +107,7 @@ pub fn create_changer(
type: ScsiTapeChanger,
},
access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_AUDIT, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_AUDIT, false),
},
)]
/// Get tape changer configuration
@ -157,7 +157,7 @@ pub fn list_changers(
let list = list
.into_iter()
.filter(|changer| {
let privs = user_info.lookup_privs(&auth_id, &["tape", "changer", &changer.name]);
let privs = user_info.lookup_privs(&auth_id, &["tape", "device", &changer.name]);
privs & PRIV_TAPE_AUDIT != 0
})
.collect();
@ -206,7 +206,7 @@ pub enum DeletableProperty {
},
},
access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
},
)]
/// Update a tape changer configuration
@ -283,7 +283,7 @@ pub fn update_changer(
},
},
access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
},
)]
/// Delete a tape changer configuration

View File

@ -50,7 +50,7 @@ use crate::{
},
},
access: {
permission: &Permission::Privilege(&["tape", "drive"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device"], PRIV_TAPE_MODIFY, false),
},
)]
/// Create a new drive
@ -96,7 +96,7 @@ pub fn create_drive(param: Value) -> Result<(), Error> {
type: LinuxTapeDrive,
},
access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_AUDIT, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_AUDIT, false),
},
)]
/// Get drive configuration
@ -146,7 +146,7 @@ pub fn list_drives(
let drive_list = drive_list
.into_iter()
.filter(|drive| {
let privs = user_info.lookup_privs(&auth_id, &["tape", "drive", &drive.name]);
let privs = user_info.lookup_privs(&auth_id, &["tape", "device", &drive.name]);
privs & PRIV_TAPE_AUDIT != 0
})
.collect();
@ -202,7 +202,7 @@ pub enum DeletableProperty {
},
},
access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
},
)]
/// Update a drive configuration
@ -278,7 +278,7 @@ pub fn update_drive(
},
},
access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_MODIFY, false),
permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
},
)]
/// Delete a drive configuration

View File

@ -346,14 +346,8 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> {
return Ok(());
}
match components[1] {
"drive" => {
// /tape/drive/{name}
if components_len <= 3 {
return Ok(());
}
}
"changer" => {
// /tape/changer/{name}
"device" => {
// /tape/device/{name}
if components_len <= 3 {
return Ok(());
}

View File

@ -21,8 +21,7 @@ Ext.define('PBS.data.PermissionPathsStore', {
{ 'value': '/system/tasks' },
{ 'value': '/system/time' },
{ 'value': '/tape' },
{ 'value': '/tape/drive' },
{ 'value': '/tape/changer' },
{ 'value': '/tape/device' },
{ 'value': '/tape/pool' },
{ 'value': '/tape/job' },
],