tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

acl: use /tape/device instead of /tape/drive and /tape/changer

Browse Source
This commit is contained in:
Dietmar Maurer 2021-03-05 10:06:19 +01:00
parent 90e16be3ae
commit ee33795b72
4 changed files with 13 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/api2/config/changer.rs
View File

@ -52,7 +52,7 @@ use crate::{
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "changer"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Create a new changer device /// Create a new changer device
@ -107,7 +107,7 @@ pub fn create_changer(
type: ScsiTapeChanger, type: ScsiTapeChanger,
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_AUDIT, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_AUDIT, false),
}, },
)] )]
/// Get tape changer configuration /// Get tape changer configuration
@ -157,7 +157,7 @@ pub fn list_changers(
let list = list let list = list
.into_iter() .into_iter()
.filter(|changer| { .filter(|changer| {
let privs = user_info.lookup_privs(&auth_id, &["tape", "changer", &changer.name]); let privs = user_info.lookup_privs(&auth_id, &["tape", "device", &changer.name]);
privs & PRIV_TAPE_AUDIT != 0 privs & PRIV_TAPE_AUDIT != 0
}) })
.collect(); .collect();
@ -206,7 +206,7 @@ pub enum DeletableProperty {
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Update a tape changer configuration /// Update a tape changer configuration
@ -283,7 +283,7 @@ pub fn update_changer(
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "changer", "{name}"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Delete a tape changer configuration /// Delete a tape changer configuration

10
src/api2/config/drive.rs
View File

@ -50,7 +50,7 @@ use crate::{
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "drive"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Create a new drive /// Create a new drive
@ -96,7 +96,7 @@ pub fn create_drive(param: Value) -> Result<(), Error> {
type: LinuxTapeDrive, type: LinuxTapeDrive,
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_AUDIT, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_AUDIT, false),
}, },
)] )]
/// Get drive configuration /// Get drive configuration
@ -146,7 +146,7 @@ pub fn list_drives(
let drive_list = drive_list let drive_list = drive_list
.into_iter() .into_iter()
.filter(|drive| { .filter(|drive| {
let privs = user_info.lookup_privs(&auth_id, &["tape", "drive", &drive.name]); let privs = user_info.lookup_privs(&auth_id, &["tape", "device", &drive.name]);
privs & PRIV_TAPE_AUDIT != 0 privs & PRIV_TAPE_AUDIT != 0
}) })
.collect(); .collect();
@ -202,7 +202,7 @@ pub enum DeletableProperty {
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Update a drive configuration /// Update a drive configuration
@ -278,7 +278,7 @@ pub fn update_drive(
}, },
}, },
access: { access: {
permission: &Permission::Privilege(&["tape", "drive", "{name}"], PRIV_TAPE_MODIFY, false), permission: &Permission::Privilege(&["tape", "device", "{name}"], PRIV_TAPE_MODIFY, false),
}, },
)] )]
/// Delete a drive configuration /// Delete a drive configuration

10
src/config/acl.rs
View File

@ -346,14 +346,8 @@ pub fn check_acl_path(path: &str) -> Result<(), Error> {
return Ok(()); return Ok(());
} }
match components[1] { match components[1] {
"drive" => { "device" => {
// /tape/drive/{name} // /tape/device/{name}
if components_len <= 3 {
return Ok(());
}
}
"changer" => {
// /tape/changer/{name}
if components_len <= 3 { if components_len <= 3 {
return Ok(()); return Ok(());
} }

3
www/form/PermissionPathSelector.js
View File

@ -21,8 +21,7 @@ Ext.define('PBS.data.PermissionPathsStore', {
{ 'value': '/system/tasks' }, { 'value': '/system/tasks' },
{ 'value': '/system/time' }, { 'value': '/system/time' },
{ 'value': '/tape' }, { 'value': '/tape' },
{ 'value': '/tape/drive' }, { 'value': '/tape/device' },
{ 'value': '/tape/changer' },
{ 'value': '/tape/pool' }, { 'value': '/tape/pool' },
{ 'value': '/tape/job' }, { 'value': '/tape/job' },
], ],