tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

api: datastore status: adhere to NS privs for non-owner

Browse Source 
Not only check all owned backup groups, but also all that an auth_id
has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace.

best viewed with whitespace change ignore (-w)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-05-19 12:32:27 +02:00
parent 71cad8cac0
commit f12f408e91
1 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/api2/admin/datastore.rs
View File

@ -615,9 +615,15 @@ pub fn list_snapshots(
fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> { fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> {
let root_ns = Default::default(); let root_ns = Default::default();
ListAccessibleBackupGroups::new(store, root_ns, MAX_NAMESPACE_DEPTH, owner)?.try_fold( ListAccessibleBackupGroups::new_with_privs(
Counts::default(), store,
|mut counts, group| { root_ns,
MAX_NAMESPACE_DEPTH,
Some(PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ),
None,
owner,
)?
.try_fold(Counts::default(), |mut counts, group| {
let group = match group { let group = match group {
Ok(group) => group, Ok(group) => group,
Err(_) => return Ok(counts), // TODO: add this as error counts? Err(_) => return Ok(counts), // TODO: add this as error counts?
@ -637,8 +643,7 @@ fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result
} }
Ok(counts) Ok(counts)
}, })
)
} }
#[api( #[api(