api: datastore status: adhere to NS privs for non-owner

Not only check all owned backup groups, but also all that an auth_id has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace. best viewed with whitespace change ignore (-w) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-05-19 12:32:27 +02:00 · 2022-05-19 12:32:27 +02:00 · f12f408e91
parent 71cad8cac0
commit f12f408e91
1 changed files with 26 additions and 21 deletions
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -615,30 +615,35 @@ pub fn list_snapshots(
 fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> {
    let root_ns = Default::default();
-    ListAccessibleBackupGroups::new(store, root_ns, MAX_NAMESPACE_DEPTH, owner)?.try_fold(
+    ListAccessibleBackupGroups::new_with_privs(
-        Counts::default(),
+        store,
-        |mut counts, group| {
+        root_ns,
-            let group = match group {
+        MAX_NAMESPACE_DEPTH,
-                Ok(group) => group,
+        Some(PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ),
-                Err(_) => return Ok(counts), // TODO: add this as error counts?
+        None,
        owner,
    )?
    .try_fold(Counts::default(), |mut counts, group| {
        let group = match group {
            Ok(group) => group,
            Err(_) => return Ok(counts), // TODO: add this as error counts?
        };
        let snapshot_count = group.list_backups()?.len() as u64;
        // only include groups with snapshots, counting/displaying emtpy groups can confuse
        if snapshot_count > 0 {
            let type_count = match group.backup_type() {
                BackupType::Ct => counts.ct.get_or_insert(Default::default()),
                BackupType::Vm => counts.vm.get_or_insert(Default::default()),
                BackupType::Host => counts.host.get_or_insert(Default::default()),
            };
            let snapshot_count = group.list_backups()?.len() as u64;
-            // only include groups with snapshots, counting/displaying emtpy groups can confuse
+            type_count.groups += 1;
-            if snapshot_count > 0 {
+            type_count.snapshots += snapshot_count;
-                let type_count = match group.backup_type() {
+        }
                    BackupType::Ct => counts.ct.get_or_insert(Default::default()),
                    BackupType::Vm => counts.vm.get_or_insert(Default::default()),
                    BackupType::Host => counts.host.get_or_insert(Default::default()),
                };
-                type_count.groups += 1;
+        Ok(counts)
-                type_count.snapshots += snapshot_count;
+    })
            }
            Ok(counts)
        },
    )
 }
 #[api(