api: datastore status: adhere to NS privs for non-owner

Not only check all owned backup groups, but also all that an auth_id has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace. best viewed with whitespace change ignore (-w) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-05-19 12:32:27 +02:00 · 2022-05-19 12:32:27 +02:00 · f12f408e91
parent 71cad8cac0
commit f12f408e91
1 changed files with 26 additions and 21 deletions
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -615,9 +615,15 @@ pub fn list_snapshots(

 fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> {
    let root_ns = Default::default();
-    ListAccessibleBackupGroups::new(store, root_ns, MAX_NAMESPACE_DEPTH, owner)?.try_fold(
-        Counts::default(),
-        |mut counts, group| {
+    ListAccessibleBackupGroups::new_with_privs(
+        store,
+        root_ns,
+        MAX_NAMESPACE_DEPTH,
+        Some(PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ),
+        None,
+        owner,
+    )?
+    .try_fold(Counts::default(), |mut counts, group| {
        let group = match group {
            Ok(group) => group,
            Err(_) => return Ok(counts), // TODO: add this as error counts?
@ -637,8 +643,7 @@ fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result
        }

        Ok(counts)
-        },
-    )
+    })
 }

 #[api(