From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 2/2] always allow retrieving (censored) subscription info
Date: Wed, 16 Sep 2020 11:51:13 +0200 [thread overview]
Message-ID: <20200916095113.4040822-2-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20200916095113.4040822-1-f.gruenbichler@proxmox.com>
like we do for PVE. this is visible on the dashboard, and caused 403 on
each update which bothers me when looking at the dev console.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
this will need more work once we actually introduce subscription keys, but
seems good enough for now..
src/api2/node/subscription.rs | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/src/api2/node/subscription.rs b/src/api2/node/subscription.rs
index 186019cb..f8b14187 100644
--- a/src/api2/node/subscription.rs
+++ b/src/api2/node/subscription.rs
@@ -1,11 +1,12 @@
use anyhow::{Error};
use serde_json::{json, Value};
-use proxmox::api::{api, Router, Permission};
+use proxmox::api::{api, Router, RpcEnvironment, Permission};
use crate::tools;
use crate::config::acl::PRIV_SYS_AUDIT;
-use crate::api2::types::NODE_SCHEMA;
+use crate::config::cached_user_info::CachedUserInfo;
+use crate::api2::types::{NODE_SCHEMA, Userid};
#[api(
input: {
@@ -28,7 +29,7 @@ use crate::api2::types::NODE_SCHEMA;
},
serverid: {
type: String,
- description: "The unique server ID.",
+ description: "The unique server ID, if permitted to access.",
},
url: {
type: String,
@@ -37,18 +38,29 @@ use crate::api2::types::NODE_SCHEMA;
},
},
access: {
- permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+ permission: &Permission::Anybody,
},
)]
/// Read subscription info.
-fn get_subscription(_param: Value) -> Result<Value, Error> {
+fn get_subscription(
+ _param: Value,
+ rpcenv: &mut dyn RpcEnvironment,
+) -> Result<Value, Error> {
+ let userid: Userid = rpcenv.get_user().unwrap().parse()?;
+ let user_info = CachedUserInfo::new()?;
+ let user_privs = user_info.lookup_privs(&userid, &[]);
+ let server_id = if (user_privs & PRIV_SYS_AUDIT) != 0 {
+ tools::get_hardware_address()?
+ } else {
+ "hidden".to_string()
+ };
let url = "https://www.proxmox.com/en/proxmox-backup-server/pricing";
Ok(json!({
"status": "NotFound",
- "message": "There is no subscription key",
- "serverid": tools::get_hardware_address()?,
- "url": url,
+ "message": "There is no subscription key",
+ "serverid": server_id,
+ "url": url,
}))
}
--
2.20.1
next prev parent reply other threads:[~2020-09-16 9:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-16 9:51 [pbs-devel] [PATCH proxmox-backup 1/2] fix #2957: allow Sys.Audit access to node RRD Fabian Grünbichler
2020-09-16 9:51 ` Fabian Grünbichler [this message]
2020-09-17 4:04 ` [pbs-devel] applied: [PATCH proxmox-backup 2/2] always allow retrieving (censored) subscription info Dietmar Maurer
2020-09-17 4:03 ` [pbs-devel] applied: [PATCH proxmox-backup 1/2] fix #2957: allow Sys.Audit access to node RRD Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200916095113.4040822-2-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal