* [pve-devel] [PATCH manager] tasks: allow API tokens to query their own UPIDs
@ 2020-09-23 8:38 Fabian Grünbichler
2020-09-23 8:38 ` [pve-devel] [PATCH proxmox-widget-toolkit] tasks: include API token ID if available Fabian Grünbichler
2020-09-25 5:42 ` [pve-devel] applied: [PATCH manager] tasks: allow API tokens to query their own UPIDs Thomas Lamprecht
0 siblings, 2 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2020-09-23 8:38 UTC (permalink / raw)
To: pve-devel
and regular users to read all their own tasks as well as those of their
associated tokens.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
PVE/API2/Tasks.pm | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/PVE/API2/Tasks.pm b/PVE/API2/Tasks.pm
index 5dc6a4ad..8f6ab603 100644
--- a/PVE/API2/Tasks.pm
+++ b/PVE/API2/Tasks.pm
@@ -24,6 +24,18 @@ my $convert_token_task = sub {
}
};
+my $check_task_user = sub {
+ my ($task, $user) = @_;
+
+ if ($task->{tokenid}) {
+ my $fulltoken = PVE::AccessControl::join_tokenid($task->{user}, $task->{tokenid});
+ # token only sees token tasks, user sees user + token tasks
+ return $user eq $fulltoken || $user eq $task->{user};
+ } else {
+ return $user eq $task->{user};
+ }
+};
+
__PACKAGE__->register_method({
name => 'node_tasks',
path => '',
@@ -126,7 +138,7 @@ __PACKAGE__->register_method({
my $task = shift;
return 1 if $userfilter && $task->{user} !~ m/\Q$userfilter\E/i;
- return 1 if !($auditor || $user eq $task->{user});
+ return 1 if !($auditor || $check_task_user->($task, $user));
return 1 if $typefilter && $task->{type} ne $typefilter;
@@ -253,7 +265,7 @@ __PACKAGE__->register_method({
$convert_token_task->($task);
- if ($user ne $task->{user}) {
+ if (!$check_task_user->($task, $user)) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Modify' ]);
}
@@ -322,7 +334,7 @@ __PACKAGE__->register_method({
$convert_token_task->($task);
- if ($user ne $task->{user}) {
+ if (!$check_task_user->($task, $user)) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
}
@@ -380,7 +392,7 @@ __PACKAGE__->register_method({
$convert_token_task->($task);
- if ($user ne $task->{user}) {
+ if (!$check_task_user->($task, $user)) {
$rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
}
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] [PATCH proxmox-widget-toolkit] tasks: include API token ID if available
2020-09-23 8:38 [pve-devel] [PATCH manager] tasks: allow API tokens to query their own UPIDs Fabian Grünbichler
@ 2020-09-23 8:38 ` Fabian Grünbichler
2020-09-25 5:44 ` [pve-devel] applied: " Thomas Lamprecht
2020-09-25 5:42 ` [pve-devel] applied: [PATCH manager] tasks: allow API tokens to query their own UPIDs Thomas Lamprecht
1 sibling, 1 reply; 4+ messages in thread
From: Fabian Grünbichler @ 2020-09-23 8:38 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/data/ProxmoxProxy.js | 2 +-
src/window/TaskViewer.js | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/data/ProxmoxProxy.js b/src/data/ProxmoxProxy.js
index 7df8f28..f716113 100644
--- a/src/data/ProxmoxProxy.js
+++ b/src/data/ProxmoxProxy.js
@@ -55,7 +55,7 @@ Ext.define('Proxmox.RestProxy', {
return 0;
},
},
- 'node', 'upid', 'user', 'status', 'type', 'id',
+ 'node', 'upid', 'user', 'tokenid', 'status', 'type', 'id',
],
idProperty: 'upid',
});
diff --git a/src/window/TaskViewer.js b/src/window/TaskViewer.js
index 51715f8..b167d0b 100644
--- a/src/window/TaskViewer.js
+++ b/src/window/TaskViewer.js
@@ -130,6 +130,10 @@ Ext.define('Proxmox.window.TaskViewer', {
renderer: Ext.String.htmlEncode,
required: true,
},
+ tokenid: {
+ header: gettext('API Token'),
+ renderer: Ext.String.htmlEncode,
+ },
node: {
header: gettext('Node'),
required: true,
--
2.20.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH manager] tasks: allow API tokens to query their own UPIDs
2020-09-23 8:38 [pve-devel] [PATCH manager] tasks: allow API tokens to query their own UPIDs Fabian Grünbichler
2020-09-23 8:38 ` [pve-devel] [PATCH proxmox-widget-toolkit] tasks: include API token ID if available Fabian Grünbichler
@ 2020-09-25 5:42 ` Thomas Lamprecht
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2020-09-25 5:42 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
On 23.09.20 10:38, Fabian Grünbichler wrote:
> and regular users to read all their own tasks as well as those of their
> associated tokens.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> PVE/API2/Tasks.pm | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pve-devel] applied: [PATCH proxmox-widget-toolkit] tasks: include API token ID if available
2020-09-23 8:38 ` [pve-devel] [PATCH proxmox-widget-toolkit] tasks: include API token ID if available Fabian Grünbichler
@ 2020-09-25 5:44 ` Thomas Lamprecht
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2020-09-25 5:44 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
On 23.09.20 10:38, Fabian Grünbichler wrote:
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> src/data/ProxmoxProxy.js | 2 +-
> src/window/TaskViewer.js | 4 ++++
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
>
applied, thanks! Albeit, I do not like how it orders at the end, not after userid like intended.
This is because it isn't marked as "required", seems even a bit like a bug, I'll check it out a bit..
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-09-25 5:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-23 8:38 [pve-devel] [PATCH manager] tasks: allow API tokens to query their own UPIDs Fabian Grünbichler
2020-09-23 8:38 ` [pve-devel] [PATCH proxmox-widget-toolkit] tasks: include API token ID if available Fabian Grünbichler
2020-09-25 5:44 ` [pve-devel] applied: " Thomas Lamprecht
2020-09-25 5:42 ` [pve-devel] applied: [PATCH manager] tasks: allow API tokens to query their own UPIDs Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal