all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner
@ 2020-10-13  8:58 Dylan Whyte
  2020-10-13  8:58 ` [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd Dylan Whyte
  2020-10-14  6:33 ` [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dietmar Maurer
  0 siblings, 2 replies; 4+ messages in thread
From: Dylan Whyte @ 2020-10-13  8:58 UTC (permalink / raw)
  To: pbs-devel

This adds an api method to change the owner of
a backup-group.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 src/api2/admin/datastore.rs | 56 +++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index c260b62d..f4c4e2de 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -1492,6 +1492,57 @@ fn set_notes(
     Ok(())
 }
 
+#[api(
+   input: {
+        properties: {
+            store: {
+                schema: DATASTORE_SCHEMA,
+            },
+            group: {
+                description: "Backup group.",
+            },
+            "new-owner": {
+                description: "Userid of new owner.",
+            },
+        },
+   },
+   access: {
+       permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
+   },
+)]
+/// Change owner of a backup group
+fn set_backup_owner(
+    store: String,
+    group: String,
+    new_owner: String,
+    rpcenv: &mut dyn RpcEnvironment,
+) -> Result<(), Error> {
+
+    let datastore = DataStore::lookup_datastore(&store)?;
+
+    // user requesting change of owner
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
+    let user_info = CachedUserInfo::new()?;
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
+
+    let backup_group: BackupGroup = group.parse()?;
+
+    let new_owner: Userid = new_owner.parse()?;
+    let new_owner_info = CachedUserInfo::new()?;
+
+    if new_owner_info.is_active_user(&new_owner) {
+        let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
+        if !allowed { check_backup_owner(&datastore, &backup_group, &userid)?; }
+
+        datastore.set_owner(&backup_group, &new_owner, true)?;
+
+    } else {
+        bail!("user {} is inactive or non-existent", new_owner);
+    }
+
+    Ok(())
+}
+
 #[sortable]
 const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
     (
@@ -1499,6 +1550,11 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
         &Router::new()
             .get(&API_METHOD_CATALOG)
     ),
+    (
+        "change-owner",
+        &Router::new()
+            .post(&API_METHOD_SET_BACKUP_OWNER)
+    ),
     (
         "download",
         &Router::new()
-- 
2.20.1





^ permalink raw reply	[flat|nested] 4+ messages in thread
* [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd
  2020-10-13  8:58 [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dylan Whyte
@ 2020-10-13  8:58 ` Dylan Whyte
  2020-10-14  6:56   ` Dietmar Maurer
  2020-10-14  6:33 ` [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dietmar Maurer
  1 sibling, 1 reply; 4+ messages in thread
From: Dylan Whyte @ 2020-10-13  8:58 UTC (permalink / raw)
  To: pbs-devel

This adds a change-owner command to proxmox-backup-client,
that allows a caller with datastore modify privileges
to change the owner of a backup-group.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 src/bin/proxmox-backup-client.rs | 43 +++++++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
index 97398f49..90cb8378 100644
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@@ -412,6 +412,41 @@ async fn list_backup_groups(param: Value) -> Result<Value, Error> {
     Ok(Value::Null)
 }
 
+#[api(
+   input: {
+        properties: {
+            repository: {
+                schema: REPO_URL_SCHEMA,
+                optional: true,
+            },
+            group: {
+                type: String,
+                description: "Backup group.",
+            },
+            "new-owner": {
+                type: String,
+                description: "Userid to transfer ownership to",
+            },
+        }
+   }
+)]
+/// Change owner of a backup group
+async fn change_backup_owner(mut param: Value) -> Result<(), Error> {
+
+    let repo = extract_repository_from_value(&param)?;
+
+    let mut client = connect(repo.host(), repo.port(), repo.user())?;
+
+    param.as_object_mut().unwrap().remove("repository");
+
+    let path = format!("api2/json/admin/datastore/{}/change-owner", repo.store());
+    client.post(&path, Some(param)).await?;
+
+    record_repository(&repo);
+
+    Ok(())
+}
+
 #[api(
    input: {
         properties: {
@@ -1967,6 +2002,11 @@ fn main() {
     let version_cmd_def = CliCommand::new(&API_METHOD_API_VERSION)
         .completion_cb("repository", complete_repository);
 
+    let change_owner_cmd_def = CliCommand::new(&API_METHOD_CHANGE_BACKUP_OWNER)
+        .arg_param(&["group", "new-owner"])
+        .completion_cb("group", complete_backup_group)
+        .completion_cb("repository", complete_repository);
+
     let cmd_def = CliCommandMap::new()
         .insert("backup", backup_cmd_def)
         .insert("upload-log", upload_log_cmd_def)
@@ -1987,7 +2027,8 @@ fn main() {
         .insert("catalog", catalog_mgmt_cli())
         .insert("task", task_mgmt_cli())
         .insert("version", version_cmd_def)
-        .insert("benchmark", benchmark_cmd_def);
+        .insert("benchmark", benchmark_cmd_def)
+        .insert("change-owner", change_owner_cmd_def);
 
     let rpcenv = CliEnvironment::new();
     run_cli_command(cmd_def, rpcenv, Some(|future| {
-- 
2.20.1





^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner
  2020-10-13  8:58 [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dylan Whyte
  2020-10-13  8:58 ` [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd Dylan Whyte
@ 2020-10-14  6:33 ` Dietmar Maurer
  1 sibling, 0 replies; 4+ messages in thread
From: Dietmar Maurer @ 2020-10-14  6:33 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Dylan Whyte

applied a modified version, see comments inline:

> On 10/13/2020 10:58 AM Dylan Whyte <d.whyte@proxmox.com> wrote:
> 
>  
> This adds an api method to change the owner of
> a backup-group.
> 
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>  src/api2/admin/datastore.rs | 56 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 56 insertions(+)
> 
> diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
> index c260b62d..f4c4e2de 100644
> --- a/src/api2/admin/datastore.rs
> +++ b/src/api2/admin/datastore.rs
> @@ -1492,6 +1492,57 @@ fn set_notes(
>      Ok(())
>  }
>  
> +#[api(
> +   input: {
> +        properties: {
> +            store: {
> +                schema: DATASTORE_SCHEMA,
> +            },
> +            group: {
> +                description: "Backup group.",
> +            },

All others method in this api path uses "backup-type" and "backup-id", so I prefer to use
that here too.

> +            "new-owner": {
> +                description: "Userid of new owner.",
> +            },

Using "String" as type is much too generic. This should be:

            "new-owner": {
                type: Userid,
            },


> +        },
> +   },
> +   access: {
> +       permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true),
> +   },
> +)]
> +/// Change owner of a backup group
> +fn set_backup_owner(
> +    store: String,
> +    group: String,
> +    new_owner: String,
> +    rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<(), Error> {
> +
> +    let datastore = DataStore::lookup_datastore(&store)?;
> +
> +    // user requesting change of owner
> +    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
> +
> +    let backup_group: BackupGroup = group.parse()?;
> +
> +    let new_owner: Userid = new_owner.parse()?;
> +    let new_owner_info = CachedUserInfo::new()?;

There is no need to get CachedUserInfo::new() twice!

> +
> +    if new_owner_info.is_active_user(&new_owner) {
> +        let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
> +        if !allowed { check_backup_owner(&datastore, &backup_group, &userid)?; }

Also, this check is redundant, because the rest server already verifies the "access" permissions.
I removed that for now. Fabian will extend this when he add the api token patches.

> +
> +        datastore.set_owner(&backup_group, &new_owner, true)?;
> +
> +    } else {
> +        bail!("user {} is inactive or non-existent", new_owner);
> +    }
> +
> +    Ok(())
> +}
> +
>  #[sortable]
>  const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
>      (
> @@ -1499,6 +1550,11 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[
>          &Router::new()
>              .get(&API_METHOD_CATALOG)
>      ),
> +    (
> +        "change-owner",
> +        &Router::new()
> +            .post(&API_METHOD_SET_BACKUP_OWNER)
> +    ),
>      (
>          "download",
>          &Router::new()
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd
  2020-10-13  8:58 ` [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd Dylan Whyte
@ 2020-10-14  6:56   ` Dietmar Maurer
  0 siblings, 0 replies; 4+ messages in thread
From: Dietmar Maurer @ 2020-10-14  6:56 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Dylan Whyte

applied, adopted to previous api changes

> On 10/13/2020 10:58 AM Dylan Whyte <d.whyte@proxmox.com> wrote:
> 
>  
> This adds a change-owner command to proxmox-backup-client,
> that allows a caller with datastore modify privileges
> to change the owner of a backup-group.
> 
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>  src/bin/proxmox-backup-client.rs | 43 +++++++++++++++++++++++++++++++-
>  1 file changed, 42 insertions(+), 1 deletion(-)
> 
> diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
> index 97398f49..90cb8378 100644
> --- a/src/bin/proxmox-backup-client.rs
> +++ b/src/bin/proxmox-backup-client.rs
> @@ -412,6 +412,41 @@ async fn list_backup_groups(param: Value) -> Result<Value, Error> {
>      Ok(Value::Null)
>  }
>  
> +#[api(
> +   input: {
> +        properties: {
> +            repository: {
> +                schema: REPO_URL_SCHEMA,
> +                optional: true,
> +            },
> +            group: {
> +                type: String,
> +                description: "Backup group.",
> +            },
> +            "new-owner": {
> +                type: String,

 type: Userid

> +                description: "Userid to transfer ownership to",
> +            },
> +        }
> +   }
> +)]
> +/// Change owner of a backup group
> +async fn change_backup_owner(mut param: Value) -> Result<(), Error> {
> +
> +    let repo = extract_repository_from_value(&param)?;
> +
> +    let mut client = connect(repo.host(), repo.port(), repo.user())?;
> +
> +    param.as_object_mut().unwrap().remove("repository");
> +
> +    let path = format!("api2/json/admin/datastore/{}/change-owner", repo.store());
> +    client.post(&path, Some(param)).await?;
> +
> +    record_repository(&repo);
> +
> +    Ok(())
> +}
> +
>  #[api(
>     input: {
>          properties: {
> @@ -1967,6 +2002,11 @@ fn main() {
>      let version_cmd_def = CliCommand::new(&API_METHOD_API_VERSION)
>          .completion_cb("repository", complete_repository);
>  
> +    let change_owner_cmd_def = CliCommand::new(&API_METHOD_CHANGE_BACKUP_OWNER)
> +        .arg_param(&["group", "new-owner"])
> +        .completion_cb("group", complete_backup_group)
 
added:  .completion_cb("new-owner",  complete_user_name)
 
> +        .completion_cb("repository", complete_repository);
> +
>      let cmd_def = CliCommandMap::new()
>          .insert("backup", backup_cmd_def)
>          .insert("upload-log", upload_log_cmd_def)
> @@ -1987,7 +2027,8 @@ fn main() {
>          .insert("catalog", catalog_mgmt_cli())
>          .insert("task", task_mgmt_cli())
>          .insert("version", version_cmd_def)
> -        .insert("benchmark", benchmark_cmd_def);
> +        .insert("benchmark", benchmark_cmd_def)
> +        .insert("change-owner", change_owner_cmd_def);
>  
>      let rpcenv = CliEnvironment::new();
>      run_cli_command(cmd_def, rpcenv, Some(|future| {
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-14  6:57 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-13  8:58 [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dylan Whyte
2020-10-13  8:58 ` [pbs-devel] [PATCH proxmox-backup 2/2] fix #2847: proxmox-backup-client: add change-owner cmd Dylan Whyte
2020-10-14  6:56   ` Dietmar Maurer
2020-10-14  6:33 ` [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner Dietmar Maurer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal