From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 4/8] clippy: rewrite ifs with identical return values
Date: Wed, 20 Jan 2021 17:23:51 +0100 [thread overview]
Message-ID: <20210120162355.2750802-5-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20210120162355.2750802-1-f.gruenbichler@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/api2/access.rs | 32 +++++++++++++-------------------
src/api2/node/tasks.rs | 16 ++++++----------
2 files changed, 19 insertions(+), 29 deletions(-)
diff --git a/src/api2/access.rs b/src/api2/access.rs
index 61d0f74e..b4d78395 100644
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@@ -25,6 +25,7 @@ pub mod role;
pub mod tfa;
pub mod user;
+#[allow(clippy::large_enum_variant)]
enum AuthResult {
/// Successful authentication which does not require a new ticket.
Success,
@@ -329,27 +330,20 @@ pub fn list_permissions(
let user_info = CachedUserInfo::new()?;
let user_privs = user_info.lookup_privs(¤t_auth_id, &["access"]);
- let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
- match auth_id {
- Some(auth_id) => {
- if auth_id == current_auth_id {
- auth_id
- } else if auth_id.is_token()
+ let auth_id = match auth_id {
+ Some(auth_id) if auth_id == current_auth_id => current_auth_id,
+ Some(auth_id) => {
+ if user_privs & PRIV_SYS_AUDIT != 0
+ || (auth_id.is_token()
&& !current_auth_id.is_token()
- && auth_id.user() == current_auth_id.user()
- {
- auth_id
- } else {
- bail!("not allowed to list permissions of {}", auth_id);
- }
+ && auth_id.user() == current_auth_id.user())
+ {
+ auth_id
+ } else {
+ bail!("not allowed to list permissions of {}", auth_id);
}
- None => current_auth_id,
- }
- } else {
- match auth_id {
- Some(auth_id) => auth_id,
- None => current_auth_id,
- }
+ },
+ None => current_auth_id,
};
fn populate_acl_paths(
diff --git a/src/api2/node/tasks.rs b/src/api2/node/tasks.rs
index 8de35ca9..99470531 100644
--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
} else {
let user_info = CachedUserInfo::new()?;
- let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
- if task_privs & PRIV_SYS_AUDIT != 0 {
- // allowed to read all tasks in general
- Ok(())
- } else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
- // job which the user/token could have configured/manually executed
- Ok(())
- } else {
- bail!("task access not allowed");
- }
+ // access to all tasks
+ // or task == job which the user/token could have configured/manually executed
+
+ user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
+ .or_else(|_| check_job_privs(&auth_id, &user_info, upid))
+ .or_else(|_| bail!("task access not allowed"))
}
}
--
2.20.1
next prev parent reply other threads:[~2021-01-20 16:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 16:23 [pbs-devel] [PATCH proxmox-backup 0/8] clippy fixes Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 1/8] clippy: add is_empty() when len() is implemented Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 2/8] clippy: fix Mutex with unused value Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 3/8] clippy: rewrite comparison chains Fabian Grünbichler
2021-01-20 16:23 ` Fabian Grünbichler [this message]
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 5/8] apt: let api handle optional bool with default Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 6/8] rework GC traversal error handling Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 7/8] http-client: fix typoed ticket cache condition Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 8/8] http-client: further clippy cleanups Fabian Grünbichler
2021-01-25 10:52 ` [pbs-devel] applied series: [PATCH proxmox-backup 0/8] clippy fixes Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210120162355.2750802-5-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.