From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id E7530672B3
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 13:38:56 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id DBAF0167A7
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 13:38:56 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id C03241679B
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 13:38:55 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8504F45033
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 13:38:55 +0100 (CET)
To: Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com>,
 =?UTF-8?Q?Fabian_Gr=c3=bcnbichler?= <f.gruenbichler@proxmox.com>
References: <20201109113107.3943824-1-f.gruenbichler@proxmox.com>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Message-ID: <20bb6979-c5d1-c90b-f5e8-2348fcdbec68@proxmox.com>
Date: Mon, 9 Nov 2020 13:38:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101
 Thunderbird/83.0
MIME-Version: 1.0
In-Reply-To: <20201109113107.3943824-1-f.gruenbichler@proxmox.com>
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.109 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH proxmox-backup] www: show more ACLs in
 datastore panel
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 12:38:57 -0000

On 09.11.20 12:31, Fabian Gr=C3=BCnbichler wrote:
> since just the ACLs defined on the exact datastore path don't give
> anywhere near a complete picture of who has access to it.
>=20


Seems like an $ anchor is missing, at least I'm getting a permission
on `/datastore/test` listed not only in that datastore view but also in
a datastore called `testnew`.

> Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
> ---
>  www/config/ACLView.js  | 13 ++++++++++++-
>  www/datastore/Panel.js |  1 -
>  2 files changed, 12 insertions(+), 2 deletions(-)
>=20
> diff --git a/www/config/ACLView.js b/www/config/ACLView.js
> index bf1ea6a9..694fcf7b 100644
> --- a/www/config/ACLView.js
> +++ b/www/config/ACLView.js
> @@ -84,11 +84,22 @@ Ext.define('PBS.config.ACLView', {
> =20
>  	    let params =3D {};
>  	    if (view.aclPath !=3D=3D undefined) {
> -		params.path =3D view.aclPath;
> +		let pathFilter =3D Ext.create('Ext.util.Filter', {
> +		    filterPath: view.aclPath,
> +		    filterFn: function(item) {
> +			let me =3D this;
> +			return me.filterPath.startsWith(item.data.path);
> +		    },
> +		});
> +		view.getStore().addFilter(pathFilter);
>  	    }
>  	    if (view.aclExact !=3D=3D undefined) {
> +		if (view.aclPath !=3D=3D undefined) {
> +		    params.path =3D view.aclPath;
> +		}
>  		params.exact =3D view.aclExact;
>  	    }
> +
>  	    proxy.setExtraParams(params);
>  	    Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
>  	},
> diff --git a/www/datastore/Panel.js b/www/datastore/Panel.js
> index 473aa50c..bca663e8 100644
> --- a/www/datastore/Panel.js
> +++ b/www/datastore/Panel.js
> @@ -90,7 +90,6 @@ Ext.define('PBS.DataStorePanel', {
>  	    itemId: 'acl',
>  	    xtype: 'pbsACLView',
>  	    iconCls: 'fa fa-unlock',
> -	    aclExact: true,
>  	    cbind: {
>  		aclPath: '{aclPath}',
>  	    },
>=20