From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Shan Shaji" <s.shaji@proxmox.com>
Cc: Proxmox Datacenter Manager development discussion
<pdm-devel@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager v2] fix #6794: api: allow non-root users to view stats on dashboard
Date: Fri, 10 Oct 2025 09:56:20 +0200 [thread overview]
Message-ID: <DDEHCERP0Y2N.2V6SELD01NXYL@proxmox.com> (raw)
In-Reply-To: <20251007112801.277946-1-s.shaji@proxmox.com>
On Tue Oct 7, 2025 at 1:28 PM CEST, Shan Shaji wrote:
> When a non-root user logged into PDM, the Top Entities section was
> not visible, even though the required privileges had been assigned.
>
> To fix it allow all authenticated users to access the `/top-entities`
> endpoint. The returned top entities will be filtered by the user's
> permission on what resources they have access to.
>
> Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
> ---
> changes since v1: Thanks @Shannon Sterz
> - Updated commit message.
> - Added access description.
> - Replaced `UNAUTHORIZED` with `FORBIDDEN`.
> - Removed "FIXME" comment.
>
> server/src/api/resources.rs | 27 +++++++++++++++++---
> server/src/metric_collection/top_entities.rs | 5 ++++
> 2 files changed, 29 insertions(+), 3 deletions(-)
>
> diff --git a/server/src/api/resources.rs b/server/src/api/resources.rs
> index a7c3881..1e82c48 100644
> --- a/server/src/api/resources.rs
> +++ b/server/src/api/resources.rs
> @@ -480,7 +480,6 @@ pub async fn get_subscription_status(
> }
>
> // FIXME: make timeframe and count parameters?
> -// FIXME: permissions?
> #[api(
> input: {
> properties: {
> @@ -490,13 +489,35 @@ pub async fn get_subscription_status(
> }
> }
> },
> + access: {
> + permission: &Permission::Anybody,
> + description: "The user needs to have at least `PRIV_RESOURCE_AUDIT` on one resources under `/resource`.
> + Only resources for which the user has `PRIV_RESOURCE_AUDIT` on `/resource/{remote_name}` will be
> + considered when calculating the top entities."
> + },
ah sorry this is my mistaken in the original review, PRIV_RESOURCE_AUDIT
is the internal constant name of that privilege. the user-facing
privilege is called `Resource.Audit`. so this might be nicer here and
more consistent with other api endpoints, sorry for that.
> )]
> /// Returns the top X entities regarding the chosen type
> -async fn get_top_entities(timeframe: Option<RrdTimeframe>) -> Result<TopEntities, Error> {
> +async fn get_top_entities(
> + timeframe: Option<RrdTimeframe>,
> + rpcenv: &mut dyn RpcEnvironment,
> +) -> Result<TopEntities, Error> {
> + let user_info = CachedUserInfo::new()?;
> + let auth_id: Authid = rpcenv
> + .get_auth_id()
> + .ok_or_else(|| format_err!("no authid available"))?
> + .parse()?;
> +
> + if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_AUDIT)? {
> + http_bail!(FORBIDDEN, "user has no access to resources");
> + }
> +
> let (remotes_config, _) = pdm_config::remotes::config()?;
> + let check_remote_privs = |remote_name: &str| {
> + user_info.lookup_privs(&auth_id, &["resource", remote_name]) & PRIV_RESOURCE_AUDIT != 0
> + };
>
> let timeframe = timeframe.unwrap_or(RrdTimeframe::Day);
> - let res = top_entities::calculate_top(&remotes_config, timeframe, 10);
> + let res = top_entities::calculate_top(&remotes_config, timeframe, 10, check_remote_privs);
> Ok(res)
> }
>
> diff --git a/server/src/metric_collection/top_entities.rs b/server/src/metric_collection/top_entities.rs
> index 47fda24..990189a 100644
> --- a/server/src/metric_collection/top_entities.rs
> +++ b/server/src/metric_collection/top_entities.rs
> @@ -36,12 +36,17 @@ pub fn calculate_top(
> remotes: &HashMap<String, pdm_api_types::remotes::Remote>,
> timeframe: proxmox_rrd_api_types::RrdTimeframe,
> num: usize,
> + check_remote_privs: impl Fn(&str) -> bool
> ) -> TopEntities {
> let mut guest_cpu = Vec::new();
> let mut node_cpu = Vec::new();
> let mut node_memory = Vec::new();
>
> for remote_name in remotes.keys() {
> + if !check_remote_privs(remote_name) {
> + continue;
> + }
> +
> if let Some(data) =
> crate::api::resources::get_cached_resources(remote_name, i64::MAX as u64)
> {
other than that, looks good to me so consider this:
Reviewed-by: Shannon Sterz <s.sterz@proxmox.com>
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-10-10 7:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-07 11:28 Shan Shaji
2025-10-10 7:56 ` Shannon Sterz [this message]
2025-10-10 10:44 ` Shan Shaji
2025-10-10 10:56 ` Shan Shaji
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DDEHCERP0Y2N.2V6SELD01NXYL@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
--cc=s.shaji@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.