Re: [pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary

From: "Lukas Wagner" <l.wagner@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
	<pdm-devel@lists.proxmox.com>
Cc: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH proxmox-datacenter-manager 04/12] api: add API for retrieving/refreshing the remote update summary
Date: Fri, 17 Oct 2025 09:44:28 +0200	[thread overview]
Message-ID: <DDKFH53O7BFQ.3OI7U3O0YKDOA@proxmox.com> (raw)
In-Reply-To: <20251015124711.312943-5-l.wagner@proxmox.com>

On Wed Oct 15, 2025 at 2:47 PM CEST, Lukas Wagner wrote:
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Return available update summary for managed remote nodes.
> +pub fn update_summary(rpcenv: &mut dyn RpcEnvironment) -> Result<UpdateSummary, Error> {
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");

Just read the discussion regarding the usage of FORBIDDEN vs
UNAUTHORIZED - will change this to FORBIDDEN in a v2 (after any other
review feedback, just so to avoid noise on the list)

> +    }
> +
> +    let mut update_summary = remote_updates::get_available_updates_summary()?;
> +
> +    update_summary.remotes.retain(|remote_name, _| {
> +        user_info
> +            .check_privs(
> +                &auth_id,
> +                &["resource", remote_name],
> +                PRIV_RESOURCE_MODIFY,
> +                false,
> +            )
> +            .is_ok()
> +    });
> +
> +    Ok(update_summary)
> +}
> +
> +#[api(
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Resource.Modify privileges are needed on /resource/{remote}",
> +    },
> +)]
> +/// Refresh the update summary of all remotes.
> +pub fn refresh_remote_update_summaries(rpcenv: &mut dyn RpcEnvironment) -> Result<UPID, Error> {
> +    let (config, _digest) = pdm_config::remotes::config()?;
> +
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let user_info = CachedUserInfo::new()?;
> +
> +    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_MODIFY)? {
> +        http_bail!(UNAUTHORIZED, "user has no access to resources");

Same here.

> +    }
> +
> +    let remotes: Vec<Remote> = config
> +        .into_iter()
> +        .filter_map(|(remote_name, remote)| {
> +            user_info
> +                .check_privs(
> +                    &auth_id,
> +                    &["resource", &remote_name],
> +                    PRIV_RESOURCE_MODIFY,
> +                    false,
> +                )
> +                .is_ok()
> +                .then_some(remote)
> +        })
> +        .collect();
> +
> +    let upid_str = WorkerTask::spawn(
> +        "refresh-remote-updates",
> +        None,
> +        auth_id.to_string(),
> +        true,
> +        |_worker| async {
> +            // TODO: Add more verbose logging per remote/node, so we can actually see something
> +            // interesting in the task log.
> +            remote_updates::refresh_update_summary_cache(remotes).await?;
> +            Ok(())
> +        },
> +    )?;
> +
> +    upid_str.parse()
> +}

_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel