From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5773E61913 for ; Wed, 14 Oct 2020 08:33:47 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 440F413D15 for ; Wed, 14 Oct 2020 08:33:47 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 44F0D13D04 for ; Wed, 14 Oct 2020 08:33:45 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 10BD145D29 for ; Wed, 14 Oct 2020 08:33:45 +0200 (CEST) Date: Wed, 14 Oct 2020 08:33:29 +0200 (CEST) From: Dietmar Maurer To: Proxmox Backup Server development discussion , Dylan Whyte Message-ID: <1757107249.88.1602657210365@webmail.proxmox.com> In-Reply-To: <20201013085841.22773-1-d.whyte@proxmox.com> References: <20201013085841.22773-1-d.whyte@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.4-Rev10 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.070 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [datastore.rs, proxmox.com] Subject: Re: [pbs-devel] [PATCH proxmox-backup 1/2] fix #2847: api: datastore: change backup owner X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2020 06:33:47 -0000 applied a modified version, see comments inline: > On 10/13/2020 10:58 AM Dylan Whyte wrote: > > > This adds an api method to change the owner of > a backup-group. > > Signed-off-by: Dylan Whyte > --- > src/api2/admin/datastore.rs | 56 +++++++++++++++++++++++++++++++++++++ > 1 file changed, 56 insertions(+) > > diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs > index c260b62d..f4c4e2de 100644 > --- a/src/api2/admin/datastore.rs > +++ b/src/api2/admin/datastore.rs > @@ -1492,6 +1492,57 @@ fn set_notes( > Ok(()) > } > > +#[api( > + input: { > + properties: { > + store: { > + schema: DATASTORE_SCHEMA, > + }, > + group: { > + description: "Backup group.", > + }, All others method in this api path uses "backup-type" and "backup-id", so I prefer to use that here too. > + "new-owner": { > + description: "Userid of new owner.", > + }, Using "String" as type is much too generic. This should be: "new-owner": { type: Userid, }, > + }, > + }, > + access: { > + permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY, true), > + }, > +)] > +/// Change owner of a backup group > +fn set_backup_owner( > + store: String, > + group: String, > + new_owner: String, > + rpcenv: &mut dyn RpcEnvironment, > +) -> Result<(), Error> { > + > + let datastore = DataStore::lookup_datastore(&store)?; > + > + // user requesting change of owner > + let userid: Userid = rpcenv.get_user().unwrap().parse()?; > + let user_info = CachedUserInfo::new()?; > + let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]); > + > + let backup_group: BackupGroup = group.parse()?; > + > + let new_owner: Userid = new_owner.parse()?; > + let new_owner_info = CachedUserInfo::new()?; There is no need to get CachedUserInfo::new() twice! > + > + if new_owner_info.is_active_user(&new_owner) { > + let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0; > + if !allowed { check_backup_owner(&datastore, &backup_group, &userid)?; } Also, this check is redundant, because the rest server already verifies the "access" permissions. I removed that for now. Fabian will extend this when he add the api token patches. > + > + datastore.set_owner(&backup_group, &new_owner, true)?; > + > + } else { > + bail!("user {} is inactive or non-existent", new_owner); > + } > + > + Ok(()) > +} > + > #[sortable] > const DATASTORE_INFO_SUBDIRS: SubdirMap = &[ > ( > @@ -1499,6 +1550,11 @@ const DATASTORE_INFO_SUBDIRS: SubdirMap = &[ > &Router::new() > .get(&API_METHOD_CATALOG) > ), > + ( > + "change-owner", > + &Router::new() > + .post(&API_METHOD_SET_BACKUP_OWNER) > + ), > ( > "download", > &Router::new() > -- > 2.20.1 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel