From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9DE3261733 for ; Thu, 17 Dec 2020 15:27:54 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 968E7278AD for ; Thu, 17 Dec 2020 15:27:54 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 16E5D278A3 for ; Thu, 17 Dec 2020 15:27:54 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D828045216 for ; Thu, 17 Dec 2020 15:27:53 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Thu, 17 Dec 2020 15:27:44 +0100 Message-Id: <20201217142745.661843-2-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201217142745.661843-1-f.gruenbichler@proxmox.com> References: <20201217142745.661843-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.024 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [acl.rs] Subject: [pbs-devel] [RFC proxmox-backup 2/3] acl: reformat privileges X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2020 14:27:54 -0000 for better readability, and tell rustfmt to leave those definitions alone. Signed-off-by: Fabian Grünbichler --- src/config/acl.rs | 73 ++++++++++++++++++++++++++--------------------- 1 file changed, 41 insertions(+), 32 deletions(-) diff --git a/src/config/acl.rs b/src/config/acl.rs index 8503a2ab..04a01b51 100644 --- a/src/config/acl.rs +++ b/src/config/acl.rs @@ -74,56 +74,65 @@ pub const ROLE_ADMIN: u64 = std::u64::MAX; /// NoAccess can be used to remove privileges from specific (sub-)paths pub const ROLE_NO_ACCESS: u64 = 0; +#[rustfmt::skip] /// Audit can view configuration and status information, but not modify it. -pub const ROLE_AUDIT: u64 = -PRIV_SYS_AUDIT | -PRIV_DATASTORE_AUDIT; +pub const ROLE_AUDIT: u64 = 0 + | PRIV_SYS_AUDIT + | PRIV_DATASTORE_AUDIT; +#[rustfmt::skip] /// Datastore.Admin can do anything on the datastore. -pub const ROLE_DATASTORE_ADMIN: u64 = -PRIV_DATASTORE_AUDIT | -PRIV_DATASTORE_MODIFY | -PRIV_DATASTORE_READ | -PRIV_DATASTORE_VERIFY | -PRIV_DATASTORE_BACKUP | -PRIV_DATASTORE_PRUNE; - +pub const ROLE_DATASTORE_ADMIN: u64 = 0 + | PRIV_DATASTORE_AUDIT + | PRIV_DATASTORE_MODIFY + | PRIV_DATASTORE_READ + | PRIV_DATASTORE_VERIFY + | PRIV_DATASTORE_BACKUP + | PRIV_DATASTORE_PRUNE; + +#[rustfmt::skip] /// Datastore.Reader can read/verify datastore content and do restore -pub const ROLE_DATASTORE_READER: u64 = -PRIV_DATASTORE_AUDIT | -PRIV_DATASTORE_VERIFY | -PRIV_DATASTORE_READ; +pub const ROLE_DATASTORE_READER: u64 = 0 + | PRIV_DATASTORE_AUDIT + | PRIV_DATASTORE_VERIFY + | PRIV_DATASTORE_READ; +#[rustfmt::skip] /// Datastore.Backup can do backup and restore, but no prune. -pub const ROLE_DATASTORE_BACKUP: u64 = -PRIV_DATASTORE_BACKUP; +pub const ROLE_DATASTORE_BACKUP: u64 = 0 + | PRIV_DATASTORE_BACKUP; +#[rustfmt::skip] /// Datastore.PowerUser can do backup, restore, and prune. -pub const ROLE_DATASTORE_POWERUSER: u64 = -PRIV_DATASTORE_PRUNE | -PRIV_DATASTORE_BACKUP; +pub const ROLE_DATASTORE_POWERUSER: u64 = 0 + | PRIV_DATASTORE_PRUNE + | PRIV_DATASTORE_BACKUP; +#[rustfmt::skip] /// Datastore.Audit can audit the datastore. -pub const ROLE_DATASTORE_AUDIT: u64 = -PRIV_DATASTORE_AUDIT; +pub const ROLE_DATASTORE_AUDIT: u64 = 0 + | PRIV_DATASTORE_AUDIT; +#[rustfmt::skip] /// Remote.Audit can audit the remote -pub const ROLE_REMOTE_AUDIT: u64 = -PRIV_REMOTE_AUDIT; +pub const ROLE_REMOTE_AUDIT: u64 = 0 + | PRIV_REMOTE_AUDIT; +#[rustfmt::skip] /// Remote.Admin can do anything on the remote. -pub const ROLE_REMOTE_ADMIN: u64 = -PRIV_REMOTE_AUDIT | -PRIV_REMOTE_MODIFY | -PRIV_REMOTE_READ; +pub const ROLE_REMOTE_ADMIN: u64 = 0 + | PRIV_REMOTE_AUDIT + | PRIV_REMOTE_MODIFY + | PRIV_REMOTE_READ; +#[rustfmt::skip] /// Remote.SyncOperator can do read and prune on the remote. -pub const ROLE_REMOTE_SYNC_OPERATOR: u64 = -PRIV_REMOTE_AUDIT | -PRIV_REMOTE_READ; +pub const ROLE_REMOTE_SYNC_OPERATOR: u64 = 0 + | PRIV_REMOTE_AUDIT + | PRIV_REMOTE_READ; /// NoAccess can be used to remove privileges from specific (sub-)paths -pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess"; +pub const ROLE_NAME_NO_ACCESS: &str = "NoAccess"; #[api()] #[repr(u64)] -- 2.20.1