From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 4/8] clippy: rewrite ifs with identical return values
Date: Wed, 20 Jan 2021 17:23:51 +0100 [thread overview]
Message-ID: <20210120162355.2750802-5-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20210120162355.2750802-1-f.gruenbichler@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/api2/access.rs | 32 +++++++++++++-------------------
src/api2/node/tasks.rs | 16 ++++++----------
2 files changed, 19 insertions(+), 29 deletions(-)
diff --git a/src/api2/access.rs b/src/api2/access.rs
index 61d0f74e..b4d78395 100644
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@@ -25,6 +25,7 @@ pub mod role;
pub mod tfa;
pub mod user;
+#[allow(clippy::large_enum_variant)]
enum AuthResult {
/// Successful authentication which does not require a new ticket.
Success,
@@ -329,27 +330,20 @@ pub fn list_permissions(
let user_info = CachedUserInfo::new()?;
let user_privs = user_info.lookup_privs(¤t_auth_id, &["access"]);
- let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
- match auth_id {
- Some(auth_id) => {
- if auth_id == current_auth_id {
- auth_id
- } else if auth_id.is_token()
+ let auth_id = match auth_id {
+ Some(auth_id) if auth_id == current_auth_id => current_auth_id,
+ Some(auth_id) => {
+ if user_privs & PRIV_SYS_AUDIT != 0
+ || (auth_id.is_token()
&& !current_auth_id.is_token()
- && auth_id.user() == current_auth_id.user()
- {
- auth_id
- } else {
- bail!("not allowed to list permissions of {}", auth_id);
- }
+ && auth_id.user() == current_auth_id.user())
+ {
+ auth_id
+ } else {
+ bail!("not allowed to list permissions of {}", auth_id);
}
- None => current_auth_id,
- }
- } else {
- match auth_id {
- Some(auth_id) => auth_id,
- None => current_auth_id,
- }
+ },
+ None => current_auth_id,
};
fn populate_acl_paths(
diff --git a/src/api2/node/tasks.rs b/src/api2/node/tasks.rs
index 8de35ca9..99470531 100644
--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
} else {
let user_info = CachedUserInfo::new()?;
- let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
- if task_privs & PRIV_SYS_AUDIT != 0 {
- // allowed to read all tasks in general
- Ok(())
- } else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
- // job which the user/token could have configured/manually executed
- Ok(())
- } else {
- bail!("task access not allowed");
- }
+ // access to all tasks
+ // or task == job which the user/token could have configured/manually executed
+
+ user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
+ .or_else(|_| check_job_privs(&auth_id, &user_info, upid))
+ .or_else(|_| bail!("task access not allowed"))
}
}
--
2.20.1
next prev parent reply other threads:[~2021-01-20 16:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 16:23 [pbs-devel] [PATCH proxmox-backup 0/8] clippy fixes Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 1/8] clippy: add is_empty() when len() is implemented Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 2/8] clippy: fix Mutex with unused value Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 3/8] clippy: rewrite comparison chains Fabian Grünbichler
2021-01-20 16:23 ` Fabian Grünbichler [this message]
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 5/8] apt: let api handle optional bool with default Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 6/8] rework GC traversal error handling Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 7/8] http-client: fix typoed ticket cache condition Fabian Grünbichler
2021-01-20 16:23 ` [pbs-devel] [PATCH proxmox-backup 8/8] http-client: further clippy cleanups Fabian Grünbichler
2021-01-25 10:52 ` [pbs-devel] applied series: [PATCH proxmox-backup 0/8] clippy fixes Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210120162355.2750802-5-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox