From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v7 proxmox-backup 20/31] api: config: factor out sync job owner check
Date: Mon, 11 Nov 2024 16:43:42 +0100 [thread overview]
Message-ID: <20241111154353.482734-21-c.ebner@proxmox.com> (raw)
In-Reply-To: <20241111154353.482734-1-c.ebner@proxmox.com>
Move the sync job owner check to its own helper function, for it to
be reused for the owner check for sync jobs in push direction.
No functional change intended.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
changes since version 6:
- no changes
src/api2/config/sync.rs | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs
index 38325f5b2..3963049e9 100644
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@@ -14,6 +14,7 @@ use pbs_api_types::{
use pbs_config::sync;
use pbs_config::CachedUserInfo;
+use pbs_datastore::check_backup_owner;
pub fn check_sync_job_read_access(
user_info: &CachedUserInfo,
@@ -34,6 +35,14 @@ pub fn check_sync_job_read_access(
}
}
+fn is_correct_owner(auth_id: &Authid, job: &SyncJobConfig) -> bool {
+ match job.owner {
+ Some(ref owner) => check_backup_owner(owner, auth_id).is_ok(),
+ // default sync owner
+ None => auth_id == Authid::root_auth_id(),
+ }
+}
+
/// checks whether user can run the corresponding pull job
///
/// namespace creation/deletion ACL and backup group ownership checks happen in the pull code directly.
@@ -54,17 +63,8 @@ pub fn check_sync_job_modify_access(
}
}
- let correct_owner = match job.owner {
- Some(ref owner) => {
- owner == auth_id
- || (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user())
- }
- // default sync owner
- None => auth_id == Authid::root_auth_id(),
- };
-
// same permission as changing ownership after syncing
- if !correct_owner && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
+ if !is_correct_owner(auth_id, job) && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
return false;
}
--
2.39.5
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
next prev parent reply other threads:[~2024-11-11 15:44 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-11 15:43 [pbs-devel] [PATCH v7 proxmox-backup 00/31] fix #3044: push datastore to remote target Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 01/31] sync: pull: optimize backup group sorting Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 02/31] sync: extend sync source's list namespaces method by filter callback Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 03/31] client: backup writer: refactor backup and upload stats counters Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 04/31] client: backup writer: factor out merged chunk stream upload Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 05/31] client: backup writer: allow push uploading index and chunks Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 06/31] config: acl: refactor acl path component check for datastore Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 07/31] config: acl: allow namespace components for remote datastores Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 08/31] api types: add remote acl path method for `BackupNamespace` Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 09/31] api types: implement remote acl path method for sync job Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 10/31] api types: define remote permissions and roles for push sync Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 11/31] datastore: move `BackupGroupDeleteStats` to api types Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 12/31] api types: implement api type for `BackupGroupDeleteStats` Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 13/31] datastore: increment deleted group counter when removing group Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 14/31] api/api-types: refactor api endpoint version, add api types Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 15/31] fix #3044: server: implement push support for sync operations Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 16/31] api types/config: add `sync-push` config type for push sync jobs Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 17/31] api: push: implement endpoint for sync in push direction Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 18/31] api: sync: move sync job invocation to server sync module Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 19/31] api: config: Require PRIV_DATASTORE_AUDIT to modify sync job Christian Ebner
2024-11-11 15:43 ` Christian Ebner [this message]
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 21/31] api: sync jobs: expose optional `sync-direction` parameter Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 22/31] api: admin: avoid duplicate name for list sync jobs api method Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 23/31] bin: manager: add datastore push cli command Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 24/31] ui: group filter: allow to set namespace for local datastore Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 25/31] ui: sync edit: source group filters based on sync direction Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 26/31] ui: add view with separate grids for pull and push sync jobs Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 27/31] ui: sync job: adapt edit window to be used for pull and push Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 28/31] ui: sync view: set proxy on view instead of model Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 29/31] api: datastore/namespace: return backup groups delete stats on remove Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 30/31] api: version: add 'prune-delete-stats' as supported feature Christian Ebner
2024-11-11 15:43 ` [pbs-devel] [PATCH v7 proxmox-backup 31/31] docs: add section for sync jobs in push direction Christian Ebner
2024-11-21 12:08 ` [pbs-devel] applied-series: [PATCH v7 proxmox-backup 00/31] fix #3044: push datastore to remote target Fabian Grünbichler
2024-11-21 12:26 ` Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241111154353.482734-21-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox