From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 740E31FF15F for ; Mon, 16 Dec 2024 12:51:00 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 20DE3B7E0; Mon, 16 Dec 2024 12:51:10 +0100 (CET) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Mon, 16 Dec 2024 12:50:44 +0100 Message-Id: <20241216115044.208595-1-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.036 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup] api: move DataStoreConfig parsing and mount check after allowed check X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" this moves the parsing of the concrete DataStoreConfig as well as the check whether a store is mounted after the authorization checks. otherwise we always check for all datastore whether they are mounted, even if the requesting user has no privileges to list the specified datastore anyway. this may improve performance for large setups, as we won't need to stat mounted datastores regardless of the useres privileges. this was suggested on the mailing list [1]. [1]: https://lore.proxmox.com/pbs-devel/embeb48874-d400-4e69-ae0f-2cc56a39d592@93f95f61.com/ Signed-off-by: Shannon Sterz --- src/api2/admin/datastore.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index 11d2641b..c611f593 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -1336,15 +1336,15 @@ pub fn get_datastore_list( } } - let store_config: DataStoreConfig = serde_json::from_value(data)?; + if allowed || allow_id { + let store_config: DataStoreConfig = serde_json::from_value(data)?; - let mount_status = match pbs_datastore::get_datastore_mount_status(&store_config) { - Some(true) => DataStoreMountStatus::Mounted, - Some(false) => DataStoreMountStatus::NotMounted, - None => DataStoreMountStatus::NonRemovable, - }; + let mount_status = match pbs_datastore::get_datastore_mount_status(&store_config) { + Some(true) => DataStoreMountStatus::Mounted, + Some(false) => DataStoreMountStatus::NotMounted, + None => DataStoreMountStatus::NonRemovable, + }; - if allowed || allow_id { list.push(DataStoreListItem { store: store.clone(), comment: store_config.comment.filter(|_| allowed), -- 2.39.5 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel