From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <t.lamprecht@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 344BA674F7
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 19:56:55 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 25A751993B
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 19:56:55 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 0012C1992F
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 19:56:53 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B9D0545CA8
 for <pbs-devel@lists.proxmox.com>; Mon,  9 Nov 2020 19:56:53 +0100 (CET)
To: Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com>,
 =?UTF-8?Q?Fabian_Gr=c3=bcnbichler?= <f.gruenbichler@proxmox.com>
References: <20201109134738.3054902-1-f.gruenbichler@proxmox.com>
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Message-ID: <eec4fdaf-b00c-5466-cffc-1b49a56d3c08@proxmox.com>
Date: Mon, 9 Nov 2020 19:56:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101
 Thunderbird/83.0
MIME-Version: 1.0
In-Reply-To: <20201109134738.3054902-1-f.gruenbichler@proxmox.com>
Content-Type: text/plain; charset=UTF-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.105 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [v2 proxmox-backup] www: show more ACLs in
 datastore panel
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 18:56:55 -0000

On 09.11.20 14:47, Fabian Gr=C3=BCnbichler wrote:
> since just the ACLs defined on the exact datastore path don't give
> anywhere near a complete picture of who has access to it.
>=20
> Signed-off-by: Fabian Gr=C3=BCnbichler <f.gruenbichler@proxmox.com>
> ---
>=20
> Notes:
>     v2: handle neighbouring ACL paths properly
>=20
>  www/config/ACLView.js  | 20 +++++++++++++++++++-
>  www/datastore/Panel.js |  1 -
>  2 files changed, 19 insertions(+), 2 deletions(-)
>=20
> diff --git a/www/config/ACLView.js b/www/config/ACLView.js
> index bf1ea6a9..20caf284 100644
> --- a/www/config/ACLView.js
> +++ b/www/config/ACLView.js
> @@ -84,11 +84,29 @@ Ext.define('PBS.config.ACLView', {
> =20
>  	    let params =3D {};
>  	    if (view.aclPath !=3D=3D undefined) {
> -		params.path =3D view.aclPath;
> +
> +		let pathFilter =3D Ext.create('Ext.util.Filter', {
> +		    filterPath: view.aclPath,
> +		    filterFn: function(item) {
> +			let me =3D this;
> +			let curr =3D item.data.path;
> +
> +			if (curr.lastIndexOf("/") < me.filterPath.lastIndexOf("/")) {
> +			    return me.filterPath.startsWith(curr);
> +			} else {
> +			    return me.filterPath =3D=3D=3D curr;
> +			}


argh, this gets it wrong too, e.g. if one passes /datastore as filter get=

only the /datastore ACLs, but not / or /datastore/test ones.

We probably need to split both filter and current path into components
=2Esplit('/') and go through them, return false if filter components are
not yet exhausted and the current level does not match, else return true.=



> +		    },
> +		});
> +		view.getStore().addFilter(pathFilter);
>  	    }
>  	    if (view.aclExact !=3D=3D undefined) {
> +		if (view.aclPath !=3D=3D undefined) {
> +		    params.path =3D view.aclPath;
> +		}
>  		params.exact =3D view.aclExact;
>  	    }
> +
>  	    proxy.setExtraParams(params);
>  	    Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
>  	},
> diff --git a/www/datastore/Panel.js b/www/datastore/Panel.js
> index 473aa50c..bca663e8 100644
> --- a/www/datastore/Panel.js
> +++ b/www/datastore/Panel.js
> @@ -90,7 +90,6 @@ Ext.define('PBS.DataStorePanel', {
>  	    itemId: 'acl',
>  	    xtype: 'pbsACLView',
>  	    iconCls: 'fa fa-unlock',
> -	    aclExact: true,
>  	    cbind: {
>  		aclPath: '{aclPath}',
>  	    },
>=20