[pdm-devel] [PATCH datacenter-manager v2] fix #6794: api: allow non-root users to view stats on dashboard

[pdm-devel] [PATCH datacenter-manager v2] fix #6794: api: allow non-root users to view stats on dashboard

[Shan Shaji]

When a non-root user logged into PDM, the Top Entities section was
not visible, even though the required privileges had been assigned.

To fix it allow all authenticated users to access the `/top-entities`
endpoint. The returned top entities will be filtered by the user's
permission on what resources they have access to.

Signed-off-by: Shan Shaji <s.shaji@proxmox.com>
---
 changes since v1: Thanks @Shannon Sterz
 - Updated commit message. 
 - Added access description. 
 - Replaced `UNAUTHORIZED` with `FORBIDDEN`. 
 - Removed "FIXME" comment.

 server/src/api/resources.rs                  | 27 +++++++++++++++++---
 server/src/metric_collection/top_entities.rs |  5 ++++
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/server/src/api/resources.rs b/server/src/api/resources.rs
index a7c3881..1e82c48 100644
--- a/server/src/api/resources.rs
+++ b/server/src/api/resources.rs
@@ -480,7 +480,6 @@ pub async fn get_subscription_status(
 }
 
 // FIXME: make timeframe and count parameters?
-// FIXME: permissions?
 #[api(
     input: {
         properties: {
@@ -490,13 +489,35 @@ pub async fn get_subscription_status(
             }
         }
     },
+    access: {
+        permission: &Permission::Anybody,
+        description: "The user needs to have at least `PRIV_RESOURCE_AUDIT` on one resources under `/resource`.
+        Only resources for which the user has `PRIV_RESOURCE_AUDIT` on `/resource/{remote_name}` will be
+        considered when calculating the top entities."
+    },
 )]
 /// Returns the top X entities regarding the chosen type
-async fn get_top_entities(timeframe: Option<RrdTimeframe>) -> Result<TopEntities, Error> {
+async fn get_top_entities(
+    timeframe: Option<RrdTimeframe>,
+    rpcenv: &mut dyn RpcEnvironment,
+) -> Result<TopEntities, Error> {
+    let user_info = CachedUserInfo::new()?;
+    let auth_id: Authid = rpcenv
+        .get_auth_id()
+        .ok_or_else(|| format_err!("no authid available"))?
+        .parse()?;
+
+    if !user_info.any_privs_below(&auth_id, &["resource"], PRIV_RESOURCE_AUDIT)? {
+        http_bail!(FORBIDDEN, "user has no access to resources");
+    }
+
     let (remotes_config, _) = pdm_config::remotes::config()?;
+    let check_remote_privs = |remote_name: &str| {
+        user_info.lookup_privs(&auth_id, &["resource", remote_name]) & PRIV_RESOURCE_AUDIT != 0
+    };
 
     let timeframe = timeframe.unwrap_or(RrdTimeframe::Day);
-    let res = top_entities::calculate_top(&remotes_config, timeframe, 10);
+    let res = top_entities::calculate_top(&remotes_config, timeframe, 10, check_remote_privs);
     Ok(res)
 }
 
diff --git a/server/src/metric_collection/top_entities.rs b/server/src/metric_collection/top_entities.rs
index 47fda24..990189a 100644
--- a/server/src/metric_collection/top_entities.rs
+++ b/server/src/metric_collection/top_entities.rs
@@ -36,12 +36,17 @@ pub fn calculate_top(
     remotes: &HashMap<String, pdm_api_types::remotes::Remote>,
     timeframe: proxmox_rrd_api_types::RrdTimeframe,
     num: usize,
+    check_remote_privs: impl Fn(&str) -> bool
 ) -> TopEntities {
     let mut guest_cpu = Vec::new();
     let mut node_cpu = Vec::new();
     let mut node_memory = Vec::new();
 
     for remote_name in remotes.keys() {
+        if !check_remote_privs(remote_name) {
+            continue;
+        }
+
         if let Some(data) =
             crate::api::resources::get_cached_resources(remote_name, i64::MAX as u64)
         {
-- 
2.47.3



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel