From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <l.wagner@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id E61E061889
 for <pve-devel@lists.proxmox.com>; Wed, 26 Jul 2023 11:51:09 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 0F25B3572
 for <pve-devel@lists.proxmox.com>; Wed, 26 Jul 2023 11:50:16 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed, 26 Jul 2023 11:50:14 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9CC1245874
 for <pve-devel@lists.proxmox.com>; Wed, 26 Jul 2023 11:50:13 +0200 (CEST)
From: Lukas Wagner <l.wagner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 26 Jul 2023 11:49:56 +0200
Message-Id: <20230726095002.325276-25-l.wagner@proxmox.com>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <20230726095002.325276-1-l.wagner@proxmox.com>
References: <20230726095002.325276-1-l.wagner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.061 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: [pve-devel] [PATCH v5 pve-manager 24/30] api: notification: make
 the 'mail-to-root' target visible to any user
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 09:51:10 -0000

Since the target does not require Mapping.Use, it should also be visible
and testable by all users.

Short explanation why the 'mail-to-root' is exempt from priv checks:

To ensure backwards compatibility, the 'mail-to-root' target does not
require the `Mapping.Use` privs. This is needed due to the fact that
this target is used as a fallback in case no other target is configured
for an event. For instance, the /node/<name>/apt/update API call only
requires Sys.Modify for the node, but it can also send a notification.
If we were to require Mapping.Use, we could break the apt/update API
compat in the case that a notification shall be sent, but without
any configured notification target (which will then default to
'mail-to-root').

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---

Notes:
    New in v5

 PVE/API2/Cluster/Notifications.pm | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/PVE/API2/Cluster/Notifications.pm b/PVE/API2/Cluster/Notifications.pm
index 9c9e8243..f4ba8b55 100644
--- a/PVE/API2/Cluster/Notifications.pm
+++ b/PVE/API2/Cluster/Notifications.pm
@@ -68,7 +68,7 @@ sub filter_entities_by_privs {
 	    "/mapping/notification/$_->{name}",
 	    $can_see_mapping_privs,
 	    1
-	)
+	) || $_->{name} eq PVE::Notify::default_target();
     } @$entities];
 
     return $filtered;
@@ -165,7 +165,8 @@ __PACKAGE__->register_method ({
 	' (endpoints and groups).',
     permissions => {
 	description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or"
-	    . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'.",
+	    . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'."
+	    . " The special 'mail-to-root' target is available to all users.",
 	user => 'all',
     },
     protected => 1,
@@ -244,11 +245,10 @@ __PACKAGE__->register_method ({
     method => 'POST',
     description => 'Send a test notification to a provided target.',
     permissions => {
-	check => ['or',
-	    ['perm', '/mapping/notification/{name}', ['Mapping.Use']],
-	    ['perm', '/mapping/notification/{name}', ['Mapping.Modify']],
-	    ['perm', '/mapping/notification/{name}', ['Mapping.Audit']],
-	],
+	description => "The user requires 'Mapping.Modify', 'Mapping.Use' or"
+	    . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'."
+	    . " The special 'mail-to-root' target can be accessed by all users.",
+	user => 'all',
     },
     parameters => {
 	additionalProperties => 0,
@@ -264,10 +264,23 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 	my $name = extract_param($param, 'name');
-
-	my $config = PVE::Notify::read_config();
+	my $rpcenv = PVE::RPCEnvironment::get();
+	my $authuser = $rpcenv->get_user();
+
+	my $privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
+
+	if ($name ne PVE::Notify::default_target()) {
+	    # Due to backwards compatibility reasons the 'mail-to-root'
+	    # target must be accessible for any user
+	    $rpcenv->check_any(
+		$authuser,
+		"/mapping/notification/$_->{name}",
+		$privs,
+	    );
+	}
 
 	eval {
+	    my $config = PVE::Notify::read_config();
 	    $config->test_target($name);
 	};
 
-- 
2.39.2