fix #5233: don't require root for some tape operations

instead, require 'Tape.Write' or 'Tape.Modify' on '/tape' path. This makes it possible for a TapeOperator to destroy tapes and for a TapeAdmin to update the tape status, instead of just root@pam. I opted for the path '/tape' since we don't have a dedicated acl structure for single tapes, just '/tape/pool' (which does not apply since not all tapes have to have a pool), '/tape/device' (which is intended for drives/changers) and '/tape/jobs' (which is for jobs only). Also we use that path for e.g. move_tape already. Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2025-10-04 09:34:02 +00:00 · 2024-11-13 12:37:42 +01:00 · 2024-11-13 12:37:42 +01:00 · 2febc83cc0
commit 2febc83cc0
parent b3675d867f
1 changed files with 7 additions and 1 deletions
--- a/src/api2/tape/media.rs
+++ b/src/api2/tape/media.rs
@ -9,7 +9,7 @@ use proxmox_uuid::Uuid;
 use pbs_api_types::{
    Authid, MediaContentEntry, MediaContentListFilter, MediaListEntry, MediaPoolConfig,
    MediaSetListEntry, MediaStatus, CHANGER_NAME_SCHEMA, MEDIA_LABEL_SCHEMA,
-    MEDIA_POOL_NAME_SCHEMA, MEDIA_UUID_SCHEMA, PRIV_TAPE_AUDIT, PRIV_TAPE_MODIFY,
+    MEDIA_POOL_NAME_SCHEMA, MEDIA_UUID_SCHEMA, PRIV_TAPE_AUDIT, PRIV_TAPE_MODIFY, PRIV_TAPE_WRITE,
    VAULT_NAME_SCHEMA,
 };
 use pbs_config::CachedUserInfo;
@ -366,6 +366,9 @@ pub fn move_tape(
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&["tape"], PRIV_TAPE_WRITE, false),
+    },
 )]
 /// Destroy media (completely remove from database)
 pub fn destroy_media(
@ -557,6 +560,9 @@ pub fn get_media_status(uuid: Uuid) -> Result<MediaStatus, Error> {
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&["tape"], PRIV_TAPE_MODIFY, false),
+    },
 )]
 /// Update media status (None, 'full', 'damaged' or 'retired')
 ///