From 49bea6b5d9d2b284f1c3ba34f3ffe197eeabf35f Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 19 May 2022 12:26:48 +0200
Subject: [PATCH] accessible group iter: allow NS descending with
 DATASTORE_READ

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/backup/hierarchy.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/backup/hierarchy.rs b/src/backup/hierarchy.rs
index c17bdf5a..9d6580f1 100644
--- a/src/backup/hierarchy.rs
+++ b/src/backup/hierarchy.rs
@@ -4,6 +4,7 @@ use anyhow::Error;
 
 use pbs_api_types::{
     Authid, BackupNamespace, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_MODIFY,
+    PRIV_DATASTORE_READ,
 };
 use pbs_config::CachedUserInfo;
 use pbs_datastore::{backup_info::BackupGroup, DataStore, ListGroups, ListNamespacesRecursive};
@@ -41,11 +42,13 @@ impl<'a> ListAccessibleBackupGroups<'a> {
     }
 }
 
+static NS_PRIVS_OK: u64 =
+    PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_READ | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_AUDIT;
+
 impl<'a> Iterator for ListAccessibleBackupGroups<'a> {
     type Item = Result<BackupGroup, Error>;
 
     fn next(&mut self) -> Option<Self::Item> {
-        const PRIVS_OK: u64 = PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_BACKUP | PRIV_DATASTORE_AUDIT;
         loop {
             if let Some(ref mut state) = self.state {
                 match state.next() {