proxmox-mirrors/proxmox-backup
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox-backup synced 2025-08-14 02:56:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api: config: factor out sync job owner check

Browse Source 
Move the sync job owner check to its own helper function, for it to
be reused for the owner check for sync jobs in push direction.

No functional change intended.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
This commit is contained in:
Christian Ebner 2024-11-11 16:43:42 +01:00 committed by Fabian Grünbichler
parent 5876a963b8
commit c9078b189c
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/api2/config/sync.rs
View File

@ -14,6 +14,7 @@ use pbs_api_types::{
use pbs_config::sync;
use pbs_config::CachedUserInfo;
use pbs_datastore::check_backup_owner;
pub fn check_sync_job_read_access(
user_info: &CachedUserInfo,
@ -34,6 +35,14 @@ pub fn check_sync_job_read_access(
}
}
fn is_correct_owner(auth_id: &Authid, job: &SyncJobConfig) -> bool {
match job.owner {
Some(ref owner) => check_backup_owner(owner, auth_id).is_ok(),
// default sync owner
None => auth_id == Authid::root_auth_id(),
}
}
/// checks whether user can run the corresponding pull job
///
/// namespace creation/deletion ACL and backup group ownership checks happen in the pull code directly.
@ -54,17 +63,8 @@ pub fn check_sync_job_modify_access(
}
}
let correct_owner = match job.owner {
Some(ref owner) => {
owner == auth_id
|| (owner.is_token() && !auth_id.is_token() && owner.user() == auth_id.user())
}
// default sync owner
None => auth_id == Authid::root_auth_id(),
};
// same permission as changing ownership after syncing
if !correct_owner && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
if !is_correct_owner(auth_id, job) && ns_anchor_privs & PRIV_DATASTORE_MODIFY == 0 {
return false;
}