From d4dd7ac84203fd13e46e8c7aa54783a91476e893 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Mon, 30 May 2022 14:33:05 +0200 Subject: [PATCH] api: don't use PRUNE perms for prune jobs just stick to MODIFY so we don't need to give the prune jobs an owner for now Signed-off-by: Wolfgang Bumiller --- src/api2/admin/prune.rs | 11 +++-------- src/api2/config/prune.rs | 32 ++++++-------------------------- 2 files changed, 9 insertions(+), 34 deletions(-) diff --git a/src/api2/admin/prune.rs b/src/api2/admin/prune.rs index 2feae3ec..948e0d9d 100644 --- a/src/api2/admin/prune.rs +++ b/src/api2/admin/prune.rs @@ -11,7 +11,7 @@ use proxmox_sys::sortable; use pbs_api_types::{ Authid, PruneJobConfig, PruneJobStatus, DATASTORE_SCHEMA, JOB_ID_SCHEMA, PRIV_DATASTORE_AUDIT, - PRIV_DATASTORE_MODIFY, PRIV_DATASTORE_PRUNE, + PRIV_DATASTORE_MODIFY, }; use pbs_config::prune; use pbs_config::CachedUserInfo; @@ -49,7 +49,7 @@ pub fn list_prune_jobs( let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; let user_info = CachedUserInfo::new()?; - let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE; + let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_MODIFY; let (config, digest) = prune::config()?; @@ -117,12 +117,7 @@ pub fn run_prune_job( let (config, _digest) = prune::config()?; let prune_job: PruneJobConfig = config.lookup("prune", &id)?; - user_info.check_privs( - &auth_id, - &prune_job.acl_path(), - PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE, - true, - )?; + user_info.check_privs(&auth_id, &prune_job.acl_path(), PRIV_DATASTORE_MODIFY, true)?; let job = Job::new("prunejob", &id)?; diff --git a/src/api2/config/prune.rs b/src/api2/config/prune.rs index 7bd8ea5b..8f7166be 100644 --- a/src/api2/config/prune.rs +++ b/src/api2/config/prune.rs @@ -8,7 +8,7 @@ use proxmox_schema::{api, param_bail}; use pbs_api_types::{ Authid, PruneJobConfig, PruneJobConfigUpdater, JOB_ID_SCHEMA, PRIV_DATASTORE_AUDIT, - PRIV_DATASTORE_MODIFY, PRIV_DATASTORE_PRUNE, PROXMOX_CONFIG_DIGEST_SCHEMA, + PRIV_DATASTORE_MODIFY, PROXMOX_CONFIG_DIGEST_SCHEMA, }; use pbs_config::prune; @@ -37,7 +37,7 @@ pub fn list_prune_jobs( let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; let user_info = CachedUserInfo::new()?; - let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE; + let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_MODIFY; let (config, digest) = prune::config()?; @@ -79,12 +79,7 @@ pub fn create_prune_job( let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; let user_info = CachedUserInfo::new()?; - user_info.check_privs( - &auth_id, - &config.acl_path(), - PRIV_DATASTORE_MODIFY | PRIV_DATASTORE_PRUNE, - true, - )?; + user_info.check_privs(&auth_id, &config.acl_path(), PRIV_DATASTORE_MODIFY, true)?; let _lock = prune::lock_config()?; @@ -218,12 +213,7 @@ pub fn update_prune_job( let mut data: PruneJobConfig = config.lookup("prune", &id)?; - user_info.check_privs( - &auth_id, - &data.acl_path(), - PRIV_DATASTORE_PRUNE | PRIV_DATASTORE_MODIFY, - true, - )?; + user_info.check_privs(&auth_id, &data.acl_path(), PRIV_DATASTORE_MODIFY, true)?; if let Some(delete) = delete { for delete_prop in delete { @@ -275,12 +265,7 @@ pub fn update_prune_job( } if recheck_privs { - user_info.check_privs( - &auth_id, - &data.acl_path(), - PRIV_DATASTORE_PRUNE | PRIV_DATASTORE_MODIFY, - true, - )?; + user_info.check_privs(&auth_id, &data.acl_path(), PRIV_DATASTORE_MODIFY, true)?; } let mut schedule_changed = false; @@ -364,12 +349,7 @@ pub fn delete_prune_job( let job: PruneJobConfig = config.lookup("prune", &id)?; - user_info.check_privs( - &auth_id, - &job.acl_path(), - PRIV_DATASTORE_PRUNE | PRIV_DATASTORE_MODIFY, - true, - )?; + user_info.check_privs(&auth_id, &job.acl_path(), PRIV_DATASTORE_MODIFY, true)?; if let Some(ref digest) = digest { let digest = <[u8; 32]>::from_hex(digest)?;