From f12f408e91e4911bd1dc20654c4ba82bfa5e1f51 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 19 May 2022 12:32:27 +0200
Subject: [PATCH] api: datastore status: adhere to NS privs for non-owner

Not only check all owned backup groups, but also all that an auth_id
has DATASTORE_AUDIT or DATASTORE_READ on the whole namespace.

best viewed with whitespace change ignore (-w)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/api2/admin/datastore.rs | 47 ++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index b99984e6..3ffca754 100644
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -615,30 +615,35 @@ pub fn list_snapshots(
 
 fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result<Counts, Error> {
     let root_ns = Default::default();
-    ListAccessibleBackupGroups::new(store, root_ns, MAX_NAMESPACE_DEPTH, owner)?.try_fold(
-        Counts::default(),
-        |mut counts, group| {
-            let group = match group {
-                Ok(group) => group,
-                Err(_) => return Ok(counts), // TODO: add this as error counts?
+    ListAccessibleBackupGroups::new_with_privs(
+        store,
+        root_ns,
+        MAX_NAMESPACE_DEPTH,
+        Some(PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ),
+        None,
+        owner,
+    )?
+    .try_fold(Counts::default(), |mut counts, group| {
+        let group = match group {
+            Ok(group) => group,
+            Err(_) => return Ok(counts), // TODO: add this as error counts?
+        };
+        let snapshot_count = group.list_backups()?.len() as u64;
+
+        // only include groups with snapshots, counting/displaying emtpy groups can confuse
+        if snapshot_count > 0 {
+            let type_count = match group.backup_type() {
+                BackupType::Ct => counts.ct.get_or_insert(Default::default()),
+                BackupType::Vm => counts.vm.get_or_insert(Default::default()),
+                BackupType::Host => counts.host.get_or_insert(Default::default()),
             };
-            let snapshot_count = group.list_backups()?.len() as u64;
 
-            // only include groups with snapshots, counting/displaying emtpy groups can confuse
-            if snapshot_count > 0 {
-                let type_count = match group.backup_type() {
-                    BackupType::Ct => counts.ct.get_or_insert(Default::default()),
-                    BackupType::Vm => counts.vm.get_or_insert(Default::default()),
-                    BackupType::Host => counts.host.get_or_insert(Default::default()),
-                };
+            type_count.groups += 1;
+            type_count.snapshots += snapshot_count;
+        }
 
-                type_count.groups += 1;
-                type_count.snapshots += snapshot_count;
-            }
-
-            Ok(counts)
-        },
-    )
+        Ok(counts)
+    })
 }
 
 #[api(