From 3be70bc4a87d7c40bd8e090e0be3e191400a1541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Fri, 18 Sep 2020 15:01:07 +0200 Subject: [PATCH] permissions: introduce UserParam permission MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit to safely differentiate between checking - the current user matches some static string - the current user matches the value in some (path) parameter. Signed-off-by: Fabian Grünbichler --- proxmox/src/api/permission.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/proxmox/src/api/permission.rs b/proxmox/src/api/permission.rs index bbaf52f1..ceeb4cef 100644 --- a/proxmox/src/api/permission.rs +++ b/proxmox/src/api/permission.rs @@ -16,6 +16,8 @@ pub enum Permission { Anybody, /// Allow access for the specified user User(&'static str), + /// Allow access if specified param matches logged in user + UserParam(&'static str), /// Allow access for the specified group of users Group(&'static str), /// Use a parameter value as userid to run sub-permission tests. @@ -45,6 +47,9 @@ impl fmt::Debug for Permission { Permission::User(ref userid) => { write!(f, "User({})", userid) } + Permission::UserParam(param_name) => { + write!(f, "UserParam({})", param_name) + } Permission::Group(ref group) => { write!(f, "Group({})", group) } @@ -123,6 +128,13 @@ fn check_api_permission_tail( Some(ref userid) => return userid == expected_userid, } } + Permission::UserParam(param_name) => { + match (userid, param.get(¶m_name.to_string())) { + (None, _) => return false, + (_, None) => return false, + (Some(ref userid), Some(ref expected)) => return userid == expected, + } + } Permission::Group(expected_group) => { match userid { None => return false,