proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-08-15 04:57:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

permissions: introduce UserParam permission

Browse Source 
to safely differentiate between checking
- the current user matches some static string
- the current user matches the value in some (path) parameter.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2020-09-18 15:01:07 +02:00 committed by Thomas Lamprecht
parent f84ac35804
commit 3be70bc4a8
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
proxmox/src/api/permission.rs
View File

@ -16,6 +16,8 @@ pub enum Permission {
Anybody,
/// Allow access for the specified user
User(&'static str),
/// Allow access if specified param matches logged in user
UserParam(&'static str),
/// Allow access for the specified group of users
Group(&'static str),
/// Use a parameter value as userid to run sub-permission tests.
@ -45,6 +47,9 @@ impl fmt::Debug for Permission {
Permission::User(ref userid) => {
write!(f, "User({})", userid)
}
Permission::UserParam(param_name) => {
write!(f, "UserParam({})", param_name)
}
Permission::Group(ref group) => {
write!(f, "Group({})", group)
}
@ -123,6 +128,13 @@ fn check_api_permission_tail(
Some(ref userid) => return userid == expected_userid,
}
}
Permission::UserParam(param_name) => {
match (userid, param.get(&param_name.to_string())) {
(None, _) => return false,
(_, None) => return false,
(Some(ref userid), Some(ref expected)) => return userid == expected,
}
}
Permission::Group(expected_group) => {
match userid {
None => return false,