replace 'disk_usage' with 'fs_info' from proxmox-sys

[proxmox-backup.git] / src / api2 / admin / datastore.rs

diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 44208a4c8c02ee6d527d7c9e1cbd649aefc07796..ad2744b718263c7cc08f3173f65dfe9fcb85e2e6 100644 (file)
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -63,8 +63,8 @@ use proxmox_rest_server::{formatter, WorkerTask};
 use crate::api2::backup::optional_ns_param;
 use crate::api2::node::rrd::create_value_from_rrd;
 use crate::backup::{
-    can_access_any_namespace, check_ns_privs_full, verify_all_backups, verify_backup_dir,
-    verify_backup_group, verify_filter, ListAccessibleBackupGroups,
+    check_ns_privs_full, verify_all_backups, verify_backup_dir, verify_backup_group, verify_filter,
+    ListAccessibleBackupGroups, NS_PRIVS_OK,
 };
 
 use crate::server::jobstate::Job;
@@ -588,7 +588,7 @@ fn get_snapshots_count(store: &Arc<DataStore>, owner: Option<&Authid>) -> Result
         };
         let snapshot_count = group.list_backups()?.len() as u64;
 
-        // only include groups with snapshots, counting/displaying emtpy groups can confuse
+        // only include groups with snapshots, counting/displaying empty groups can confuse
         if snapshot_count > 0 {
             let type_count = match group.backup_type() {
                 BackupType::Ct => counts.ct.get_or_insert(Default::default()),
@@ -645,15 +645,14 @@ pub fn status(
         true
     } else if store_privs & PRIV_DATASTORE_READ != 0 {
         false // allow at least counts, user can read groups anyway..
-    } else if let Ok(ref datastore) = datastore {
-        if !can_access_any_namespace(Arc::clone(datastore), &auth_id, &user_info) {
-            return Err(http_err!(FORBIDDEN, "permission check failed"));
-        }
-        false
     } else {
-        return Err(http_err!(FORBIDDEN, "permission check failed")); // avoid leaking existance info
+        match user_info.any_privs_below(&auth_id, &["datastore", &store], NS_PRIVS_OK) {
+            // avoid leaking existence info if users hasn't at least any priv. below
+            Ok(false) | Err(_) => return Err(http_err!(FORBIDDEN, "permission check failed")),
+            _ => false,
+        }
     };
-    let datastore = datastore?; // only unwrap no to avoid leaking existance info
+    let datastore = datastore?; // only unwrap no to avoid leaking existence info
 
     let (counts, gc_status) = if verbose {
         let filter_owner = if store_privs & PRIV_DATASTORE_AUDIT != 0 {
@@ -675,11 +674,11 @@ pub fn status(
     };
 
     Ok(if store_stats {
-        let storage = crate::tools::disks::disk_usage(&datastore.base_path())?;
+        let storage = proxmox_sys::fs::fs_info(&datastore.base_path())?;
         DataStoreStatus {
             total: storage.total,
             used: storage.used,
-            avail: storage.avail,
+            avail: storage.available,
             gc_status,
             counts,
         }
@@ -1188,15 +1187,14 @@ pub fn get_datastore_list(
     let mut list = Vec::new();
 
     for (store, (_, data)) in &config.sections {
-        let user_privs = user_info.lookup_privs(&auth_id, &["datastore", store]);
+        let acl_path = &["datastore", store];
+        let user_privs = user_info.lookup_privs(&auth_id, acl_path);
         let allowed = (user_privs & (PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_BACKUP)) != 0;
 
         let mut allow_id = false;
         if !allowed {
-            let scfg: pbs_api_types::DataStoreConfig = serde_json::from_value(data.to_owned())?;
-            // safety: we just cannot go through lookup as we must avoid an operation check
-            if let Ok(datastore) = unsafe { DataStore::open_from_config(scfg, None) } {
-                allow_id = can_access_any_namespace(datastore, &auth_id, &user_info);
+            if let Ok(any_privs) = user_info.any_privs_below(&auth_id, acl_path, NS_PRIVS_OK) {
+                allow_id = any_privs;
             }
         }