pub max_depth: Option<usize>,
}
+impl VerificationJobConfig {
+ pub fn store_with_ns(&self) -> DatastoreWithNamespace {
+ DatastoreWithNamespace {
+ store: self.store.clone(),
+ ns: self.ns.clone().unwrap_or_default(),
+ }
+ }
+}
+
#[api(
properties: {
config: {
.convert_to_typed_array("verification")?
.into_iter()
.filter(|job: &VerificationJobConfig| {
- let privs = user_info.lookup_privs(&auth_id, &["datastore", &job.store]);
+ let privs = user_info.lookup_privs(&auth_id, &job.store_with_ns().acl_path());
if privs & required_privs == 0 {
return false;
}
let (config, _digest) = verify::config()?;
let verification_job: VerificationJobConfig = config.lookup("verification", &id)?;
+ let store_with_ns = verification_job.store_with_ns();
+
user_info.check_privs(
&auth_id,
- &["datastore", &verification_job.store],
+ &store_with_ns.acl_path(),
PRIV_DATASTORE_VERIFY,
true,
)?;
let list = list
.into_iter()
.filter(|job: &VerificationJobConfig| {
- let privs = user_info.lookup_privs(&auth_id, &["datastore", &job.store]);
+ let privs = user_info.lookup_privs(&auth_id, &job.store_with_ns().acl_path());
privs & required_privs != 00
})
user_info.check_privs(
&auth_id,
- &["datastore", &config.store],
+ &config.store_with_ns().acl_path(),
PRIV_DATASTORE_VERIFY,
false,
)?;
let required_privs = PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_VERIFY;
user_info.check_privs(
&auth_id,
- &["datastore", &verification_job.store],
+ &verification_job.store_with_ns().acl_path(),
required_privs,
true,
)?;
let mut data: VerificationJobConfig = config.lookup("verification", &id)?;
- // check existing store
+ // check existing store and NS
user_info.check_privs(
&auth_id,
- &["datastore", &data.store],
+ &data.store_with_ns().acl_path(),
PRIV_DATASTORE_VERIFY,
true,
)?;
}
if let Some(store) = update.store {
- // check new store
- user_info.check_privs(
- &auth_id,
- &["datastore", &store],
- PRIV_DATASTORE_VERIFY,
- true,
- )?;
data.store = store;
}
}
}
+ // check new store and NS
+ user_info.check_privs(
+ &auth_id,
+ &data.store_with_ns().acl_path(),
+ PRIV_DATASTORE_VERIFY,
+ true,
+ )?;
+
config.set_data(&id, "verification", &data)?;
verify::save_config(&config)?;
let job: VerificationJobConfig = config.lookup("verification", &id)?;
user_info.check_privs(
&auth_id,
- &["datastore", &job.store],
+ &job.store_with_ns().acl_path(),
PRIV_DATASTORE_VERIFY,
true,
)?;
projects / proxmox-backup.git / commitdiff