fix #3164: api: quarantine: allow to return spam from all users

The pmail was only checked for the spam quarantine call, and there
mainly to ensure that the quarantine user only can check their own
mails. Make the pmail parameter also optional for this quarantine
related endpoint as long as one has a role other than quser.
This allows to query all spam quarantine entries from all pmails at
once, providing the backend side to address #3164.

The main argument against this was performance, but postgres can
handle even hundreds of thousands of rows rather fine, it's a high
performant database after all and this is quite the simple query
(single join, but no functions on columns, nested queries or other
performance hogs).

Some data, 45k records on a read limited disk, gathered with EXPLAIN
ANALYZE commands:

All caches dropped and fresh start: 440ms
Running for a bit with caches warm:  55ms

A simple extrapolation would mean that for half a million rows we
would spent about 5s in the DB, which is not too bad considering our
hard limit of 30s per requests, and the overhead of perl/https seems
to put the limit on my not so beefy VM at at least ~1.5 million rows
from a *cold* cache, which seems plenty (default 7 days keep window
and an avg. of 10 spam mails per day means >21k qusers). And with
warm caches and a beefier machine one can probably gain one or even
two order of magnitudes here.

And at the end, no mail admin is forced to use this and if they run a
setup with tens of millions of spam in their spam-keep time window,
well, they really should not be surprised that querying all has a
certain cost.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/API2/Quarantine.pm b/src/PMG/API2/Quarantine.pm
index 56f248d9095a477d6291fdc997053275760f3ef6..666dffa1be73a29e3dd27e27ab86cb578bf3db97 100644 (file)
--- a/src/PMG/API2/Quarantine.pm
+++ b/src/PMG/API2/Quarantine.pm
@@ -597,14 +597,14 @@ my $quarantine_api = sub {
 
     my $rpcenv = PMG::RESTEnvironment->get();
     my $authuser = $rpcenv->get_user();
+    my $role = $rpcenv->get_role();
 
     my $start = $param->{starttime} // (time - 86400);
     my $end = $param->{endtime} // ($start + 86400);
 
     my $select;
     my $pmail;
-    if ($check_pmail) {
-       my $role = $rpcenv->get_role();
+    if ($check_pmail || $role eq 'quser') {
        $pmail = $verify_optional_pmail->($authuser, $role, $param->{pmail});
        $select = "SELECT * " .
                  "FROM CMailStore, CMSReceivers WHERE " .
@@ -700,7 +700,7 @@ __PACKAGE__->register_method ({
     },
     code => sub {
        my ($param) = @_;
-       return $quarantine_api->($param, 'S', 1);
+       return $quarantine_api->($param, 'S', defined($param->{pmail}));
     }});
 
 __PACKAGE__->register_method ({