]> git.proxmox.com Git - proxmox-backup.git/blobdiff - src/api2/admin/datastore.rs
projects / proxmox-backup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
src/config/acl.rs: introduce more/better datastore privileges
[proxmox-backup.git] / src / api2 / admin / datastore.rs
diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs
index 1109521a942819cba8d0d91d21d179a85597cdcf..ddf3556419ec1ecc5e2fc40595ef5a386c6eb0a8 100644 (file)
--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@@ -22,7 +22,12 @@ use crate::backup::*;
 use crate::config::datastore;
 use crate::server::WorkerTask;
 use crate::tools;
-use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_ALLOCATE_SPACE};
+use crate::config::acl::{
+    PRIV_DATASTORE_AUDIT,
+    PRIV_DATASTORE_READ,
+    PRIV_DATASTORE_PRUNE,
+    PRIV_DATASTORE_CREATE_BACKUP,
+};
 
 fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<BackupContent>, Error> {
 
@@ -193,7 +198,7 @@ pub fn list_snapshot_files(
         },
     },
     access: {
-        permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
+        permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
     },
 )]
 /// Delete backup snapshot.
@@ -406,7 +411,7 @@ const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
             ("store", false, &DATASTORE_SCHEMA),
         ])
     )
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false));
 
 fn prune(
     param: Value,
@@ -530,7 +535,7 @@ fn prune(
         schema: UPID_SCHEMA,
     },
     access: {
-        permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
+        permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
     },
 )]
 /// Start garbage collection.
@@ -615,7 +620,7 @@ pub const API_METHOD_DOWNLOAD_FILE: ApiMethod = ApiMethod::new(
             ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
         ]),
     )
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ, false));
 
 fn download_file(
     _parts: Parts,
@@ -674,7 +679,7 @@ pub const API_METHOD_UPLOAD_BACKUP_LOG: ApiMethod = ApiMethod::new(
             ("backup-time", false, &BACKUP_TIME_SCHEMA),
         ]),
     )
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_CREATE_BACKUP, false));
 
 fn upload_backup_log(
     _parts: Parts,
Proxmox Backup Server and Client