use crate::config::datastore;
use crate::server::WorkerTask;
use crate::tools;
-use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_ALLOCATE_SPACE};
+use crate::config::acl::{
+ PRIV_DATASTORE_AUDIT,
+ PRIV_DATASTORE_READ,
+ PRIV_DATASTORE_PRUNE,
+ PRIV_DATASTORE_CREATE_BACKUP,
+};
fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<Vec<BackupContent>, Error> {
},
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
+ permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
},
)]
/// Delete backup snapshot.
("store", false, &DATASTORE_SCHEMA),
])
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false));
fn prune(
param: Value,
schema: UPID_SCHEMA,
},
access: {
- permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false),
+ permission: &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_PRUNE, false),
},
)]
/// Start garbage collection.
("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA),
]),
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ, false));
fn download_file(
_parts: Parts,
("backup-time", false, &BACKUP_TIME_SCHEMA),
]),
)
-).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_ALLOCATE_SPACE, false));
+).access(None, &Permission::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_CREATE_BACKUP, false));
fn upload_backup_log(
_parts: Parts,
use crate::server::{WorkerTask, H2Service};
use crate::backup::*;
use crate::api2::types::*;
-use crate::config::acl::PRIV_DATASTORE_ALLOCATE_SPACE;
+use crate::config::acl::PRIV_DATASTORE_CREATE_BACKUP;
use crate::config::cached_user_info::CachedUserInfo;
mod environment;
)
).access(
// Note: parameter 'store' is no uri parameter, so we need to test inside function body
- Some("The user needs Datastore.AllocateSpace privilege on /datastore/{store}."),
+ Some("The user needs Datastore.CreateBackup privilege on /datastore/{store}."),
&Permission::Anybody
);
let store = tools::required_string_param(¶m, "store")?.to_owned();
let user_info = CachedUserInfo::new()?;
- user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
+ user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_CREATE_BACKUP, false)?;
let datastore = DataStore::lookup_datastore(&store)?;
use crate::client::*;
use crate::config::remote;
use crate::api2::types::*;
-use crate::config::acl::PRIV_DATASTORE_ALLOCATE_SPACE;
+use crate::config::acl::{PRIV_DATASTORE_CREATE_BACKUP, PRIV_DATASTORE_READ};
use crate::config::cached_user_info::CachedUserInfo;
// fixme: implement filters
},
access: {
// Note: used parameters are no uri parameters, so we need to test inside function body
- description: "The user needs Datastore.AllocateSpace privilege on '/datastore/{store}' and '/remote/{remote}/{remote-store}'.",
+ description: "The user needs Datastore.CreateBackup privilege on '/datastore/{store}' and Datastore.Read on '/remote/{remote}/{remote-store}'.",
permission: &Permission::Anybody,
},
)]
let user_info = CachedUserInfo::new()?;
let username = rpcenv.get_user().unwrap();
- user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
- user_info.check_privs(&username, &["remote", &remote, &remote_store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
+ user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_CREATE_BACKUP, false)?;
+ user_info.check_privs(&username, &["remote", &remote, &remote_store], PRIV_DATASTORE_READ, false)?;
let delete = delete.unwrap_or(true);
use crate::backup::*;
use crate::server::{WorkerTask, H2Service};
use crate::tools;
-use crate::config::acl::PRIV_DATASTORE_ALLOCATE_SPACE;
+use crate::config::acl::PRIV_DATASTORE_READ;
use crate::config::cached_user_info::CachedUserInfo;
mod environment;
)
).access(
// Note: parameter 'store' is no uri parameter, so we need to test inside function body
- Some("The user needs Datastore.AllocateSpace privilege on /datastore/{store}."),
+ Some("The user needs Datastore.Read privilege on /datastore/{store}."),
&Permission::Anybody
);
let store = tools::required_string_param(¶m, "store")?.to_owned();
let user_info = CachedUserInfo::new()?;
- user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_ALLOCATE_SPACE, false)?;
+ user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_READ, false)?;
let datastore = DataStore::lookup_datastore(&store)?;
pub const PRIV_SYS_POWER_MANAGEMENT: u64 = 1 << 2;
pub const PRIV_DATASTORE_AUDIT: u64 = 1 << 3;
-pub const PRIV_DATASTORE_MODIFY: u64 = 1 << 4;
-pub const PRIV_DATASTORE_ALLOCATE_SPACE: u64 = 1 << 5;
+pub const PRIV_DATASTORE_MODIFY: u64 = 1 << 4;
+pub const PRIV_DATASTORE_CREATE_BACKUP: u64 = 1 << 5;
+pub const PRIV_DATASTORE_READ: u64 = 1 << 6;
+pub const PRIV_DATASTORE_PRUNE: u64 = 1 << 7;
-pub const PRIV_PERMISSIONS_MODIFY: u64 = 1 << 6;
+pub const PRIV_PERMISSIONS_MODIFY: u64 = 1 << 8;
pub const ROLE_ADMIN: u64 = std::u64::MAX;
pub const ROLE_NO_ACCESS: u64 = 0;
pub const ROLE_DATASTORE_ADMIN: u64 =
PRIV_DATASTORE_AUDIT |
PRIV_DATASTORE_MODIFY |
-PRIV_DATASTORE_ALLOCATE_SPACE;
+PRIV_DATASTORE_CREATE_BACKUP |
+PRIV_DATASTORE_READ |
+PRIV_DATASTORE_PRUNE;
pub const ROLE_DATASTORE_USER: u64 =
-PRIV_DATASTORE_AUDIT |
-PRIV_DATASTORE_ALLOCATE_SPACE;
+PRIV_DATASTORE_CREATE_BACKUP;
+
+pub const ROLE_DATASTORE_AUDIT: u64 =
+PRIV_DATASTORE_AUDIT;
-pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT;
pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess";
lazy_static! {