From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 10 Apr 2014 08:44:56 +0000 (+0200)
Subject: rules API: protect against concurrent updates
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=ddf1e07dce58c742826f89811396050e78f07e72

rules API: protect against concurrent updates
---

diff --git a/src/PVE/API2/Firewall/Rules.pm b/src/PVE/API2/Firewall/Rules.pm
index 46fdd56..0054dfc 100644
--- a/src/PVE/API2/Firewall/Rules.pm
+++ b/src/PVE/API2/Firewall/Rules.pm
@@ -125,7 +125,6 @@ sub register_get_rule {
 	    my ($fw_conf, $rules) = $class->load_config($param);
 
 	    my $digest = $fw_conf->{digest};
-	    # fixme: check digest
 	
 	    die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
 	
@@ -160,8 +159,6 @@ sub register_create_rule {
 
 	    my ($fw_conf, $rules) = $class->load_config($param);
 
-	    my $digest = $fw_conf->{digest};
-
 	    my $rule = {};
 
 	    PVE::Firewall::copy_rule_data($rule, $param);
@@ -215,9 +212,8 @@ sub register_update_rule {
 
 	    my ($fw_conf, $rules) = $class->load_config($param);
 
-	    my $digest = $fw_conf->{digest};
-	    # fixme: check digest
-	
+	    PVE::Tools::assert_if_modified($fw_conf->{digest}, $param->{digest});
+
 	    die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
 	
 	    my $rule = $rules->[$param->{pos}];
@@ -259,6 +255,8 @@ sub register_delete_rule {
     my $properties = $class->additional_parameters();
 
     $properties->{pos} = $api_properties->{pos};
+
+    $properties->{digest} = get_standard_option('pve-config-digest');
     
     $class->register_method({
 	name => 'delete_rule',
@@ -276,8 +274,7 @@ sub register_delete_rule {
 
 	    my ($fw_conf, $rules) = $class->load_config($param);
 
-	    my $digest = $fw_conf->{digest};
-	    # fixme: check digest
+	    PVE::Tools::assert_if_modified($fw_conf->{digest}, $param->{digest});
 	
 	    die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);