[pve-devel] [PATCH v2 manager 4/9] api/tasks: attribute token tasks to user

Thu, 21 Nov 2019 06:46:26 -0800 

and store token ID in separate, currently unused member.

Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---

Notes:
    versioned depends on libpve-access-control
    
    alternatively, we could also change the fork_worker signature and encode 
this
    inside the task information on disk, but that would be a more invasive
    solution..

 PVE/API2/Cluster.pm |  3 +++
 PVE/API2/Tasks.pm   | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 3b62953f..ca7b2d31 100644
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -461,6 +461,9 @@ __PACKAGE__->register_method({
        my $all = $rpcenv->check($authuser, "/", [ 'Sys.Audit' ], 1);
 
        foreach my $task (@$tlist) {
+           if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+               ($task->{user}, $task->{tokenid}) = 
PVE::AccessControl::split_tokenid($task->{user});
+           }
            push @$res, $task if $all || ($task->{user} eq $authuser);
        }
    
diff --git a/PVE/API2/Tasks.pm b/PVE/API2/Tasks.pm
index 73e398eb..5dc6a4ad 100644
--- a/PVE/API2/Tasks.pm
+++ b/PVE/API2/Tasks.pm
@@ -16,6 +16,14 @@ use PVE::AccessControl;
 
 use base qw(PVE::RESTHandler);
 
+my $convert_token_task = sub {
+    my ($task) = @_;
+
+    if (PVE::AccessControl::pve_verify_tokenid($task->{user}, 1)) {
+       ($task->{user}, $task->{tokenid}) = 
PVE::AccessControl::split_tokenid($task->{user});
+    }
+};
+
 __PACKAGE__->register_method({
     name => 'node_tasks',
     path => '',
@@ -142,6 +150,7 @@ __PACKAGE__->register_method({
                    $task->{endtime} = hex($endtime) if $endtime;
                    $task->{status} = $status if $status;
 
+                   $convert_token_task->($task);
                    if (!$filter_task->($task)) {
                        push @$res, $task;
                        $limit--;
@@ -242,6 +251,8 @@ __PACKAGE__->register_method({
        my $user = $rpcenv->get_user();
        my $node = $param->{node};
 
+       $convert_token_task->($task);
+
        if ($user ne $task->{user}) {
            $rpcenv->check($user, "/nodes/$node", [ 'Sys.Modify' ]);
        }
@@ -309,6 +320,8 @@ __PACKAGE__->register_method({
        my $start = $param->{start} // 0;
        my $limit = $param->{limit} // 50;
 
+       $convert_token_task->($task);
+
        if ($user ne $task->{user})  {
            $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
        }
@@ -365,6 +378,8 @@ __PACKAGE__->register_method({
        my $user = $rpcenv->get_user();
        my $node = $param->{node};
 
+       $convert_token_task->($task);
+
        if ($user ne $task->{user}) {
            $rpcenv->check($user, "/nodes/$node", [ 'Sys.Audit' ]);
        }
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to