rest server: return UserInformation from ApiAuth::check_auth
This need impl UserInformation for Arc<CachedUserInfo> which is implemented with proxmox 0.13.2 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
parent
efeccc11cc
commit
2ea6f8d01d
@ -3,6 +3,7 @@ use std::os::unix::io::RawFd;
|
|||||||
use anyhow::{bail, format_err, Error};
|
use anyhow::{bail, format_err, Error};
|
||||||
|
|
||||||
use proxmox::tools::fd::Fd;
|
use proxmox::tools::fd::Fd;
|
||||||
|
use proxmox::api::UserInformation;
|
||||||
|
|
||||||
mod compression;
|
mod compression;
|
||||||
pub use compression::*;
|
pub use compression::*;
|
||||||
@ -41,7 +42,7 @@ pub trait ApiAuth {
|
|||||||
&self,
|
&self,
|
||||||
headers: &http::HeaderMap,
|
headers: &http::HeaderMap,
|
||||||
method: &hyper::Method,
|
method: &hyper::Method,
|
||||||
) -> Result<String, AuthError>;
|
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
|
||||||
}
|
}
|
||||||
|
|
||||||
static mut SHUTDOWN_REQUESTED: bool = false;
|
static mut SHUTDOWN_REQUESTED: bool = false;
|
||||||
|
@ -26,7 +26,7 @@ use proxmox::api::schema::{
|
|||||||
};
|
};
|
||||||
use proxmox::api::{
|
use proxmox::api::{
|
||||||
check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
|
check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
|
||||||
RpcEnvironmentType,
|
RpcEnvironmentType, UserInformation,
|
||||||
};
|
};
|
||||||
use proxmox::http_err;
|
use proxmox::http_err;
|
||||||
use proxmox::tools::fs::CreateOptions;
|
use proxmox::tools::fs::CreateOptions;
|
||||||
@ -40,12 +40,18 @@ use proxmox_rest_server::{
|
|||||||
};
|
};
|
||||||
use proxmox_rest_server::formatter::*;
|
use proxmox_rest_server::formatter::*;
|
||||||
|
|
||||||
use pbs_config::CachedUserInfo;
|
|
||||||
|
|
||||||
extern "C" {
|
extern "C" {
|
||||||
fn tzset();
|
fn tzset();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct EmptyUserInformation {}
|
||||||
|
|
||||||
|
impl UserInformation for EmptyUserInformation {
|
||||||
|
fn is_superuser(&self, _userid: &str) -> bool { false }
|
||||||
|
fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
|
||||||
|
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
||||||
|
}
|
||||||
|
|
||||||
pub struct RestServer {
|
pub struct RestServer {
|
||||||
pub api_config: Arc<ApiConfig>,
|
pub api_config: Arc<ApiConfig>,
|
||||||
}
|
}
|
||||||
@ -652,9 +658,14 @@ async fn handle_request(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
|
||||||
|
|
||||||
if auth_required {
|
if auth_required {
|
||||||
match auth.check_auth(&parts.headers, &method) {
|
match auth.check_auth(&parts.headers, &method) {
|
||||||
Ok(authid) => rpcenv.set_auth_id(Some(authid)),
|
Ok((authid, info)) => {
|
||||||
|
rpcenv.set_auth_id(Some(authid));
|
||||||
|
user_info = info;
|
||||||
|
}
|
||||||
Err(auth_err) => {
|
Err(auth_err) => {
|
||||||
let err = match auth_err {
|
let err = match auth_err {
|
||||||
AuthError::Generic(err) => err,
|
AuthError::Generic(err) => err,
|
||||||
@ -683,7 +694,7 @@ async fn handle_request(
|
|||||||
}
|
}
|
||||||
Some(api_method) => {
|
Some(api_method) => {
|
||||||
let auth_id = rpcenv.get_auth_id();
|
let auth_id = rpcenv.get_auth_id();
|
||||||
let user_info = CachedUserInfo::new()?;
|
let user_info = user_info;
|
||||||
|
|
||||||
if !check_api_permission(
|
if !check_api_permission(
|
||||||
api_method.access.permission,
|
api_method.access.permission,
|
||||||
@ -727,7 +738,7 @@ async fn handle_request(
|
|||||||
if comp_len == 0 {
|
if comp_len == 0 {
|
||||||
let language = extract_lang_header(&parts.headers);
|
let language = extract_lang_header(&parts.headers);
|
||||||
match auth.check_auth(&parts.headers, &method) {
|
match auth.check_auth(&parts.headers, &method) {
|
||||||
Ok(auth_id) => {
|
Ok((auth_id, _user_info)) => {
|
||||||
return Ok(api.get_index(Some(auth_id), language, parts));
|
return Ok(api.get_index(Some(auth_id), language, parts));
|
||||||
}
|
}
|
||||||
Err(AuthError::Generic(_)) => {
|
Err(AuthError::Generic(_)) => {
|
||||||
|
Loading…
Reference in New Issue
Block a user