Am 12/04/2024 um 16:15 schrieb Friedrich Weber: > Given a `(type, user, vmid)` tuple, the helper aborts all tasks of the > given `type` for guest `vmid` that `user` is allowed to abort: > > - If `user` has `Sys.Modify` on the node, they can abort any task > - If `user` is an API token, it can abort any task it started itself > - If `user` is a user, they can abort any task started by themselves > or one of their API tokens. > > The helper is used to overrule any active qmshutdown/vzshutdown tasks > when attempting to stop a VM/CT (if requested). > > Signed-off-by: Friedrich Weber <f.we...@proxmox.com> > --- > > Notes: > As the computation of `$can_abort_task` essentially duplicates logic > from PVE/API2/Tasks.pm, I considered reusing that, but this would have > required moving it to one of the dependencies of pve-guest-common > (Thomas suggested pve-access-control off-list). Seeing that the logic > boils down to 4 lines in `abort_guest_tasks`, I didn't consider it > worth the trouble in the end. Happy to reconsider, though. > > changes v2 -> v3: > - improved readability: renamed subroutine to describe what it does, > renamed return value, added comment, clarified commit message (thx > Thomas) > - better align logic with current permission model for stopping tasks: > - allow users with Sys.Modify to abort *any* task (thx Thomas) > - allow users to abort tasks of their tokens > > no changes v1 -> v2 > > src/PVE/GuestHelpers.pm | 35 +++++++++++++++++++++++++++++++++++ > 1 file changed, 35 insertions(+) > >
applied, with some (very) tiny efficiency improvement as follow-up, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
