On 11/29/24 15:23, Fiona Ebner wrote:
For issues like these, it's often nice to start out with the fix and put
bigger refactorings later. Then the fix can already be applied up-front
while discussing the bigger changes.
ACK, I'll move this in front of the other changes.
Am 16.09.24 um 18:38 schrieb Daniel Kral:
diff --git a/PVE/QemuServer/Helpers.pm b/PVE/QemuServer/Helpers.pm
index 9d0f24aa..a5f6b328 100644
--- a/PVE/QemuServer/Helpers.pm
+++ b/PVE/QemuServer/Helpers.pm
@@ -11,6 +11,8 @@ use PVE::ProcFSTools;
use base 'Exporter';
our @EXPORT_OK = qw(
+check_storage_alloc
+check_volume_alloc
min_version
config_aware_timeout
parse_number_sets
@@ -151,6 +153,50 @@ sub check_volume_content_type : prototype($$) {
return check_storage_content_type($storecfg, $storeid, $vtype);
}
+=head3 check_storage_alloc($rpcenv, $user, $storeid)
+
+Checks whether the C<$user> has the permissions in the C<$rpcenv> to allocate
space in the storage
+with the identifier C<$storeid>.
+
+
+If the check fails, the subroutine will C<die> with a permission exception
inside the subroutine
+L<PVE::RPCEnvironment::check>.
+
+Returns C<1> if the check is successful.
+
+=cut
+
+sub check_storage_alloc : prototype($$$) {
I'd rather call it assert_storage_alloc_permission
+ my ($rpcenv, $user, $storeid) = @_;
+
+ if (defined($rpcenv) && defined($user)) {
Should we rather assert these? It should not be called in a context
where we don't have them. In fact, I'd prefer this to be a private
helper in the API module directly. But I'm not fully convinced we need a
helper for this to begin with, the actual code is just two lines (or one
statement).
I agree with all of your points, I'm also in favor of just dropping the
helper in general for v2.
+ $rpcenv->check($user, "/storage/$storeid", ['Datastore.AllocateSpace'])
+ if $user ne 'root@pam';
+ }
+
+ return 1;
+}
+
+=head3 check_volume_alloc($storecfg, $storeid, $node)
+
+Checks whether the volume with the identifier C<$volid>, that is defined in
C<$storecfg> (which
+is typically retrieved with L<PVE::Storage::config>), is enabled an supports
volume images.
+
+If the check fails, it will C<die> with an error message.
+
+Returns C<1> if the check is successful.
+
+=cut
+
+sub check_volume_alloc : prototype($$;$) {
Again, "assert_" and "_permission"
Hm, why did you choose permission here?
There are no permission checks done here, would be a suffix like
"_allowed" or "_available" also be fine for you?
should/could also live in the storage library as it does not depend on
anything else
ACK
+ my ($storecfg, $storeid, $node) = @_;
+
+ PVE::Storage::storage_check_enabled($storecfg, $storeid, $node);
+ check_storage_content_type($storecfg, $storeid);
+
+ return 1;
+}
+
sub min_version {
my ($verstr, $major, $minor, $pve) = @_;
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
