diff --git a/src/api2/tape/backup.rs b/src/api2/tape/backup.rs index ba08994f..02bad990 100644 --- a/src/api2/tape/backup.rs +++ b/src/api2/tape/backup.rs @@ -47,20 +47,11 @@ fn check_backup_permission( ) -> Result<(), Error> { let user_info = CachedUserInfo::new()?; - let privs = user_info.lookup_privs(auth_id, &["datastore", store]); - if (privs & PRIV_DATASTORE_READ) == 0 { - bail!("no permissions on /datastore/{}", store); - } + user_info.check_privs(auth_id, &["datastore", store], PRIV_DATASTORE_READ, false)?; - let privs = user_info.lookup_privs(auth_id, &["tape", "drive", drive]); - if (privs & PRIV_TAPE_WRITE) == 0 { - bail!("no permissions on /tape/drive/{}", drive); - } + user_info.check_privs(auth_id, &["tape", "drive", drive], PRIV_TAPE_WRITE, false)?; - let privs = user_info.lookup_privs(auth_id, &["tape", "pool", pool]); - if (privs & PRIV_TAPE_WRITE) == 0 { - bail!("no permissions on /tape/pool/{}", pool); - } + user_info.check_privs(auth_id, &["tape", "pool", pool], PRIV_TAPE_WRITE, false)?; Ok(()) } diff --git a/src/api2/tape/restore.rs b/src/api2/tape/restore.rs index 0df35922..d84e1357 100644 --- a/src/api2/tape/restore.rs +++ b/src/api2/tape/restore.rs @@ -361,10 +361,7 @@ pub fn restore( } } - let privs = user_info.lookup_privs(&auth_id, &["tape", "drive", &drive]); - if (privs & PRIV_TAPE_READ) == 0 { - bail!("no permissions on /tape/drive/{}", drive); - } + user_info.check_privs(&auth_id, &["tape", "drive", &drive], PRIV_TAPE_READ, false)?; let media_set_uuid = media_set.parse()?; @@ -376,10 +373,7 @@ pub fn restore( let pool = inventory.lookup_media_set_pool(&media_set_uuid)?; - let privs = user_info.lookup_privs(&auth_id, &["tape", "pool", &pool]); - if (privs & PRIV_TAPE_READ) == 0 { - bail!("no permissions on /tape/pool/{}", pool); - } + user_info.check_privs(&auth_id, &["tape", "pool", &pool], PRIV_TAPE_READ, false)?; let (drive_config, _digest) = pbs_config::drive::config()?;