From a737179eb448677b06dd5f68884d2f0f0603d825 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Sat, 18 Apr 2020 08:09:34 +0200
Subject: [PATCH] src/config/cached_user_info.rs: new check_privs helper

---
 src/config/cached_user_info.rs | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/config/cached_user_info.rs b/src/config/cached_user_info.rs
index 342af145..beb229c5 100644
--- a/src/config/cached_user_info.rs
+++ b/src/config/cached_user_info.rs
@@ -2,7 +2,7 @@
 
 use std::sync::Arc;
 
-use anyhow::{Error};
+use anyhow::{Error, bail};
 
 use proxmox::api::section_config::SectionConfigData;
 use proxmox::api::UserInformation;
@@ -45,6 +45,25 @@ impl CachedUserInfo {
             return false;
         }
     }
+
+    pub fn check_privs(
+        &self,
+        userid: &str,
+        path: &[&str],
+        required_privs: u64,
+        partial: bool,
+    ) -> Result<(), Error> {
+        let user_privs = self.lookup_privs(userid, path);
+        let allowed = if partial {
+            (user_privs & required_privs) != 0
+        } else {
+            (user_privs & required_privs) == required_privs
+        };
+        if !allowed {
+            bail!("no permissions");
+        }
+        Ok(())
+    }
 }
 
 impl UserInformation for CachedUserInfo {