netinvent/npbackup
1
1
Fork 0
mirror of https://github.com/netinvent/npbackup.git synced 2025-10-14 07:26:09 +08:00
Code Issues Projects Releases Packages Wiki Activity

GUI: Fix permission reset

Browse source
This commit is contained in:
deajan 2025-02-14 12:43:51 +01:00
parent 280f69aa0e
commit 5633f19c80
2 changed files with 40 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
npbackup/configuration.py
View file

@ -534,24 +534,43 @@ def inject_permissions_into_full_config(full_config: dict) -> Tuple[bool, dict]:
f"{object_type}.{object_name}.manager_password" f"{object_type}.{object_name}.manager_password"
) )
permissions = full_config.g(f"{object_type}.{object_name}.permissions") permissions = full_config.g(f"{object_type}.{object_name}.permissions")
update_manager_password = full_config.g( new_manager_password = full_config.g(
f"{object_type}.{object_name}.update_manager_password" f"{object_type}.{object_name}.new_manager_password"
) )
if update_manager_password and manager_password: # Getting current manager password is only needed in CLI mode, to avoid overwriting existing manager password
current_manager_password = full_config.g(
f"{object_type}.{object_name}.current_manager_password"
)
new_permissions = full_config.g(
f"{object_type}.{object_name}.new_permissions"
)
if new_manager_password and current_manager_password == manager_password:
full_config.s(
f"{object_type}.{object_name}.repo_uri",
(repo_uri, new_permissions, new_manager_password),
)
full_config.s(f"{object_type}.{object_name}.is_protected", True)
logger.info(f"New permissions set for {object_type} {object_name}")
elif new_manager_password:
logger.critical(
f"Cannot set new permissions for {object_type} {object_name} without current manager password"
)
elif manager_password:
full_config.s( full_config.s(
f"{object_type}.{object_name}.repo_uri", f"{object_type}.{object_name}.repo_uri",
(repo_uri, permissions, manager_password), (repo_uri, permissions, manager_password),
) )
full_config.s(f"{object_type}.{object_name}.is_protected", True) full_config.s(f"{object_type}.{object_name}.is_protected", True)
elif manager_password:
full_config.s(f"{object_type}.{object_name}.is_protected", True)
logger.debug(f"Permissions exist for {object_type} {object_name}") logger.debug(f"Permissions exist for {object_type} {object_name}")
else: else:
full_config.s(f"{object_type}.{object_name}.is_protected", False) full_config.s(f"{object_type}.{object_name}.is_protected", False)
full_config.d( # Don't keep decrypted manager password and permissions bare in config file
f"{object_type}.{object_name}.update_manager_password" # They should be injected in repo_uri tuple
) # Don't keep decrypted manager password full_config.d(f"{object_type}.{object_name}.new_manager_password")
full_config.d(f"{object_type}.{object_name}.current_manager_password")
full_config.d(f"{object_type}.{object_name}.new_permissions")
full_config.d(f"{object_type}.{object_name}.permissions") full_config.d(f"{object_type}.{object_name}.permissions")
full_config.d(f"{object_type}.{object_name}.manager_password") full_config.d(f"{object_type}.{object_name}.manager_password")
return full_config return full_config

20
npbackup/gui/config.py
View file

@ -109,6 +109,7 @@ def config_gui(full_config: dict, config_file: str):
"restore": _t("config_gui.restore_perms"), "restore": _t("config_gui.restore_perms"),
"restore_only": _t("config_gui.restore_only_perms"), "restore_only": _t("config_gui.restore_only_perms"),
"full": _t("config_gui.full_perms"), "full": _t("config_gui.full_perms"),
None: _t("config_gui.full_perms"),
}, },
} }
@ -315,13 +316,15 @@ def config_gui(full_config: dict, config_file: str):
"prometheus.http_username", "prometheus.http_username",
"prometheus.http_password", "prometheus.http_password",
"prometheus.no_cert_verify", "prometheus.no_cert_verify",
"update_manager_password", "current_manager_password",
) or key.startswith("prometheus.additional_labels"): ) or key.startswith("prometheus.additional_labels"):
return return
if key == "permissions": # Note that keys with "new" must be processed after "current" keys
# This will happen automatically since adding new values are at the end of the config
if key in ("permissions", "new_permissions"):
window["current_permissions"].Update(combo_boxes["permissions"][value]) window["current_permissions"].Update(combo_boxes["permissions"][value])
return return
if key == "manager_password": if key in ("manager_password", "new_manager_password"):
if value: if value:
window["manager_password_set"].Update(_t("generic.yes")) window["manager_password_set"].Update(_t("generic.yes"))
window["--SET-PERMISSIONS--"].Update(button_color="green") window["--SET-PERMISSIONS--"].Update(button_color="green")
@ -902,13 +905,16 @@ def config_gui(full_config: dict, config_file: str):
permission = get_key_from_value( permission = get_key_from_value(
combo_boxes["permissions"], values["permissions"] combo_boxes["permissions"], values["permissions"]
) )
full_config.s(f"{object_type}.{object_name}.permissions", permission)
full_config.s( full_config.s(
f"{object_type}.{object_name}.manager_password", f"{object_type}.{object_name}.new_permissions", permission
)
full_config.s(
f"{object_type}.{object_name}.new_manager_password",
values["-MANAGER-PASSWORD-"], values["-MANAGER-PASSWORD-"],
) )
full_config.s( full_config.s(
f"{object_type}.{object_name}.update_manager_password", True f"{object_type}.{object_name}.current_manager_password",
full_config.g(f"{object_type}.{object_name}.manager_password"),
) )
break break
window.close() window.close()
@ -2307,7 +2313,7 @@ Google Cloud storage: GOOGLE_PROJECT_ID GOOGLE_APPLICATION_CREDENTIALS\n\
full_config, object_name full_config, object_name
) )
if not manager_password or ask_manager_password(manager_password): if not manager_password or ask_manager_password(manager_password):
# We need to update full_config with current GUI values before using modifying it # We need to update full_config with current GUI values before using or modifying it
full_config = update_config_dict( full_config = update_config_dict(
full_config, current_object_type, current_object_name, values full_config, current_object_type, current_object_name, values
) )