Add roles for public pool.dataset namespace

truenas · Feb 13, 2025 · 425f4a2 · 425f4a2
1 parent 7c81c58
commit 425f4a2
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/src/middlewared/middlewared/plugins/pool_/dataset.py b/src/middlewared/middlewared/plugins/pool_/dataset.py
@@ -1012,7 +1012,7 @@ def __handle_zfs_set_property_error(self, e, properties_definitions):
         return verrors
 
     @item_method
-    @accepts(Str('id'))
+    @accepts(Str('id'), roles=['DATASET_WRITE'])
     @returns()
     async def promote(self, id_):
         """

diff --git a/src/middlewared/middlewared/plugins/pool_/dataset_encryption_info.py b/src/middlewared/middlewared/plugins/pool_/dataset_encryption_info.py
@@ -411,6 +411,7 @@ async def dataset_encryption_root_mapping(self):
     @accepts(
         Str('id'),
         Bool('download', default=False),
+        roles=['DATASET_WRITE']
     )
     @returns(Str('key', null=True, private=True))
     @job(lock='dataset_export_keys', pipes=['output'], check_pipes=False)

diff --git a/src/middlewared/middlewared/plugins/pool_/dataset_encryption_lock.py b/src/middlewared/middlewared/plugins/pool_/dataset_encryption_lock.py
@@ -26,7 +26,8 @@ class Config:
         Dict(
             'lock_options',
             Bool('force_umount', default=False),
-        )
+        ),
+        roles=['DATASET_WRITE']
     )
     @returns(Bool('locked'))
     @job(lock=lambda args: 'dataset_lock')
@@ -104,7 +105,8 @@ async def detach(delegate):
                     )
                 ],
             ),
-        )
+        ),
+        roles=['DATASET_WRITE']
     )
     @returns(Dict(
         List('unlocked', items=[Str('dataset')], required=True),

diff --git a/src/middlewared/middlewared/plugins/pool_/dataset_encryption_operations.py b/src/middlewared/middlewared/plugins/pool_/dataset_encryption_operations.py
@@ -123,7 +123,8 @@ def validate_encryption_data(self, job, verrors, encryption_dict, schema):
             Int('pbkdf2iters', default=350000, validators=[Range(min_=100000)]),
             Str('passphrase', empty=False, default=None, null=True, private=True),
             Str('key', validators=[Range(min_=64, max_=64)], default=None, null=True, private=True),
-        )
+        ),
+        roles=['DATASET_WRITE']
     )
     @returns()
     @job(lock=lambda args: f'dataset_change_key_{args[0]}', pipes=['input'], check_pipes=False)
@@ -223,7 +224,7 @@ async def change_key(self, job, id_, options):
         data['old_key_format'] = ds['key_format']['value']
         await self.middleware.call_hook('dataset.change_key', data)
 
-    @accepts(Str('id'))
+    @accepts(Str('id'), roles=['DATASET_WRITE'])
     @returns()
     async def inherit_parent_encryption_properties(self, id_):
         """

diff --git a/src/middlewared/middlewared/plugins/pool_/dataset_processes.py b/src/middlewared/middlewared/plugins/pool_/dataset_processes.py
@@ -18,7 +18,7 @@ class Config:
         namespace = 'pool.dataset'
 
     @item_method
-    @accepts(Str('id', required=True), roles=['READONLY_ADMIN'])
+    @accepts(Str('id', required=True), roles=['DATASET_READ'])
     @returns(Ref('processes'))
     async def processes(self, oid):
         """