From d74f9528d45311e1185466ba6ac7789d15b7f7c1 Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Sun, 5 Nov 2023 22:12:41 -0500 Subject: [PATCH] NAS-125070 / 24.04 / Allow all authenticated users to get basic state info (#12454) This allows all authenticated users to retrieve the following info: * directory services state (HEALTHY, DISABLED, FAULTED) * whether system is licensed for failover * truenas version information * whether server is clustered --- src/middlewared/middlewared/plugins/cluster_linux/utils.py | 3 ++- src/middlewared/middlewared/plugins/directoryservices.py | 3 ++- src/middlewared/middlewared/plugins/failover.py | 4 +++- src/middlewared/middlewared/plugins/system/product.py | 5 ++++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/middlewared/middlewared/plugins/cluster_linux/utils.py b/src/middlewared/middlewared/plugins/cluster_linux/utils.py index 6a435c1c89aa1..bae80686dece2 100644 --- a/src/middlewared/middlewared/plugins/cluster_linux/utils.py +++ b/src/middlewared/middlewared/plugins/cluster_linux/utils.py @@ -11,7 +11,7 @@ from middlewared.plugins.gluster_linux.utils import GlusterConfig from middlewared.schema import Bool, returns from middlewared.service import (Service, ValidationErrors, accepts, job, - private) + private, no_authz_required) from middlewared.service_exception import CallError from middlewared.utils.path import CLUSTER_PATH_PREFIX @@ -22,6 +22,7 @@ class Config: namespace = 'cluster.utils' cli_namespace = 'service.cluster.utils' + @no_authz_required @accepts() @returns(Bool('is_clustered')) async def is_clustered(self): diff --git a/src/middlewared/middlewared/plugins/directoryservices.py b/src/middlewared/middlewared/plugins/directoryservices.py index 5da285ea2ed81..53b1aab49014c 100644 --- a/src/middlewared/middlewared/plugins/directoryservices.py +++ b/src/middlewared/middlewared/plugins/directoryservices.py @@ -7,7 +7,7 @@ from base64 import b64encode, b64decode from middlewared.schema import accepts, Dict, List, OROperator, Ref, returns, Str -from middlewared.service import Service, private, job +from middlewared.service import no_authz_required, Service, private, job from middlewared.plugins.smb import SMBCmd, SMBPath from middlewared.service_exception import CallError from middlewared.utils import run @@ -141,6 +141,7 @@ class Config: service = "directoryservices" cli_namespace = "directory_service" + @no_authz_required @accepts() @returns(Dict( 'directory_services_states', diff --git a/src/middlewared/middlewared/plugins/failover.py b/src/middlewared/middlewared/plugins/failover.py index 8ac144d05a60d..0b5331740a7f9 100644 --- a/src/middlewared/middlewared/plugins/failover.py +++ b/src/middlewared/middlewared/plugins/failover.py @@ -14,7 +14,8 @@ from middlewared.auth import is_ha_connection, TrueNasNodeSessionManagerCredentials from middlewared.schema import accepts, Bool, Dict, Int, List, NOT_PROVIDED, Str, returns, Patch from middlewared.service import ( - job, no_auth_required, pass_app, private, CallError, ConfigService, ValidationError, ValidationErrors + job, no_auth_required, no_authz_required, pass_app, private, CallError, ConfigService, + ValidationError, ValidationErrors ) import middlewared.sqlalchemy as sa from middlewared.plugins.auth import AuthService @@ -134,6 +135,7 @@ async def _master_node(self, master): else: raise CallError('Unable to change node state in MANUAL mode') + @no_authz_required @accepts() @returns(Bool()) def licensed(self): diff --git a/src/middlewared/middlewared/plugins/system/product.py b/src/middlewared/middlewared/plugins/system/product.py index badc90c1b252c..013032d4dcdb4 100644 --- a/src/middlewared/middlewared/plugins/system/product.py +++ b/src/middlewared/middlewared/plugins/system/product.py @@ -5,7 +5,7 @@ from pathlib import Path from middlewared.schema import accepts, Bool, returns, Str -from middlewared.service import CallError, no_auth_required, private, Service +from middlewared.service import CallError, no_auth_required, no_authz_required, private, Service from middlewared.utils import sw_info from middlewared.utils.license import LICENSE_ADDHW_MAPPING @@ -78,6 +78,7 @@ async def product_name(self): """ return "TrueNAS" + @no_authz_required @accepts() @returns(Str('truenas_version_shortname')) def version_short(self): @@ -105,12 +106,14 @@ def release_notes_url(self, version_str): else: return f'{base_url}/#{"".join(to_format)}' + @no_authz_required @accepts() @returns(Str('truenas_version')) def version(self): """Returns the full name of the software version of the system.""" return sw_info()['fullname'] + @no_authz_required @accepts() @returns(Str('is_stable')) def is_stable(self):