Create role for backup add-ons (#755)

* Create role for backup add-ons * Update validate.py * Update security.py
2025-07-09 18:26:30 +00:00 · 2018-10-12 12:48:12 +02:00 · 2018-10-12 12:48:12 +02:00 · 571c42ef7d
commit 571c42ef7d
parent 8443da0b9f
3 changed files with 9 additions and 2 deletions
--- a/hassio/addons/validate.py
+++ b/hassio/addons/validate.py
@ -24,7 +24,7 @@ from ..const import (
    PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
    PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
    PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH,
-    ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN)
+    ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP)
 from ..validate import (
    NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256)
 from ..services.validate import DISCOVERY_SERVICES
@ -85,6 +85,7 @@ PRIVILEGED_ALL = [
 ROLE_ALL = [
    ROLE_DEFAULT,
    ROLE_HOMEASSISTANT,
+    ROLE_BACKUP,
    ROLE_MANAGER,
    ROLE_ADMIN,
 ]
--- a/hassio/api/security.py
+++ b/hassio/api/security.py
@ -7,7 +7,7 @@ from aiohttp.web_exceptions import HTTPUnauthorized, HTTPForbidden

 from ..const import (
    HEADER_TOKEN, REQUEST_FROM, ROLE_ADMIN, ROLE_DEFAULT, ROLE_HOMEASSISTANT,
-    ROLE_MANAGER)
+    ROLE_MANAGER, ROLE_BACKUP)
 from ..coresys import CoreSysAttributes

 _LOGGER = logging.getLogger(__name__)
@ -53,6 +53,11 @@ ADDONS_ROLE_ACCESS = {
        r"|/homeassistant/.+"
        r")$"
    ),
+    ROLE_BACKUP: re.compile(
+        r"^(?:"
+        r"|/snapshots.*"
+        r")$"
+    ),
    ROLE_MANAGER: re.compile(
        r"^(?:"
        r"|/homeassistant/.+"
--- a/hassio/const.py
+++ b/hassio/const.py
@ -256,5 +256,6 @@ FEATURES_SERVICES = 'services'

 ROLE_DEFAULT = 'default'
 ROLE_HOMEASSISTANT = 'homeassistant'
+ROLE_BACKUP = 'backup'
 ROLE_MANAGER = 'manager'
 ROLE_ADMIN = 'admin'