diff --git a/hassio/addons/validate.py b/hassio/addons/validate.py index dc5afbbc6..f9335f7c3 100644 --- a/hassio/addons/validate.py +++ b/hassio/addons/validate.py @@ -24,7 +24,7 @@ from ..const import ( PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO, PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE, PRIVILEGED_SYS_RESOURCE, PRIVILEGED_SYS_PTRACE, PRIVILEGED_DAC_READ_SEARCH, - ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN) + ROLE_DEFAULT, ROLE_HOMEASSISTANT, ROLE_MANAGER, ROLE_ADMIN, ROLE_BACKUP) from ..validate import ( NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE, UUID_MATCH, SHA256) from ..services.validate import DISCOVERY_SERVICES @@ -85,6 +85,7 @@ PRIVILEGED_ALL = [ ROLE_ALL = [ ROLE_DEFAULT, ROLE_HOMEASSISTANT, + ROLE_BACKUP, ROLE_MANAGER, ROLE_ADMIN, ] diff --git a/hassio/api/security.py b/hassio/api/security.py index aeac3f5bd..fe824e588 100644 --- a/hassio/api/security.py +++ b/hassio/api/security.py @@ -7,7 +7,7 @@ from aiohttp.web_exceptions import HTTPUnauthorized, HTTPForbidden from ..const import ( HEADER_TOKEN, REQUEST_FROM, ROLE_ADMIN, ROLE_DEFAULT, ROLE_HOMEASSISTANT, - ROLE_MANAGER) + ROLE_MANAGER, ROLE_BACKUP) from ..coresys import CoreSysAttributes _LOGGER = logging.getLogger(__name__) @@ -53,6 +53,11 @@ ADDONS_ROLE_ACCESS = { r"|/homeassistant/.+" r")$" ), + ROLE_BACKUP: re.compile( + r"^(?:" + r"|/snapshots.*" + r")$" + ), ROLE_MANAGER: re.compile( r"^(?:" r"|/homeassistant/.+" diff --git a/hassio/const.py b/hassio/const.py index 1653497e4..d6b2bb8d0 100644 --- a/hassio/const.py +++ b/hassio/const.py @@ -256,5 +256,6 @@ FEATURES_SERVICES = 'services' ROLE_DEFAULT = 'default' ROLE_HOMEASSISTANT = 'homeassistant' +ROLE_BACKUP = 'backup' ROLE_MANAGER = 'manager' ROLE_ADMIN = 'admin'