Raise ValidationError on perm change for readonly paths

This commit introduces additional validation to check whether the path on which user is trying to change permissions is set to readonly. This appears to be a fairly common occurance with our SCALE userbase and so we need to cleanly explain why they can't do this.
truenas · Jan 21, 2025 · 0a1fc7e · 0a1fc7e
1 parent 21b2b89
commit 0a1fc7e
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/middlewared/middlewared/plugins/filesystem_/acl.py b/src/middlewared/middlewared/plugins/filesystem_/acl.py
@@ -84,6 +84,13 @@ def _common_perm_path_validate(self, schema, data, verrors, pool_mp_ok=False):
                 f'{schema}.path',
                 'Path component for is currently encrypted and locked'
             )
+        else:
+            statfs_flags = self.middleware.call_sync('filesystem.statfs', path)['flags']
+            if 'RO' in statfs_flags:
+                verrors.add(
+                    f'{schema}.path',
+                    f'{path}: dataset underlying path has the readonly property enabled.'
+                )
 
         return loc