XSI-2128: Ignore RBAC when destroying internal tasks

Bengang Yuan · Bengang Yuan · commit 57adc227fed9 · 2026-02-05T08:06:20.000Z
When calling `VDI.copy` or `VDI.pool_migrate` with `vm_power_admin` role,
xapi may forward the operation to a remote host. In this case, xapi creates
a pool session on the remote host and create a new task. When the
operation completes, `try_internal_async` uses the user's session to
destroy the task that was created by an internal pool session, but the
user doesn't have the permission to destory other user's task
(task.destroy/any), so it fails.

Solution:
This is an internal cleanup operation, so it doesn't need user RBAC
restriction and checking. Ignore RBAC when destroying internal tasks by
calling Db_actions.DB_Action.Task.destroy directly.

Signed-off-by: Bengang Yuan &lt;bengang.yuan@citrix.com&gt;
diff --git a/ocaml/xapi/helpers.ml b/ocaml/xapi/helpers.ml
@@ -2025,7 +2025,7 @@ let try_internal_async ~__context (marshaller : Rpc.t -> 'b)
         )
         (fun () ->
           info "try_internal_async: destroying task: t = ( %s )" ref ;
-          TaskHelper.destroy ~__context t
+          Db.Task.destroy ~__context ~self:t
         )
 
 module PoolSecret : sig

Original file line number	Diff line number	Diff line change
`@@ -2025,7 +2025,7 @@ let try_internal_async ~__context (marshaller : Rpc.t -> 'b)`
`2025`	`2025`	`)`
`2026`	`2026`	`(fun () ->`
`2027`	`2027`	`info "try_internal_async: destroying task: t = ( %s )" ref ;`
`2028`		`- TaskHelper.destroy ~__context t`
	`2028`	`+ Db.Task.destroy ~__context ~self:t`
`2029`	`2029`	`)`
`2030`	`2030`
`2031`	`2031`	`module PoolSecret : sig`