[pmg-api.git] / PMG / API2 / Users.pm

package PMG::API2::Users;

use strict;
use warnings;
use Data::Dumper;

use PVE::SafeSyslog;
use PVE::Tools qw(extract_param);
use PVE::JSONSchema qw(get_standard_option);
use PVE::RESTHandler;
use PVE::INotify;
use PVE::Exception qw(raise_perm_exc);

use PMG::RESTEnvironment;
use PMG::UserConfig;

use base qw(PVE::RESTHandler);

my $extract_userdata = sub {
    my ($entry) = @_;

    my $res = {};
    foreach my $k (keys %$entry) {
	$res->{$k} = $entry->{$k} if $k ne 'crypt_pass';
    }

    return $res;
};

__PACKAGE__->register_method ({
    name => 'index',
    path => '',
    method => 'GET',
    description => "List users.",
    proxyto => 'master',
    protected => 1,
    permissions => { check => [ 'admin', 'qmanager', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {
		userid => { type => 'string'},
		enable => { type => 'boolean'},
		role => { type => 'string'},
		comment => { type => 'string', optional => 1},
	    },
	},
	links => [ { rel => 'child', href => "{userid}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $cfg = PMG::UserConfig->new();

	my $rpcenv = PMG::RESTEnvironment->get();
	my $authuser = $rpcenv->get_user();
	my $role = $rpcenv->get_role();

	my $res = [];

	foreach my $userid (sort keys %$cfg) {
	    next if $role eq 'qmanager' && $authuser ne $userid;
	    push @$res, $extract_userdata->($cfg->{$userid});
	}

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'create',
    path => '',
    method => 'POST',
    proxyto => 'master',
    protected => 1,
    description => "Create new user",
    parameters => $PMG::UserConfig::create_schema,
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {

	    my $cfg = PMG::UserConfig->new();

	    die "User '$param->{userid}' already exists\n"
		if $cfg->{$param->{userid}};

	    my $entry = {};
	    foreach my $k (keys %$param) {
		my $v = $param->{$k};
		if ($k eq 'password') {
		    $entry->{crypt_pass} = PVE::Tools::encrypt_pw($v);
		} else {
		    $entry->{$k} = $v;
		}
	    }

	    $entry->{enable} //= 0;
	    $entry->{expire} //= 0;
	    $entry->{role} //= 'audit';

	    $cfg->{$param->{userid}} = $entry;

	    $cfg->write();
	};

	PMG::UserConfig::lock_config($code, "create user failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'read',
    path => '{userid}',
    method => 'GET',
    description => "Read User data.",
    permissions => { check => [ 'admin', 'qmanager', 'audit' ] },
    proxyto => 'master',
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    userid => get_standard_option('userid'),
	},
    },
    returns => {
	type => "object",
	properties => {},
    },
    code => sub {
	my ($param) = @_;

	my $cfg = PMG::UserConfig->new();

	my $rpcenv = PMG::RESTEnvironment->get();
	my $authuser = $rpcenv->get_user();
	my $role = $rpcenv->get_role();

	raise_perm_exc()
	    if $role eq 'qmanager' && $authuser ne $param->{userid};

	my $data = $cfg->lookup_user_data($param->{userid});

	my $res = $extract_userdata->($data);

	return $res;
    }});

__PACKAGE__->register_method ({
    name => 'write',
    path => '{userid}',
    method => 'PUT',
    description => "Update user data.",
    protected => 1,
    proxyto => 'master',
    parameters => $PMG::UserConfig::update_schema,
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {

	    my $cfg = PMG::UserConfig->new();

	    my $userid = extract_param($param, 'userid');

	    my $entry = $cfg->lookup_user_data($userid);

	    my $delete_str = extract_param($param, 'delete');
	    die "no options specified\n"
		if !$delete_str && !scalar(keys %$param);

	    foreach my $k (PVE::Tools::split_list($delete_str)) {
		delete $entry->{$k};
	    }

	    foreach my $k (keys %$param) {
		my $v = $param->{$k};
		if ($k eq 'password') {
		    $entry->{crypt_pass} = PVE::Tools::encrypt_pw($v);
		} else {
		    $entry->{$k} = $v;
		}
	    }

	    $cfg->write();
	};

	PMG::UserConfig::lock_config($code, "update user failed");

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'delete',
    path => '{userid}',
    method => 'DELETE',
    description => "Delete a user.",
    protected => 1,
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    userid => get_standard_option('userid'),
	}
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {

	    my $cfg = PMG::UserConfig->new();

	    $cfg->lookup_user_data($param->{userid}); # user exists?

	    delete $cfg->{$param->{userid}};

	    $cfg->write();
	};

	PMG::UserConfig::lock_config($code, "delete user failed");

	return undef;
    }});

1;
Commit	Line	Data
62ebb4bc DM	1	package PMG::API2::Users;
	2
	3	use strict;
	4	use warnings;
	5	use Data::Dumper;
	6
	7	use PVE::SafeSyslog;
	8	use PVE::Tools qw(extract_param);
	9	use PVE::JSONSchema qw(get_standard_option);
	10	use PVE::RESTHandler;
	11	use PVE::INotify;
db5051b4	12	use PVE::Exception qw(raise_perm_exc);
62ebb4bc	13
39fa67c9	14	use PMG::RESTEnvironment;
62ebb4bc DM	15	use PMG::UserConfig;
	16
	17	use base qw(PVE::RESTHandler);
	18
7bf06780 DM	19	my $extract_userdata = sub {
	20	my ($entry) = @_;
	21
	22	my $res = {};
	23	foreach my $k (keys %$entry) {
	24	$res->{$k} = $entry->{$k} if $k ne 'crypt_pass';
	25	}
	26
	27	return $res;
	28	};
	29
62ebb4bc DM	30	__PACKAGE__->register_method ({
	31	name => 'index',
	32	path => '',
	33	method => 'GET',
	34	description => "List users.",
	35	proxyto => 'master',
edd6dd1c	36	protected => 1,
39fa67c9	37	permissions => { check => [ 'admin', 'qmanager', 'audit' ] },
62ebb4bc DM	38	parameters => {
	39	additionalProperties => 0,
	40	properties => {},
	41	},
	42	returns => {
	43	type => 'array',
	44	items => {
	45	type => "object",
	46	properties => {
	47	userid => { type => 'string'},
	48	enable => { type => 'boolean'},
	49	role => { type => 'string'},
	50	comment => { type => 'string', optional => 1},
	51	},
	52	},
	53	links => [ { rel => 'child', href => "{userid}" } ],
	54	},
	55	code => sub {
	56	my ($param) = @_;
	57
	58	my $cfg = PMG::UserConfig->new();
	59
39fa67c9 DC	60	my $rpcenv = PMG::RESTEnvironment->get();
	61	my $authuser = $rpcenv->get_user();
	62	my $role = $rpcenv->get_role();
	63
62ebb4bc DM	64	my $res = [];
	65
	66	foreach my $userid (sort keys %$cfg) {
39fa67c9	67	next if $role eq 'qmanager' && $authuser ne $userid;
7bf06780	68	push @$res, $extract_userdata->($cfg->{$userid});
62ebb4bc DM	69	}
	70
	71	return $res;
	72	}});
	73
	74	__PACKAGE__->register_method ({
	75	name => 'create',
	76	path => '',
	77	method => 'POST',
	78	proxyto => 'master',
	79	protected => 1,
9dae0b9a	80	description => "Create new user",
8333a87c	81	parameters => $PMG::UserConfig::create_schema,
62ebb4bc DM	82	returns => { type => 'null' },
	83	code => sub {
	84	my ($param) = @_;
	85
	86	my $code = sub {
	87
	88	my $cfg = PMG::UserConfig->new();
	89
	90	die "User '$param->{userid}' already exists\n"
	91	if $cfg->{$param->{userid}};
	92
fff8e89c DM	93	my $entry = {};
	94	foreach my $k (keys %$param) {
	95	my $v = $param->{$k};
	96	if ($k eq 'password') {
1a8170cf	97	$entry->{crypt_pass} = PVE::Tools::encrypt_pw($v);
fff8e89c DM	98	} else {
	99	$entry->{$k} = $v;
	100	}
	101	}
	102
	103	$entry->{enable} //= 0;
	104	$entry->{expire} //= 0;
	105	$entry->{role} //= 'audit';
	106
	107	$cfg->{$param->{userid}} = $entry;
62ebb4bc DM	108
	109	$cfg->write();
	110	};
	111
	112	PMG::UserConfig::lock_config($code, "create user failed");
	113
	114	return undef;
	115	}});
	116
	117	__PACKAGE__->register_method ({
	118	name => 'read',
	119	path => '{userid}',
	120	method => 'GET',
	121	description => "Read User data.",
db5051b4	122	permissions => { check => [ 'admin', 'qmanager', 'audit' ] },
62ebb4bc	123	proxyto => 'master',
edd6dd1c	124	protected => 1,
62ebb4bc DM	125	parameters => {
	126	additionalProperties => 0,
	127	properties => {
4d813470	128	userid => get_standard_option('userid'),
62ebb4bc DM	129	},
	130	},
	131	returns => {
	132	type => "object",
	133	properties => {},
	134	},
	135	code => sub {
	136	my ($param) = @_;
	137
	138	my $cfg = PMG::UserConfig->new();
	139
db5051b4 DC	140	my $rpcenv = PMG::RESTEnvironment->get();
	141	my $authuser = $rpcenv->get_user();
	142	my $role = $rpcenv->get_role();
	143
	144	raise_perm_exc()
	145	if $role eq 'qmanager' && $authuser ne $param->{userid};
	146
7bf06780 DM	147	my $data = $cfg->lookup_user_data($param->{userid});
	148
	149	my $res = $extract_userdata->($data);
	150
	151	return $res;
62ebb4bc DM	152	}});
	153
	154	__PACKAGE__->register_method ({
	155	name => 'write',
	156	path => '{userid}',
	157	method => 'PUT',
	158	description => "Update user data.",
	159	protected => 1,
	160	proxyto => 'master',
0ecf02bc	161	parameters => $PMG::UserConfig::update_schema,
62ebb4bc DM	162	returns => { type => 'null' },
	163	code => sub {
	164	my ($param) = @_;
	165
	166	my $code = sub {
	167
	168	my $cfg = PMG::UserConfig->new();
	169
0ecf02bc DM	170	my $userid = extract_param($param, 'userid');
	171
	172	my $entry = $cfg->lookup_user_data($userid);
62ebb4bc	173
0ecf02bc DM	174	my $delete_str = extract_param($param, 'delete');
	175	die "no options specified\n"
	176	if !$delete_str && !scalar(keys %$param);
	177
	178	foreach my $k (PVE::Tools::split_list($delete_str)) {
	179	delete $entry->{$k};
	180	}
	181
	182	foreach my $k (keys %$param) {
	183	my $v = $param->{$k};
	184	if ($k eq 'password') {
1a8170cf	185	$entry->{crypt_pass} = PVE::Tools::encrypt_pw($v);
0ecf02bc DM	186	} else {
	187	$entry->{$k} = $v;
	188	}
	189	}
62ebb4bc DM	190
	191	$cfg->write();
	192	};
	193
	194	PMG::UserConfig::lock_config($code, "update user failed");
	195
	196	return undef;
	197	}});
	198
	199	__PACKAGE__->register_method ({
	200	name => 'delete',
	201	path => '{userid}',
	202	method => 'DELETE',
	203	description => "Delete a user.",
	204	protected => 1,
	205	proxyto => 'master',
	206	parameters => {
	207	additionalProperties => 0,
	208	properties => {
277c84e4	209	userid => get_standard_option('userid'),
62ebb4bc DM	210	}
	211	},
	212	returns => { type => 'null' },
	213	code => sub {
	214	my ($param) = @_;
	215
	216	my $code = sub {
	217
	218	my $cfg = PMG::UserConfig->new();
	219
	220	$cfg->lookup_user_data($param->{userid}); # user exists?
	221
	222	delete $cfg->{$param->{userid}};
	223
	224	$cfg->write();
	225	};
	226
	227	PMG::UserConfig::lock_config($code, "delete user failed");
	228
	229	return undef;
	230	}});
	231
	232	1;