]>
Commit | Line | Data |
---|---|---|
62ebb4bc DM |
1 | package PMG::API2::Users; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use Data::Dumper; | |
6 | ||
7 | use PVE::SafeSyslog; | |
8 | use PVE::Tools qw(extract_param); | |
9 | use PVE::JSONSchema qw(get_standard_option); | |
10 | use PVE::RESTHandler; | |
11 | use PVE::INotify; | |
db5051b4 | 12 | use PVE::Exception qw(raise_perm_exc); |
62ebb4bc | 13 | |
39fa67c9 | 14 | use PMG::RESTEnvironment; |
62ebb4bc DM |
15 | use PMG::UserConfig; |
16 | ||
17 | use base qw(PVE::RESTHandler); | |
18 | ||
7bf06780 DM |
19 | my $extract_userdata = sub { |
20 | my ($entry) = @_; | |
21 | ||
22 | my $res = {}; | |
23 | foreach my $k (keys %$entry) { | |
24 | $res->{$k} = $entry->{$k} if $k ne 'crypt_pass'; | |
25 | } | |
26 | ||
27 | return $res; | |
28 | }; | |
29 | ||
62ebb4bc DM |
30 | __PACKAGE__->register_method ({ |
31 | name => 'index', | |
32 | path => '', | |
33 | method => 'GET', | |
34 | description => "List users.", | |
35 | proxyto => 'master', | |
edd6dd1c | 36 | protected => 1, |
39fa67c9 | 37 | permissions => { check => [ 'admin', 'qmanager', 'audit' ] }, |
62ebb4bc DM |
38 | parameters => { |
39 | additionalProperties => 0, | |
40 | properties => {}, | |
41 | }, | |
42 | returns => { | |
43 | type => 'array', | |
44 | items => { | |
45 | type => "object", | |
46 | properties => { | |
47 | userid => { type => 'string'}, | |
48 | enable => { type => 'boolean'}, | |
49 | role => { type => 'string'}, | |
50 | comment => { type => 'string', optional => 1}, | |
51 | }, | |
52 | }, | |
53 | links => [ { rel => 'child', href => "{userid}" } ], | |
54 | }, | |
55 | code => sub { | |
56 | my ($param) = @_; | |
57 | ||
58 | my $cfg = PMG::UserConfig->new(); | |
59 | ||
39fa67c9 DC |
60 | my $rpcenv = PMG::RESTEnvironment->get(); |
61 | my $authuser = $rpcenv->get_user(); | |
62 | my $role = $rpcenv->get_role(); | |
63 | ||
62ebb4bc DM |
64 | my $res = []; |
65 | ||
66 | foreach my $userid (sort keys %$cfg) { | |
39fa67c9 | 67 | next if $role eq 'qmanager' && $authuser ne $userid; |
7bf06780 | 68 | push @$res, $extract_userdata->($cfg->{$userid}); |
62ebb4bc DM |
69 | } |
70 | ||
71 | return $res; | |
72 | }}); | |
73 | ||
74 | __PACKAGE__->register_method ({ | |
75 | name => 'create', | |
76 | path => '', | |
77 | method => 'POST', | |
78 | proxyto => 'master', | |
79 | protected => 1, | |
9dae0b9a | 80 | description => "Create new user", |
8333a87c | 81 | parameters => $PMG::UserConfig::create_schema, |
62ebb4bc DM |
82 | returns => { type => 'null' }, |
83 | code => sub { | |
84 | my ($param) = @_; | |
85 | ||
86 | my $code = sub { | |
87 | ||
88 | my $cfg = PMG::UserConfig->new(); | |
89 | ||
90 | die "User '$param->{userid}' already exists\n" | |
91 | if $cfg->{$param->{userid}}; | |
92 | ||
fff8e89c DM |
93 | my $entry = {}; |
94 | foreach my $k (keys %$param) { | |
95 | my $v = $param->{$k}; | |
96 | if ($k eq 'password') { | |
1a8170cf | 97 | $entry->{crypt_pass} = PVE::Tools::encrypt_pw($v); |
fff8e89c DM |
98 | } else { |
99 | $entry->{$k} = $v; | |
100 | } | |
101 | } | |
102 | ||
103 | $entry->{enable} //= 0; | |
104 | $entry->{expire} //= 0; | |
105 | $entry->{role} //= 'audit'; | |
106 | ||
107 | $cfg->{$param->{userid}} = $entry; | |
62ebb4bc DM |
108 | |
109 | $cfg->write(); | |
110 | }; | |
111 | ||
112 | PMG::UserConfig::lock_config($code, "create user failed"); | |
113 | ||
114 | return undef; | |
115 | }}); | |
116 | ||
117 | __PACKAGE__->register_method ({ | |
118 | name => 'read', | |
119 | path => '{userid}', | |
120 | method => 'GET', | |
121 | description => "Read User data.", | |
db5051b4 | 122 | permissions => { check => [ 'admin', 'qmanager', 'audit' ] }, |
62ebb4bc | 123 | proxyto => 'master', |
edd6dd1c | 124 | protected => 1, |
62ebb4bc DM |
125 | parameters => { |
126 | additionalProperties => 0, | |
127 | properties => { | |
4d813470 | 128 | userid => get_standard_option('userid'), |
62ebb4bc DM |
129 | }, |
130 | }, | |
131 | returns => { | |
132 | type => "object", | |
133 | properties => {}, | |
134 | }, | |
135 | code => sub { | |
136 | my ($param) = @_; | |
137 | ||
138 | my $cfg = PMG::UserConfig->new(); | |
139 | ||
db5051b4 DC |
140 | my $rpcenv = PMG::RESTEnvironment->get(); |
141 | my $authuser = $rpcenv->get_user(); | |
142 | my $role = $rpcenv->get_role(); | |
143 | ||
144 | raise_perm_exc() | |
145 | if $role eq 'qmanager' && $authuser ne $param->{userid}; | |
146 | ||
7bf06780 DM |
147 | my $data = $cfg->lookup_user_data($param->{userid}); |
148 | ||
149 | my $res = $extract_userdata->($data); | |
150 | ||
151 | return $res; | |
62ebb4bc DM |
152 | }}); |
153 | ||
154 | __PACKAGE__->register_method ({ | |
155 | name => 'write', | |
156 | path => '{userid}', | |
157 | method => 'PUT', | |
158 | description => "Update user data.", | |
159 | protected => 1, | |
160 | proxyto => 'master', | |
0ecf02bc | 161 | parameters => $PMG::UserConfig::update_schema, |
62ebb4bc DM |
162 | returns => { type => 'null' }, |
163 | code => sub { | |
164 | my ($param) = @_; | |
165 | ||
166 | my $code = sub { | |
167 | ||
168 | my $cfg = PMG::UserConfig->new(); | |
169 | ||
0ecf02bc DM |
170 | my $userid = extract_param($param, 'userid'); |
171 | ||
172 | my $entry = $cfg->lookup_user_data($userid); | |
62ebb4bc | 173 | |
0ecf02bc DM |
174 | my $delete_str = extract_param($param, 'delete'); |
175 | die "no options specified\n" | |
176 | if !$delete_str && !scalar(keys %$param); | |
177 | ||
178 | foreach my $k (PVE::Tools::split_list($delete_str)) { | |
179 | delete $entry->{$k}; | |
180 | } | |
181 | ||
182 | foreach my $k (keys %$param) { | |
183 | my $v = $param->{$k}; | |
184 | if ($k eq 'password') { | |
1a8170cf | 185 | $entry->{crypt_pass} = PVE::Tools::encrypt_pw($v); |
0ecf02bc DM |
186 | } else { |
187 | $entry->{$k} = $v; | |
188 | } | |
189 | } | |
62ebb4bc DM |
190 | |
191 | $cfg->write(); | |
192 | }; | |
193 | ||
194 | PMG::UserConfig::lock_config($code, "update user failed"); | |
195 | ||
196 | return undef; | |
197 | }}); | |
198 | ||
199 | __PACKAGE__->register_method ({ | |
200 | name => 'delete', | |
201 | path => '{userid}', | |
202 | method => 'DELETE', | |
203 | description => "Delete a user.", | |
204 | protected => 1, | |
205 | proxyto => 'master', | |
206 | parameters => { | |
207 | additionalProperties => 0, | |
208 | properties => { | |
277c84e4 | 209 | userid => get_standard_option('userid'), |
62ebb4bc DM |
210 | } |
211 | }, | |
212 | returns => { type => 'null' }, | |
213 | code => sub { | |
214 | my ($param) = @_; | |
215 | ||
216 | my $code = sub { | |
217 | ||
218 | my $cfg = PMG::UserConfig->new(); | |
219 | ||
220 | $cfg->lookup_user_data($param->{userid}); # user exists? | |
221 | ||
222 | delete $cfg->{$param->{userid}}; | |
223 | ||
224 | $cfg->write(); | |
225 | }; | |
226 | ||
227 | PMG::UserConfig::lock_config($code, "delete user failed"); | |
228 | ||
229 | return undef; | |
230 | }}); | |
231 | ||
232 | 1; |