[pmg-api.git] / PMG / RESTEnvironment.pm

package PMG::RESTEnvironment;

use strict;
use warnings;

use PVE::INotify;
use PVE::RESTEnvironment;

use PMG::Cluster;
use PMG::ClusterConfig;
use PMG::AccessControl;

use base qw(PVE::RESTEnvironment);

my $nodename = PVE::INotify::nodename();

# initialize environment - must be called once at program startup
sub init {
    my ($class, $type, %params) = @_;

    $class = ref($class) || $class;

    my $self = $class->SUPER::init($type, %params);

    $self->{cinfo} = {};
    $self->{usercfg} = {};
 
    return $self;
};

# init_request - must be called before each RPC request
sub init_request {
    my ($self, %params) = @_;
    
    $self->SUPER::init_request(%params);
    
    $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
    $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
}

sub check_node_is_master {
    my ($self, $noerr);

    my $master = PMG::Cluster::get_master_node($self->{cinfo});

    return 1 if $master eq 'localhost' || $master eq $nodename;

    return undef if $noerr;

    die "this node ('$nodename') is not the master node\n";
}

sub check_api2_permissions {
    my ($self, $perm, $username, $uri_param) = @_;

    return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';

    raise_perm_exc("user == null") if !$username;

    return 1 if $username eq 'root@pam';

    raise_perm_exc('user != root@pam') if !$perm;

    return 1 if $perm->{user} && $perm->{user} eq 'all';

    my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);

    if (my $allowed_roles = $perm->{check}) {
	return 1 if grep { $_ eq $role } @$allowed_roles;
    }

    raise_perm_exc();
}

1;
Commit	Line	Data
9d82c6bc DM	1	package PMG::RESTEnvironment;
	2
	3	use strict;
	4	use warnings;
	5
9968426f	6	use PVE::INotify;
9d82c6bc DM	7	use PVE::RESTEnvironment;
9d82c6bc DM	8
9968426f	9	use PMG::Cluster;
9d82c6bc	10	use PMG::ClusterConfig;
27ca2dae	11	use PMG::AccessControl;
9d82c6bc DM	12
	13	use base qw(PVE::RESTEnvironment);
	14
9968426f DM	15	my $nodename = PVE::INotify::nodename();
9968426f DM	16
9d82c6bc DM	17	# initialize environment - must be called once at program startup
	18	sub init {
	19	my ($class, $type, %params) = @_;
	20
	21	$class = ref($class) \|\| $class;
	22
	23	my $self = $class->SUPER::init($type, %params);
	24
	25	$self->{cinfo} = {};
27ca2dae	26	$self->{usercfg} = {};
9d82c6bc DM	27
	28	return $self;
	29	};
	30
	31	# init_request - must be called before each RPC request
	32	sub init_request {
	33	my ($self, %params) = @_;
	34
	35	$self->SUPER::init_request(%params);
	36
	37	$self->{cinfo} = PVE::INotify::read_file("cluster.conf");
27ca2dae	38	$self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
9d82c6bc DM	39	}
9d82c6bc DM	40
9968426f DM	41	sub check_node_is_master {
	42	my ($self, $noerr);
	43
	44	my $master = PMG::Cluster::get_master_node($self->{cinfo});
	45
	46	return 1 if $master eq 'localhost' \|\| $master eq $nodename;
	47
	48	return undef if $noerr;
	49
	50	die "this node ('$nodename') is not the master node\n";
	51	}
	52
27ca2dae DM	53	sub check_api2_permissions {
	54	my ($self, $perm, $username, $uri_param) = @_;
	55
	56	return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
	57
	58	raise_perm_exc("user == null") if !$username;
	59
	60	return 1 if $username eq 'root@pam';
	61
	62	raise_perm_exc('user != root@pam') if !$perm;
	63
	64	return 1 if $perm->{user} && $perm->{user} eq 'all';
	65
	66	my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);
	67
	68	if (my $allowed_roles = $perm->{check}) {
	69	return 1 if grep { $_ eq $role } @$allowed_roles;
	70	}
	71
	72	raise_perm_exc();
	73	}
	74
9d82c6bc	75	1;