]>
Commit | Line | Data |
---|---|---|
9d82c6bc DM |
1 | package PMG::RESTEnvironment; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
9968426f | 6 | use PVE::INotify; |
9d82c6bc DM |
7 | use PVE::RESTEnvironment; |
8 | ||
9968426f | 9 | use PMG::Cluster; |
9d82c6bc | 10 | use PMG::ClusterConfig; |
27ca2dae | 11 | use PMG::AccessControl; |
9d82c6bc DM |
12 | |
13 | use base qw(PVE::RESTEnvironment); | |
14 | ||
9968426f DM |
15 | my $nodename = PVE::INotify::nodename(); |
16 | ||
9d82c6bc DM |
17 | # initialize environment - must be called once at program startup |
18 | sub init { | |
19 | my ($class, $type, %params) = @_; | |
20 | ||
21 | $class = ref($class) || $class; | |
22 | ||
23 | my $self = $class->SUPER::init($type, %params); | |
24 | ||
25 | $self->{cinfo} = {}; | |
27ca2dae | 26 | $self->{usercfg} = {}; |
9d82c6bc DM |
27 | |
28 | return $self; | |
29 | }; | |
30 | ||
31 | # init_request - must be called before each RPC request | |
32 | sub init_request { | |
33 | my ($self, %params) = @_; | |
34 | ||
35 | $self->SUPER::init_request(%params); | |
36 | ||
37 | $self->{cinfo} = PVE::INotify::read_file("cluster.conf"); | |
27ca2dae | 38 | $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf"); |
9d82c6bc DM |
39 | } |
40 | ||
9968426f DM |
41 | sub check_node_is_master { |
42 | my ($self, $noerr); | |
43 | ||
44 | my $master = PMG::Cluster::get_master_node($self->{cinfo}); | |
45 | ||
46 | return 1 if $master eq 'localhost' || $master eq $nodename; | |
47 | ||
48 | return undef if $noerr; | |
49 | ||
50 | die "this node ('$nodename') is not the master node\n"; | |
51 | } | |
52 | ||
27ca2dae DM |
53 | sub check_api2_permissions { |
54 | my ($self, $perm, $username, $uri_param) = @_; | |
55 | ||
56 | return 1 if !$username && $perm->{user} && $perm->{user} eq 'world'; | |
57 | ||
58 | raise_perm_exc("user == null") if !$username; | |
59 | ||
60 | return 1 if $username eq 'root@pam'; | |
61 | ||
62 | raise_perm_exc('user != root@pam') if !$perm; | |
63 | ||
64 | return 1 if $perm->{user} && $perm->{user} eq 'all'; | |
65 | ||
66 | my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username); | |
67 | ||
68 | if (my $allowed_roles = $perm->{check}) { | |
69 | return 1 if grep { $_ eq $role } @$allowed_roles; | |
70 | } | |
71 | ||
72 | raise_perm_exc(); | |
73 | } | |
74 | ||
9d82c6bc | 75 | 1; |