PMG/RESTEnvironment.pm

   1 package PMG::RESTEnvironment;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::INotify;
   7 use PVE::RESTEnvironment;
   8
   9 use PMG::Cluster;
  10 use PMG::ClusterConfig;
  11 use PMG::AccessControl;
  12
  13 use base qw(PVE::RESTEnvironment);
  14
  15 my $nodename = PVE::INotify::nodename();
  16
  17 # initialize environment - must be called once at program startup
  18 sub init {
  19     my ($class, $type, %params) = @_;
  20
  21     $class = ref($class) || $class;
  22
  23     my $self = $class->SUPER::init($type, %params);
  24
  25     $self->{cinfo} = {};
  26     $self->{usercfg} = {};
  27     $self->{ticket} = undef;
  28
  29     return $self;
  30 };
  31
  32 # init_request - must be called before each RPC request
  33 sub init_request {
  34     my ($self, %params) = @_;
  35
  36     $self->SUPER::init_request(%params);
  37
  38     $self->{ticket} = undef;
  39     $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
  40     $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
  41 }
  42
  43 sub set_ticket {
  44     my ($self, $ticket) = @_;
  45
  46     $self->{ticket} = $ticket;
  47 }
  48
  49 sub get_ticket {
  50     my ($self) = @_;
  51
  52     return $self->{ticket};
  53 }
  54
  55 sub check_node_is_master {
  56     my ($self, $noerr);
  57
  58     my $master = PMG::Cluster::get_master_node($self->{cinfo});
  59
  60     return 1 if $master eq 'localhost' || $master eq $nodename;
  61
  62     return undef if $noerr;
  63
  64     die "this node ('$nodename') is not the master node\n";
  65 }
  66
  67 sub check_api2_permissions {
  68     my ($self, $perm, $username, $uri_param) = @_;
  69
  70     return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
  71
  72     raise_perm_exc("user == null") if !$username;
  73
  74     return 1 if $username eq 'root@pam';
  75
  76     raise_perm_exc('user != root@pam') if !$perm;
  77
  78     return 1 if $perm->{user} && $perm->{user} eq 'all';
  79
  80     my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);
  81
  82     if (my $allowed_roles = $perm->{check}) {
  83         return 1 if grep { $_ eq $role } @$allowed_roles;
  84     }
  85
  86     raise_perm_exc();
  87 }
  88
  89 1;