]>
git.proxmox.com Git - pmg-api.git/blob - PMG/RESTEnvironment.pm
1 package PMG
::RESTEnvironment
;
7 use PVE
::RESTEnvironment
;
10 use PMG
::ClusterConfig
;
11 use PMG
::AccessControl
;
13 use base
qw(PVE::RESTEnvironment);
15 my $nodename = PVE
::INotify
::nodename
();
17 # initialize environment - must be called once at program startup
19 my ($class, $type, %params) = @_;
21 $class = ref($class) || $class;
23 my $self = $class->SUPER::init
($type, %params);
26 $self->{usercfg
} = {};
27 $self->{ticket
} = undef;
32 # init_request - must be called before each RPC request
34 my ($self, %params) = @_;
36 $self->SUPER::init_request
(%params);
38 $self->{ticket
} = undef;
39 $self->{cinfo
} = PVE
::INotify
::read_file
("cluster.conf");
40 $self->{usercfg
} = PVE
::INotify
::read_file
("pmg-user.conf");
44 my ($self, $ticket) = @_;
46 $self->{ticket
} = $ticket;
52 return $self->{ticket
};
55 sub check_node_is_master
{
58 my $master = PMG
::Cluster
::get_master_node
($self->{cinfo
});
60 return 1 if $master eq 'localhost' || $master eq $nodename;
62 return undef if $noerr;
64 die "this node ('$nodename') is not the master node\n";
67 sub check_api2_permissions
{
68 my ($self, $perm, $username, $uri_param) = @_;
70 return 1 if !$username && $perm->{user
} && $perm->{user
} eq 'world';
72 raise_perm_exc
("user == null") if !$username;
74 return 1 if $username eq 'root@pam';
76 raise_perm_exc
('user != root@pam') if !$perm;
78 return 1 if $perm->{user
} && $perm->{user
} eq 'all';
80 my $role = PMG
::AccessControl
::check_user_enabled
($self->{usercfg
}, $username);
82 if (my $allowed_roles = $perm->{check
}) {
83 return 1 if grep { $_ eq $role } @$allowed_roles;