]>
git.proxmox.com Git - pmg-api.git/blob - PMG/RESTEnvironment.pm
1 package PMG
::RESTEnvironment
;
7 use PVE
::RESTEnvironment
;
8 use PVE
::Exception
qw(raise_perm_exc);
11 use PMG
::ClusterConfig
;
12 use PMG
::AccessControl
;
14 use base
qw(PVE::RESTEnvironment);
16 my $nodename = PVE
::INotify
::nodename
();
18 # initialize environment - must be called once at program startup
20 my ($class, $type, %params) = @_;
22 $class = ref($class) || $class;
24 my $self = $class->SUPER::init
($type, %params);
27 $self->{usercfg
} = {};
28 $self->{ticket
} = undef;
33 # init_request - must be called before each RPC request
35 my ($self, %params) = @_;
37 $self->SUPER::init_request
(%params);
39 $self->{ticket
} = undef;
40 $self->{role} = undef;
41 $self->{format
} = undef;
42 $self->{cinfo
} = PVE
::INotify
::read_file
("cluster.conf");
43 $self->{usercfg
} = PVE
::INotify
::read_file
("pmg-user.conf");
46 sub setup_default_cli_env
{
47 my ($class, $username) = @_;
49 $class->SUPER::setup_default_cli_env
($username);
51 my $rest_env = $class->get();
52 $rest_env->set_role('root');
56 my ($self, $ticket) = @_;
58 $self->{format
} = $ticket;
64 return $self->{format
} // 'json';
68 my ($self, $ticket) = @_;
70 $self->{ticket
} = $ticket;
76 return $self->{ticket
};
80 my ($self, $user) = @_;
82 $self->{role} = $user;
91 sub check_node_is_master
{
94 my $master = PMG
::Cluster
::get_master_node
($self->{cinfo
});
96 return 1 if $master eq 'localhost' || $master eq $nodename;
98 return undef if $noerr;
100 die "this node ('$nodename') is not the master node\n";
103 sub check_api2_permissions
{
104 my ($self, $perm, $uri_param) = @_;
106 my $username = $self->get_user(1);
108 return 1 if !$username && $perm->{user
} && $perm->{user
} eq 'world';
110 raise_perm_exc
("user == null") if !$username;
112 return 1 if $username eq 'root@pam';
114 raise_perm_exc
('user != root@pam') if !$perm;
116 return 1 if $perm->{user
} && $perm->{user
} eq 'all';
118 my $role = $self->{role};
120 if (my $allowed_roles = $perm->{check
}) {
121 return 1 if grep { $_ eq $role } @$allowed_roles;