PMG/RESTEnvironment.pm

   1 package PMG::RESTEnvironment;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::INotify;
   7 use PVE::RESTEnvironment;
   8
   9 use PMG::Cluster;
  10 use PMG::ClusterConfig;
  11 use PMG::AccessControl;
  12
  13 use base qw(PVE::RESTEnvironment);
  14
  15 my $nodename = PVE::INotify::nodename();
  16
  17 # initialize environment - must be called once at program startup
  18 sub init {
  19     my ($class, $type, %params) = @_;
  20
  21     $class = ref($class) || $class;
  22
  23     my $self = $class->SUPER::init($type, %params);
  24
  25     $self->{cinfo} = {};
  26     $self->{usercfg} = {};
  27     $self->{ticket} = undef;
  28
  29     return $self;
  30 };
  31
  32 # init_request - must be called before each RPC request
  33 sub init_request {
  34     my ($self, %params) = @_;
  35
  36     $self->SUPER::init_request(%params);
  37
  38     $self->{ticket} = undef;
  39     $self->{role} = undef;
  40     $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
  41     $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
  42 }
  43
  44 sub setup_default_cli_env {
  45     my ($class, $username) = @_;
  46
  47     $class->SUPER::setup_default_cli_env($username);
  48
  49     my $rest_env = $class->get();
  50     $rest_env->set_role('root');
  51 }
  52
  53 sub set_ticket {
  54     my ($self, $ticket) = @_;
  55
  56     $self->{ticket} = $ticket;
  57 }
  58
  59 sub get_ticket {
  60     my ($self) = @_;
  61
  62     return $self->{ticket};
  63 }
  64
  65 sub set_role {
  66     my ($self, $user) = @_;
  67
  68     $self->{role} = $user;
  69 }
  70
  71 sub get_role {
  72     my ($self) = @_;
  73
  74     return $self->{role};
  75 }
  76
  77 sub check_node_is_master {
  78     my ($self, $noerr);
  79
  80     my $master = PMG::Cluster::get_master_node($self->{cinfo});
  81
  82     return 1 if $master eq 'localhost' || $master eq $nodename;
  83
  84     return undef if $noerr;
  85
  86     die "this node ('$nodename') is not the master node\n";
  87 }
  88
  89 sub check_api2_permissions {
  90     my ($self, $perm, $uri_param) = @_;
  91
  92     my $username = $self->get_user(1);
  93
  94     return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
  95
  96     raise_perm_exc("user == null") if !$username;
  97
  98     return 1 if $username eq 'root@pam';
  99
 100     raise_perm_exc('user != root@pam') if !$perm;
 101
 102     return 1 if $perm->{user} && $perm->{user} eq 'all';
 103
 104     my $role = $self->{role};
 105
 106     if (my $allowed_roles = $perm->{check}) {
 107         return 1 if grep { $_ eq $role } @$allowed_roles;
 108     }
 109
 110     raise_perm_exc();
 111 }
 112
 113 1;