1 package PVE
::API2
::Group
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use base
qw(PVE::RESTHandler);
12 __PACKAGE__-
>register_method ({
16 description
=> "Group index.",
18 description
=> "The returned list is restricted to groups where you have 'User.Allocate' or 'Sys.Audit' permissions on '/access', or 'User.Allocate' on /access/groups/<group>.",
22 additionalProperties
=> 0,
30 groupid
=> { type
=> 'string' },
33 links
=> [ { rel
=> 'child', href
=> "{groupid}" } ],
40 my $rpcenv = PVE
::RPCEnvironment
::get
();
41 my $usercfg = cfs_read_file
("user.cfg");
42 my $authuser = $rpcenv->get_user();
44 my $privs = [ 'User.Allocate', 'Sys.Audit' ];
45 my $allow = $rpcenv->check_any($authuser, "/access", $privs, 1);
46 my $allowed_groups = $rpcenv->filter_groups($authuser, $privs, 1);
48 foreach my $group (keys %{$usercfg->{groups
}}) {
49 next if !($allow || $allowed_groups->{$group});
50 my $data = $usercfg->{groups
}->{$group};
51 my $entry = { groupid
=> $group };
52 $entry->{comment
} = $data->{comment
} if defined($data->{comment
});
59 __PACKAGE__-
>register_method ({
60 name
=> 'create_group',
65 check
=> ['perm', '/access', ['Sys.Modify']],
67 description
=> "Create new group.",
69 additionalProperties
=> 0,
71 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
72 comment
=> { type
=> 'string', optional
=> 1 },
75 returns
=> { type
=> 'null' },
79 PVE
::AccessControl
::lock_user_config
(
82 my $usercfg = cfs_read_file
("user.cfg");
84 my $group = $param->{groupid
};
86 die "group '$group' already exists\n"
87 if $usercfg->{groups
}->{$group};
89 $usercfg->{groups
}->{$group} = { users
=> {} };
91 $usercfg->{groups
}->{$group}->{comment
} = $param->{comment
} if $param->{comment
};
94 cfs_write_file
("user.cfg", $usercfg);
95 }, "create group failed");
100 __PACKAGE__-
>register_method ({
101 name
=> 'update_group',
106 check
=> ['perm', '/access', ['Sys.Modify']],
108 description
=> "Update group data.",
110 additionalProperties
=> 0,
112 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
113 comment
=> { type
=> 'string', optional
=> 1 },
116 returns
=> { type
=> 'null' },
120 PVE
::AccessControl
::lock_user_config
(
123 my $usercfg = cfs_read_file
("user.cfg");
125 my $group = $param->{groupid
};
127 my $data = $usercfg->{groups
}->{$group};
129 die "group '$group' does not exist\n"
132 $data->{comment
} = $param->{comment
} if defined($param->{comment
});
134 cfs_write_file
("user.cfg", $usercfg);
135 }, "update group failed");
140 __PACKAGE__-
>register_method ({
141 name
=> 'read_group',
145 check
=> ['perm', '/access', ['Sys.Audit']],
147 description
=> "Get group configuration.",
149 additionalProperties
=> 0,
151 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
156 additionalProperties
=> 0,
158 comment
=> { type
=> 'string', optional
=> 1 },
170 my $group = $param->{groupid
};
172 my $usercfg = cfs_read_file
("user.cfg");
174 my $data = $usercfg->{groups
}->{$group};
176 die "group '$group' does not exist\n" if !$data;
178 my $members = $data->{users
} ?
[ keys %{$data->{users
}} ] : [];
180 my $res = { members
=> $members };
182 $res->{comment
} = $data->{comment
} if defined($data->{comment
});
188 __PACKAGE__-
>register_method ({
189 name
=> 'delete_group',
194 check
=> ['perm', '/access', ['Sys.Modify']],
196 description
=> "Delete group.",
198 additionalProperties
=> 0,
200 groupid
=> { type
=> 'string' , format
=> 'pve-groupid' },
203 returns
=> { type
=> 'null' },
207 PVE
::AccessControl
::lock_user_config
(
210 my $usercfg = cfs_read_file
("user.cfg");
212 my $group = $param->{groupid
};
214 die "group '$group' does not exist\n"
215 if !$usercfg->{groups
}->{$group};
217 delete ($usercfg->{groups
}->{$group});
219 PVE
::AccessControl
::delete_group_acl
($group, $usercfg);
221 cfs_write_file
("user.cfg", $usercfg);
222 }, "delete group failed");