1 package PVE
::API2
::Role
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use Data
::Dumper
; # fixme: remove
14 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
20 description
=> "Role index.",
22 additionalProperties
=> 0,
30 roleid
=> { type
=> 'string' },
33 links
=> [ { rel
=> 'child', href
=> "{roleid}" } ],
40 my $usercfg = cfs_read_file
("user.cfg");
42 foreach my $role (keys %{$usercfg->{roles
}}) {
43 my $privs = join(',', sort keys %{$usercfg->{roles
}->{$role}});
44 push @$res, { roleid
=> $role, privs
=> $privs };
50 __PACKAGE__-
>register_method ({
51 name
=> 'create_role',
55 description
=> "Create new role.",
57 additionalProperties
=> 0,
59 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
60 privs
=> { type
=> 'string' , format
=> 'pve-priv-list', optional
=> 1 },
63 returns
=> { type
=> 'null' },
67 PVE
::AccessControl
::lock_user_config
(
70 my $usercfg = cfs_read_file
("user.cfg");
72 my $role = $param->{roleid
};
74 die "role '$role' already exists\n"
75 if $usercfg->{roles
}->{$role};
77 $usercfg->{roles
}->{$role} = {};
79 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
81 cfs_write_file
("user.cfg", $usercfg);
82 }, "create role failed");
87 __PACKAGE__-
>register_method ({
88 name
=> 'update_role',
92 description
=> "Create new role.",
94 additionalProperties
=> 0,
96 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
97 privs
=> { type
=> 'string' , format
=> 'pve-priv-list' },
105 returns
=> { type
=> 'null' },
109 PVE
::AccessControl
::lock_user_config
(
112 my $role = $param->{roleid
};
114 my $usercfg = cfs_read_file
("user.cfg");
116 die "role '$role' does not exist\n"
117 if !$usercfg->{roles
}->{$role};
119 $usercfg->{roles
}->{$role} = {} if !$param->{append
};
121 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
123 cfs_write_file
("user.cfg", $usercfg);
124 }, "update role failed");
129 # fixme: return format!
130 __PACKAGE__-
>register_method ({
134 description
=> "Get role configuration.",
136 additionalProperties
=> 0,
138 roleid
=> { type
=> 'string' , format
=> 'pve-roleid' },
145 my $usercfg = cfs_read_file
("user.cfg");
147 my $role = $param->{roleid
};
149 my $data = $usercfg->{roles
}->{$role};
151 die "role '$role' does not exist\n" if !$data;
157 __PACKAGE__-
>register_method ({
158 name
=> 'delete_role',
162 description
=> "Delete role.",
164 additionalProperties
=> 0,
166 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
169 returns
=> { type
=> 'null' },
173 PVE
::AccessControl
::lock_user_config
(
176 my $role = $param->{roleid
};
178 my $usercfg = cfs_read_file
("user.cfg");
180 die "role '$role' does not exist\n"
181 if !$usercfg->{roles
}->{$role};
183 delete ($usercfg->{roles
}->{$role});
185 # fixme: delete role from acl?
187 cfs_write_file
("user.cfg", $usercfg);
188 }, "delete role failed");