1 package PVE
::API2
::Role
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use Data
::Dumper
; # fixme: remove
14 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
20 description
=> "Role index.",
25 additionalProperties
=> 0,
33 roleid
=> { type
=> 'string' },
36 links
=> [ { rel
=> 'child', href
=> "{roleid}" } ],
43 my $usercfg = cfs_read_file
("user.cfg");
45 foreach my $role (keys %{$usercfg->{roles
}}) {
46 my $privs = join(',', sort keys %{$usercfg->{roles
}->{$role}});
47 push @$res, { roleid
=> $role, privs
=> $privs };
53 __PACKAGE__-
>register_method ({
54 name
=> 'create_role',
59 check
=> ['perm', '/access', ['Sys.Modify']],
61 description
=> "Create new role.",
63 additionalProperties
=> 0,
65 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
66 privs
=> { type
=> 'string' , format
=> 'pve-priv-list', optional
=> 1 },
69 returns
=> { type
=> 'null' },
73 PVE
::AccessControl
::lock_user_config
(
76 my $usercfg = cfs_read_file
("user.cfg");
78 my $role = $param->{roleid
};
80 die "role '$role' already exists\n"
81 if $usercfg->{roles
}->{$role};
83 $usercfg->{roles
}->{$role} = {};
85 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
87 cfs_write_file
("user.cfg", $usercfg);
88 }, "create role failed");
93 __PACKAGE__-
>register_method ({
94 name
=> 'update_role',
99 check
=> ['perm', '/access', ['Sys.Modify']],
101 description
=> "Create new role.",
103 additionalProperties
=> 0,
105 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
106 privs
=> { type
=> 'string' , format
=> 'pve-priv-list' },
114 returns
=> { type
=> 'null' },
118 PVE
::AccessControl
::lock_user_config
(
121 my $role = $param->{roleid
};
123 my $usercfg = cfs_read_file
("user.cfg");
125 die "role '$role' does not exist\n"
126 if !$usercfg->{roles
}->{$role};
128 $usercfg->{roles
}->{$role} = {} if !$param->{append
};
130 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
132 cfs_write_file
("user.cfg", $usercfg);
133 }, "update role failed");
138 # fixme: return format!
139 __PACKAGE__-
>register_method ({
146 description
=> "Get role configuration.",
148 additionalProperties
=> 0,
150 roleid
=> { type
=> 'string' , format
=> 'pve-roleid' },
157 my $usercfg = cfs_read_file
("user.cfg");
159 my $role = $param->{roleid
};
161 my $data = $usercfg->{roles
}->{$role};
163 die "role '$role' does not exist\n" if !$data;
169 __PACKAGE__-
>register_method ({
170 name
=> 'delete_role',
175 check
=> ['perm', '/access', ['Sys.Modify']],
177 description
=> "Delete role.",
179 additionalProperties
=> 0,
181 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
184 returns
=> { type
=> 'null' },
188 PVE
::AccessControl
::lock_user_config
(
191 my $role = $param->{roleid
};
193 my $usercfg = cfs_read_file
("user.cfg");
195 die "role '$role' does not exist\n"
196 if !$usercfg->{roles
}->{$role};
198 delete ($usercfg->{roles
}->{$role});
200 # fixme: delete role from acl?
202 cfs_write_file
("user.cfg", $usercfg);
203 }, "delete role failed");