1 package PVE
::API2
::User
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::Tools
qw(split_list);
7 use PVE
::AccessControl
;
8 use PVE
::JSONSchema
qw(get_standard_option);
12 use Data
::Dumper
; # fixme: remove
16 use base
qw(PVE::RESTHandler);
18 my $extract_user_data = sub {
19 my ($data, $full) = @_;
23 foreach my $prop (qw(enable expire firstname lastname email comment)) {
24 $res->{$prop} = $data->{$prop} if defined($data->{$prop});
27 return $res if !$full;
29 $res->{groups
} = $data->{groups
} ?
[ keys %{$data->{groups
}} ] : [];
34 __PACKAGE__-
>register_method ({
38 description
=> "User index.",
39 permissions
=> { user
=> 'all' },
41 additionalProperties
=> 0,
45 description
=> "Optional filter for enable property.",
55 userid
=> { type
=> 'string' },
58 links
=> [ { rel
=> 'child', href
=> "{userid}" } ],
63 my $rpcenv = PVE
::RPCEnvironment
::get
();
64 my $authuser = $rpcenv->get_user();
68 my $usercfg = cfs_read_file
("user.cfg");
70 foreach my $user (keys %{$usercfg->{users
}}) {
71 # root sees all entries, a user only sees its own entry
72 next if $authuser ne 'root@pam' && $user ne $authuser;
74 my $entry = &$extract_user_data($usercfg->{users
}->{$user});
76 if (defined($param->{enabled
})) {
77 next if $entry->{enable
} && !$param->{enabled
};
78 next if !$entry->{enable
} && $param->{enabled
};
81 $entry->{userid
} = $user;
88 __PACKAGE__-
>register_method ({
89 name
=> 'create_user',
93 description
=> "Create new user.",
95 additionalProperties
=> 0,
97 userid
=> get_standard_option
('userid'),
98 password
=> { type
=> 'string', optional
=> 1, minLength
=> 5, maxLength
=> 64 },
99 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list'},
100 firstname
=> { type
=> 'string', optional
=> 1 },
101 lastname
=> { type
=> 'string', optional
=> 1 },
102 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
103 comment
=> { type
=> 'string', optional
=> 1 },
105 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
111 description
=> "Enable the account (default). You can set this to '0' to disable the accout",
118 returns
=> { type
=> 'null' },
122 PVE
::AccessControl
::lock_user_config
(
125 my ($username, $ruid, $realm) = PVE
::AccessControl
::verify_username
($param->{userid
});
127 my $usercfg = cfs_read_file
("user.cfg");
129 die "user '$username' already exists\n"
130 if $usercfg->{users
}->{$username};
132 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
133 if defined($param->{password
});
135 my $enable = defined($param->{enable
}) ?
$param->{enable
} : 1;
136 $usercfg->{users
}->{$username} = { enable
=> $enable };
137 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if $param->{expire
};
139 if ($param->{groups
}) {
140 foreach my $group (split_list
($param->{groups
})) {
141 if ($usercfg->{groups
}->{$group}) {
142 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
144 die "no such group '$group'\n";
149 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if $param->{firstname
};
150 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if $param->{lastname
};
151 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if $param->{email
};
152 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if $param->{comment
};
154 cfs_write_file
("user.cfg", $usercfg);
155 }, "create user failed");
160 __PACKAGE__-
>register_method ({
164 description
=> "Get user configuration.",
166 additionalProperties
=> 0,
168 userid
=> get_standard_option
('userid'),
172 additionalProperties
=> 0,
174 enable
=> { type
=> 'boolean' },
175 expire
=> { type
=> 'integer', optional
=> 1 },
176 firstname
=> { type
=> 'string', optional
=> 1 },
177 lastname
=> { type
=> 'string', optional
=> 1 },
178 email
=> { type
=> 'string', optional
=> 1 },
179 comment
=> { type
=> 'string', optional
=> 1 },
180 groups
=> { type
=> 'array' },
186 my ($username, undef, $domain) =
187 PVE
::AccessControl
::verify_username
($param->{userid
});
189 my $usercfg = cfs_read_file
("user.cfg");
191 my $data = $usercfg->{users
}->{$username};
193 die "user '$username' does not exist\n" if !$data;
195 return &$extract_user_data($data, 1);
198 __PACKAGE__-
>register_method ({
199 name
=> 'update_user',
203 description
=> "Update user configuration.",
205 additionalProperties
=> 0,
207 userid
=> get_standard_option
('userid'),
208 password
=> { type
=> 'string', optional
=> 1, minLength
=> 5, maxLength
=> 64 },
209 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list' },
213 requires
=> 'groups',
216 description
=> "Enable/disable the account.",
220 firstname
=> { type
=> 'string', optional
=> 1 },
221 lastname
=> { type
=> 'string', optional
=> 1 },
222 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
223 comment
=> { type
=> 'string', optional
=> 1 },
225 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
232 returns
=> { type
=> 'null' },
236 PVE
::AccessControl
::lock_user_config
(
239 my ($username, $ruid, $realm) =
240 PVE
::AccessControl
::verify_username
($param->{userid
});
242 my $usercfg = cfs_read_file
("user.cfg");
244 die "user '$username' does not exist\n"
245 if !$usercfg->{users
}->{$username};
247 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
248 if defined($param->{password
});
250 $usercfg->{users
}->{$username}->{enable
} = $param->{enable
} if defined($param->{enable
});
252 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if defined($param->{expire
});
254 PVE
::AccessControl
::delete_user_group
($username, $usercfg)
255 if (!$param->{append
} && defined($param->{groups
}));
257 if ($param->{groups
}) {
258 foreach my $group (split_list
($param->{groups
})) {
259 if ($usercfg->{groups
}->{$group}) {
260 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
262 die "no such group '$group'\n";
267 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if defined($param->{firstname
});
268 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if defined($param->{lastname
});
269 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if defined($param->{email
});
270 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if defined($param->{comment
});
272 cfs_write_file
("user.cfg", $usercfg);
273 }, "update user failed");
278 __PACKAGE__-
>register_method ({
279 name
=> 'delete_user',
283 description
=> "Delete user.",
285 additionalProperties
=> 0,
287 userid
=> get_standard_option
('userid'),
290 returns
=> { type
=> 'null' },
294 PVE
::AccessControl
::lock_user_config
(
297 my ($username, $ruid, $realm) =
298 PVE
::AccessControl
::verify_username
($param->{userid
});
300 my $usercfg = cfs_read_file
("user.cfg");
302 die "user '$username' does not exist\n"
303 if !$usercfg->{users
}->{$username};
305 delete ($usercfg->{users
}->{$username});
307 PVE
::AccessControl
::delete_shadow_password
($ruid) if $realm eq 'pve';
308 PVE
::AccessControl
::delete_user_group
($username, $usercfg);
309 PVE
::AccessControl
::delete_user_acl
($username, $usercfg);
311 cfs_write_file
("user.cfg", $usercfg);
312 }, "delete user failed");