]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/CLI/pveum.pm
1 package PVE
::CLI
::pveum
;
6 use PVE
::AccessControl
;
7 use PVE
::RPCEnvironment
;
12 use PVE
::API2
::AccessControl
;
13 use PVE
::CLIFormatter
;
15 use PVE
::JSONSchema
qw(get_standard_option);
18 use PVE
::Tools
qw(extract_param);
20 use base
qw(PVE::CLIHandler);
22 sub setup_environment
{
23 PVE
::RPCEnvironment-
>setup_default_cli_env();
30 'change_password' => [
31 PVE
::CLIHandler
::get_standard_mapping
('pve-password'),
34 PVE
::CLIHandler
::get_standard_mapping
('pve-password', {
36 # do not accept values given on cmdline
37 return PVE
::PTY
::read_password
('Enter password: ');
43 return $mapping->{$name};
46 my $print_api_result = sub {
47 my ($data, $schema, $options) = @_;
48 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
51 my $print_perm_result = sub {
52 my ($data, $schema, $options) = @_;
54 if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
60 'path' => { type
=> 'string', title
=> 'ACL path' },
61 'permissions' => { type
=> 'string', title
=> 'Permissions' },
66 foreach my $path (sort keys %$data) {
68 my $curr = $data->{$path};
69 foreach my $perm (sort keys %$curr) {
70 $value .= "\n" if $value;
72 $value .= " (*)" if $curr->{$perm};
74 push @$table_data, { path
=> $path, permissions
=> $value };
76 PVE
::CLIFormatter
::print_api_result
($table_data, $table_schema, undef, $options);
77 print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
79 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
83 __PACKAGE__-
>register_method({
84 name
=> 'token_permissions',
85 path
=> 'token_permissions',
87 description
=> 'Retrieve effective permissions of given token.',
89 additionalProperties
=> 0,
91 userid
=> get_standard_option
('userid'),
92 tokenid
=> get_standard_option
('token-subid'),
93 path
=> get_standard_option
('acl-path', {
94 description
=> "Only dump this specific path, not the whole tree.",
101 description
=> 'Hash of structure "path" => "privilege" => "propagate boolean".',
106 my $token_subid = extract_param
($param, "tokenid");
107 $param->{userid
} = PVE
::AccessControl
::join_tokenid
($param->{userid
}, $token_subid);
109 return PVE
::API2
::AccessControl-
>permissions($param);
114 add
=> [ 'PVE::API2::User', 'create_user', ['userid'] ],
115 modify
=> [ 'PVE::API2::User', 'update_user', ['userid'] ],
116 delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
117 list
=> [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
118 permissions
=> [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
120 add
=> [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
121 modify
=> [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
122 remove
=> [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
123 list
=> [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
124 permissions
=> [ __PACKAGE__
, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
128 add
=> [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
129 modify
=> [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
130 delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
131 list
=> [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
134 add
=> [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
135 modify
=> [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
136 delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
137 list
=> [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
140 modify
=> [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
141 delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
142 list
=> [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
144 ticket
=> [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
147 print "$res->{ticket}\n";
150 passwd
=> [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
152 useradd
=> { alias
=> 'user add' },
153 usermod
=> { alias
=> 'user modify' },
154 userdel
=> { alias
=> 'user delete' },
156 groupadd
=> { alias
=> 'group add' },
157 groupmod
=> { alias
=> 'group modify' },
158 groupdel
=> { alias
=> 'group delete' },
160 roleadd
=> { alias
=> 'role add' },
161 rolemod
=> { alias
=> 'role modify' },
162 roledel
=> { alias
=> 'role delete' },
164 aclmod
=> { alias
=> 'acl modify' },
165 acldel
=> { alias
=> 'acl delete' },