use PVE::Tools;
use PVE::APIServer::AnyEvent;
use PVE::Exception qw(raise_param_exc);
-use PVE::RESTEnvironment;
+use PMG::RESTEnvironment;
use PMG::Ticket;
use PMG::Cluster;
my $self = $class->SUPER::new(%args);
- $self->{rpcenv} = PVE::RESTEnvironment->init(
+ $self->{rpcenv} = PMG::RESTEnvironment->init(
$self->{trusted_env} ? 'priv' : 'pub', atfork => sub { $self->atfork_handler() });
return $self;
# set environment variables
$rpcenv->set_user(undef);
+ $rpcenv->set_role(undef);
$rpcenv->set_language('C');
$rpcenv->set_client_ip($peer_host);
die "No ticket\n" if !$ticket;
- ($username, $age) = PMG::Ticket::verify_ticket($ticket);
+ if ($ticket =~ m/^PMGQUAR:/) {
+ ($username, $age) = PMG::Ticket::verify_quarantine_ticket($ticket);
+ $rpcenv->set_user($username);
+ $rpcenv->set_role('quser');
+ } else {
+ ($username, $age) = PMG::Ticket::verify_ticket($ticket);
+ my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);
+ $rpcenv->set_user($username);
+ $rpcenv->set_role($role);
+ }
- $rpcenv->set_user($username);
+ $rpcenv->set_ticket($ticket);
my $euid = $>;
PMG::Ticket::verify_csrf_prevention_token($username, $token)
}
sub rest_handler {
- my ($self, $clientip, $method, $rel_uri, $auth, $params) = @_;
+ my ($self, $clientip, $method, $rel_uri, $auth, $params, $format) = @_;
my $rpcenv = $self->{rpcenv};
+ $rpcenv->set_format($format);
my $resp = {
status => HTTP_NOT_IMPLEMENTED,
}
# check access permissions
- $rpcenv->check_api2_permissions($info->{permissions}, $auth->{userid}, $uri_param);
+ $rpcenv->check_api2_permissions($info->{permissions}, $uri_param);
- if ($info->{proxyto}) {
- my $pn = $info->{proxyto};
+ if (my $pn = $info->{proxyto}) {
my $node;
if ($pn eq 'master') {
return;
}
+ if (my $pn = $info->{proxyto}) {
+ if ($pn eq 'master') {
+ $rpcenv->check_node_is_master();
+ }
+ }
+
$resp = {
data => $handler->handle($info, $uri_param),
info => $info, # useful to format output
my $err = $@;
$rpcenv->set_user(undef); # clear after request
+ $rpcenv->set_role(undef); # clear after request
+ $rpcenv->set_format(undef); # clear after request
if ($err) {
$resp = { info => $info };