use PVE::INotify;
use PVE::RESTEnvironment;
+use PVE::Exception qw(raise_perm_exc);
use PMG::Cluster;
use PMG::ClusterConfig;
$self->SUPER::init_request(%params);
$self->{ticket} = undef;
+ $self->{role} = undef;
+ $self->{format} = undef;
$self->{cinfo} = PVE::INotify::read_file("cluster.conf");
$self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
}
+sub setup_default_cli_env {
+ my ($class, $username) = @_;
+
+ $class->SUPER::setup_default_cli_env($username);
+
+ my $rest_env = $class->get();
+ $rest_env->set_role('root');
+}
+
+sub set_format {
+ my ($self, $ticket) = @_;
+
+ $self->{format} = $ticket;
+}
+
+sub get_format {
+ my ($self) = @_;
+
+ return $self->{format} // 'json';
+}
+
sub set_ticket {
my ($self, $ticket) = @_;
return $self->{ticket};
}
+sub set_role {
+ my ($self, $user) = @_;
+
+ $self->{role} = $user;
+}
+
+sub get_role {
+ my ($self) = @_;
+
+ return $self->{role};
+}
+
sub check_node_is_master {
my ($self, $noerr);
}
sub check_api2_permissions {
- my ($self, $perm, $username, $uri_param) = @_;
+ my ($self, $perm, $uri_param) = @_;
+
+ my $username = $self->get_user(1);
return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
return 1 if $perm->{user} && $perm->{user} eq 'all';
- my $role = PMG::AccessControl::check_user_enabled($self->{usercfg}, $username);
+ my $role = $self->{role};
if (my $allowed_roles = $perm->{check}) {
+ if ($role eq 'helpdesk') {
+ # helpdesk is qmanager + audit
+ return 1 if grep { $_ eq 'audit' } @$allowed_roles;
+ return 1 if grep { $_ eq 'qmanager' } @$allowed_roles;
+ }
return 1 if grep { $_ eq $role } @$allowed_roles;
}
projects / pmg-api.git / blobdiff