user white/blacklist: allow multiple entries for adding/deleting

[pmg-api.git] / PMG / RESTEnvironment.pm

diff --git a/PMG/RESTEnvironment.pm b/PMG/RESTEnvironment.pm
index 89cd34f46ec3fe580afa32233610e3e3f17719e9..3875720e40f9776eb8a20708f525960d37fca855 100644 (file)
--- a/PMG/RESTEnvironment.pm
+++ b/PMG/RESTEnvironment.pm
@@ -5,6 +5,7 @@ use warnings;
 
 use PVE::INotify;
 use PVE::RESTEnvironment;
+use PVE::Exception qw(raise_perm_exc);
 
 use PMG::Cluster;
 use PMG::ClusterConfig;
@@ -37,6 +38,7 @@ sub init_request {
     
     $self->{ticket} = undef;
     $self->{role} = undef;
+    $self->{format} = undef;
     $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
     $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
 }
@@ -50,6 +52,18 @@ sub setup_default_cli_env {
     $rest_env->set_role('root');
 }
 
+sub set_format {
+    my ($self, $ticket) = @_;
+
+    $self->{format} = $ticket;
+}
+
+sub get_format {
+    my ($self) = @_;
+
+    return $self->{format} // 'json';
+}
+
 sub set_ticket {
     my ($self, $ticket) = @_;
 
@@ -89,7 +103,7 @@ sub check_node_is_master {
 sub check_api2_permissions {
     my ($self, $perm, $uri_param) = @_;
 
-    my $username = $self->get_user();
+    my $username = $self->get_user(1);
 
     return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
 
@@ -104,6 +118,11 @@ sub check_api2_permissions {
     my $role = $self->{role};
 
     if (my $allowed_roles = $perm->{check}) {
+       if ($role eq 'helpdesk') {
+           # helpdesk is qmanager + audit
+           return 1 if grep { $_ eq 'audit' } @$allowed_roles;
+           return 1 if grep { $_ eq 'qmanager' } @$allowed_roles;
+       }
        return 1 if grep { $_ eq $role } @$allowed_roles;
     }