X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=PVE%2FAPI2%2FUser.pm;h=8b063641178197feecb376ecd42041e2675feca9;hb=adf8d771d04a48f12386ac485437232620d65494;hp=0637f765fda580392562bdfd35a175aa098e2a1e;hpb=2c3a6c0aaac7fbdaeb26bc5a596d21e897f3343a;p=pve-access-control.git diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm index 0637f76..8b06364 100644 --- a/PVE/API2/User.pm +++ b/PVE/API2/User.pm @@ -36,9 +36,16 @@ __PACKAGE__->register_method ({ path => '', method => 'GET', description => "User index.", + permissions => { user => 'all' }, parameters => { additionalProperties => 0, - properties => {}, + properties => { + enabled => { + type => 'boolean', + description => "Optional filter for enable property.", + optional => 1, + } + }, }, returns => { type => 'array', @@ -53,14 +60,24 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; + my $rpcenv = PVE::RPCEnvironment::get(); + my $authuser = $rpcenv->get_user(); + my $res = []; my $usercfg = cfs_read_file("user.cfg"); foreach my $user (keys %{$usercfg->{users}}) { - next if $user eq 'root'; + # root sees all entries, a user only sees its own entry + next if $authuser ne 'root@pam' && $user ne $authuser; my $entry = &$extract_user_data($usercfg->{users}->{$user}); + + if (defined($param->{enabled})) { + next if $entry->{enable} && !$param->{enabled}; + next if !$entry->{enable} && $param->{enabled}; + } + $entry->{userid} = $user; push @$res, $entry; } @@ -78,7 +95,7 @@ __PACKAGE__->register_method ({ additionalProperties => 0, properties => { userid => get_standard_option('userid'), - password => { type => 'string', optional => 1 }, + password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 }, groups => { type => 'string', optional => 1, format => 'pve-groupid-list'}, firstname => { type => 'string', optional => 1 }, lastname => { type => 'string', optional => 1 }, @@ -113,7 +130,7 @@ __PACKAGE__->register_method ({ if $usercfg->{users}->{$username}; PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password}) - if $param->{password}; + if defined($param->{password}); my $enable = defined($param->{enable}) ? $param->{enable} : 1; $usercfg->{users}->{$username} = { enable => $enable }; @@ -188,7 +205,7 @@ __PACKAGE__->register_method ({ additionalProperties => 0, properties => { userid => get_standard_option('userid'), - password => { type => 'string', optional => 1 }, + password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 }, groups => { type => 'string', optional => 1, format => 'pve-groupid-list' }, append => { type => 'boolean', @@ -228,14 +245,14 @@ __PACKAGE__->register_method ({ if !$usercfg->{users}->{$username}; PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password}) - if $param->{password}; + if defined($param->{password}); $usercfg->{users}->{$username}->{enable} = $param->{enable} if defined($param->{enable}); $usercfg->{users}->{$username}->{expire} = $param->{expire} if defined($param->{expire}); PVE::AccessControl::delete_user_group($username, $usercfg) - if (!$param->{append} && $param->{groups}); + if (!$param->{append} && defined($param->{groups})); if ($param->{groups}) { foreach my $group (split_list($param->{groups})) {