X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=src%2FPVE%2FAPI2%2FFirewall%2FGroups.pm;h=8f94b6df72f58bc41bffb9da4e2ea9068cee22fb;hb=2f46ee4f78ab45a13f6ca2830bcbaf45a8e8fe7a;hp=6d9117b00b9eb009face835c7d898e2f16baea6b;hpb=1210ae94fb22cd0d52f5a0f3453a2fb9409b4298;p=pve-firewall.git diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm index 6d9117b..8f94b6d 100644 --- a/src/PVE/API2/Firewall/Groups.pm +++ b/src/PVE/API2/Firewall/Groups.pm @@ -8,7 +8,6 @@ use PVE::Exception qw(raise raise_param_exc); use PVE::Firewall; use PVE::API2::Firewall::Rules; -use Data::Dumper; # fixme: remove use base qw(PVE::RESTHandler); @@ -16,7 +15,7 @@ my $get_security_group_list = sub { my ($cluster_conf) = @_; my $res = []; - foreach my $group (keys %{$cluster_conf->{groups}}) { + foreach my $group (sort keys %{$cluster_conf->{groups}}) { my $data = { group => $group, }; @@ -36,6 +35,7 @@ __PACKAGE__->register_method({ path => '', method => 'GET', description => "List security groups.", + permissions => { user => 'all' }, parameters => { additionalProperties => 0, properties => {}, @@ -69,6 +69,9 @@ __PACKAGE__->register_method({ method => 'POST', description => "Create new security group.", protected => 1, + permissions => { + check => ['perm', '/', [ 'Sys.Modify' ]], + }, parameters => { additionalProperties => 0, properties => { @@ -97,6 +100,11 @@ __PACKAGE__->register_method({ raise_param_exc({ group => "Security group '$param->{rename}' does not exists" }) if !$cluster_conf->{groups}->{$param->{rename}}; + # prevent overwriting an existing group + raise_param_exc({ group => "Security group '$param->{group}' does already exist" }) + if $cluster_conf->{groups}->{$param->{group}} && + $param->{group} ne $param->{rename}; + my $data = delete $cluster_conf->{groups}->{$param->{rename}}; $cluster_conf->{groups}->{$param->{group}} = $data; if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {