X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FCluster.pm;h=0f6b98cea2fffcef505707e0c20bf9eca354213c;hb=0ec568419a0dea71837619013fef92cfb84948c4;hp=8f1deefece76041d065f58e72dcadaaa1b7ff792;hpb=947d6ea2edcfdb445c8258462b082c3ffcf397d9;p=pve-firewall.git

diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Cluster.pm
index 8f1deef..0f6b98c 100644
--- a/src/PVE/API2/Firewall/Cluster.pm
+++ b/src/PVE/API2/Firewall/Cluster.pm
@@ -106,6 +106,9 @@ __PACKAGE__->register_method({
     path => 'options',
     method => 'GET',
     description => "Get Firewall options.",
+    permissions => {
+	check => ['perm', '/', [ 'Sys.Audit' ]],
+    },
     parameters => {
     	additionalProperties => 0,
     },
@@ -129,6 +132,9 @@ __PACKAGE__->register_method({
     method => 'PUT',
     description => "Set Firewall options.",
     protected => 1,
+    permissions => {
+	check => ['perm', '/', [ 'Sys.Modify' ]],
+    },
     parameters => {
     	additionalProperties => 0,
 	properties => &$add_option_properties({
@@ -176,6 +182,7 @@ __PACKAGE__->register_method({
     path => 'macros',
     method => 'GET',
     description => "List available macros",
+    permissions => { user => 'all' },
     parameters => {
     	additionalProperties => 0,
     },
@@ -214,9 +221,19 @@ __PACKAGE__->register_method({
     path => 'refs',
     method => 'GET',
     description => "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
+    permissions => {
+	check => ['perm', '/', [ 'Sys.Audit' ]],
+    },
     parameters => {
 	additionalProperties => 0,
-	properties => {},
+	properties => {
+	    type => {
+		description => "Only list references of specified type.",
+		type => 'string',
+		enum => ['alias', 'ipset'],
+		optional => 1,
+	    },
+	},
     },
     returns => {
 	type => 'array',
@@ -247,27 +264,31 @@ __PACKAGE__->register_method({
 
 	my $res = [];
 
-	foreach my $name (keys %{$conf->{ipset}}) {
-	    my $data = {
-		type => 'ipset',
-		name => $name,
-		ref => "+$name",
-	    };
-	    if (my $comment = $conf->{ipset_comments}->{$name}) {
-		$data->{comment} = $comment;
+	if (!$param->{type} || $param->{type} eq 'ipset') {
+	    foreach my $name (keys %{$conf->{ipset}}) {
+		my $data = {
+		    type => 'ipset',
+		    name => $name,
+		    ref => "+$name",
+		};
+		if (my $comment = $conf->{ipset_comments}->{$name}) {
+		    $data->{comment} = $comment;
+		}
+		push @$res, $data;
 	    }
-	    push @$res, $data;
 	}
 
-	foreach my $name (keys %{$conf->{aliases}}) {
-	    my $e = $conf->{aliases}->{$name};
-	    my $data = {
-		type => 'alias',
-		name => $name,
-		ref => $name,
-	    };
-	    $data->{comment} = $e->{comment} if $e->{comment};
-	    push @$res, $data;
+	if (!$param->{type} || $param->{type} eq 'alias') {
+	    foreach my $name (keys %{$conf->{aliases}}) {
+		my $e = $conf->{aliases}->{$name};
+		my $data = {
+		    type => 'alias',
+		    name => $name,
+		    ref => $name,
+		};
+		$data->{comment} = $e->{comment} if $e->{comment};
+		push @$res, $data;
+	    }
 	}
 
 	return $res;