fix ruledb permissions

diff --git a/PMG/API2/Action.pm b/PMG/API2/Action.pm
index 2001382c2a30f9d8b4ab211438730b8df0c29811..d82ff140c0d0e389e7a73bc79c3f7677fe3e1fbe 100644 (file)
--- a/PMG/API2/Action.pm
+++ b/PMG/API2/Action.pm
@@ -55,6 +55,7 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -85,6 +86,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "List 'actions' objects.",
     proxyto => 'master',
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -122,6 +124,7 @@ __PACKAGE__->register_method ({
     description => "Delete 'actions' object.",
     proxyto => 'master',
     protected => 1,
+    permissions => { check => [ 'admin' ] },
     parameters => {
        additionalProperties => 0,
        properties => { id => $id_property }
@@ -190,6 +193,7 @@ my $register_action_api = sub {
        description => "Create '$otype_text' object.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => $create_properties,
@@ -217,6 +221,7 @@ my $register_action_api = sub {
        method => 'GET',
        description => "Read '$otype_text' object settings.",
        proxyto => 'master',
+       permissions => { check => [ 'admin', 'audit' ] },
        parameters => {
            additionalProperties => 0,
            properties => $read_properties,
@@ -244,6 +249,7 @@ my $register_action_api = sub {
        description => "Update '$otype_text' object.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => $update_properties,

diff --git a/PMG/API2/ObjectGroupHelpers.pm b/PMG/API2/ObjectGroupHelpers.pm
index fe8f5903be2e65fb12411d6dbe6c582d60b1bc8f..48078fb26daf2c99665abec622410ca4afe6df5c 100644 (file)
--- a/PMG/API2/ObjectGroupHelpers.pm
+++ b/PMG/API2/ObjectGroupHelpers.pm
@@ -62,6 +62,7 @@ sub register_group_list_api {
        method => 'GET',
        description => "Get list of '$oclass' groups.",
        proxyto => 'master',
+       permissions => { check => [ 'admin', 'audit' ] },
        parameters => {
            additionalProperties => 0,
            properties => {},
@@ -92,6 +93,7 @@ sub register_group_list_api {
        description => "Create a new '$oclass' group.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -131,6 +133,7 @@ sub register_delete_object_group_api {
        description => "Delete a '$oclass' group.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -161,6 +164,7 @@ sub register_object_group_config_api {
        method => 'GET',
        description => "Get '$oclass' group properties",
        proxyto => 'master',
+       permissions => { check => [ 'admin', 'audit' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -202,6 +206,7 @@ sub register_object_group_config_api {
        description => "Modify '$oclass' group properties",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -256,6 +261,7 @@ sub register_objects_api {
        method => 'GET',
        description => "List '$oclass' group objects.",
        proxyto => 'master',
+       permissions => { check => [ 'admin', 'audit' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -298,6 +304,7 @@ sub register_objects_api {
        description => "Remove an object from the '$oclass' group.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {

diff --git a/PMG/API2/RuleDB.pm b/PMG/API2/RuleDB.pm
index bbb231e1f6c99ab71780cb6fa81c237a5b5d3e83..6349bd6f705b46fe4f297271d4f8e70bb97396d5 100644 (file)
--- a/PMG/API2/RuleDB.pm
+++ b/PMG/API2/RuleDB.pm
@@ -32,6 +32,7 @@ __PACKAGE__->register_method ({
        additionalProperties => 0,
        properties => {},
     },
+    permissions => { check => [ 'admin', 'audit' ] },
     returns => {
        type => 'array',
        items => {
@@ -86,6 +87,7 @@ __PACKAGE__->register_method({
        additionalProperties => 0,
        properties => {},
     },
+    permissions => { check => [ 'admin', 'audit' ] },
     returns => { type => 'string' },
     code => sub {
        my ($param) = @_;
@@ -102,6 +104,7 @@ __PACKAGE__->register_method({
     method => 'GET',
     description => "Get list of rules.",
     proxyto => 'master',
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -155,6 +158,7 @@ __PACKAGE__->register_method({
     description => "Create new rule.",
     proxyto => 'master',
     protected => 1,
+    permissions => { check => [ 'admin' ] },
     parameters => {
        additionalProperties => 0,
        properties => {

diff --git a/PMG/API2/Rules.pm b/PMG/API2/Rules.pm
index 2d61f045b835a8a3bd962381eebe478e842d5099..3b2eb3e679fb2672b1c5d8fa4a0a5f55200388ae 100644 (file)
--- a/PMG/API2/Rules.pm
+++ b/PMG/API2/Rules.pm
@@ -24,6 +24,7 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -68,6 +69,7 @@ __PACKAGE__->register_method ({
     description => "Delete rule.",
     proxyto => 'master',
     protected => 1,
+    permissions => { check => [ 'admin' ] },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -98,6 +100,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "Get common rule properties.",
     proxyto => 'master',
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -140,6 +143,7 @@ __PACKAGE__->register_method ({
     description => "Set rule properties.",
     proxyto => 'master',
     protected => 1,
+    permissions => { check => [ 'admin' ] },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -206,6 +210,7 @@ my $register_rule_group_api = sub {
        method => 'GET',
        description => "Get '$name' group list.",
        proxyto => 'master',
+       permissions => { check => [ 'admin', 'audit' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -244,6 +249,7 @@ my $register_rule_group_api = sub {
        description => "Add  group to '$name' list.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {
@@ -279,6 +285,7 @@ my $register_rule_group_api = sub {
        description => "Delete group from '$name' list.",
        proxyto => 'master',
        protected => 1,
+       permissions => { check => [ 'admin' ] },
        parameters => {
            additionalProperties => 0,
            properties => {

diff --git a/PMG/API2/What.pm b/PMG/API2/What.pm
index 115afd63cdeb3d94cdba515bda1521e57192d005..a261b4ad0db02ec491b529f4b219a03e3fdb3831 100644 (file)
--- a/PMG/API2/What.pm
+++ b/PMG/API2/What.pm
@@ -23,6 +23,7 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {

diff --git a/PMG/API2/When.pm b/PMG/API2/When.pm
index 40457ef069dec297eb1543f77eab0de3d43d9f86..696cd27a366b5bef00a9ded3002eacd986fa2a66 100644 (file)
--- a/PMG/API2/When.pm
+++ b/PMG/API2/When.pm
@@ -23,6 +23,7 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {

diff --git a/PMG/API2/Who.pm b/PMG/API2/Who.pm
index ba0b774b5843645e9a43f5fa355c49faec75c4d9..7b5177fb27050d3e3667ef41f44a2cdc3fa5719c 100644 (file)
--- a/PMG/API2/Who.pm
+++ b/PMG/API2/Who.pm
@@ -29,6 +29,7 @@ __PACKAGE__->register_method ({
     path => '',
     method => 'GET',
     description => "Directory index.",
+    permissions => { check => [ 'admin', 'audit' ] },
     parameters => {
        additionalProperties => 0,
        properties => {