api: open up /cluster/options call over injecting info into /version

To avoid returning unrelated information in the /version api call in
the future use the API endpoint that'd return the relevant
information basically anyway.

It contains most ui relevant options, like the console preference and
tag-style so allow these for users without 'Sys.Audit' on '/', for
others its unchanged, they still get the whole datacenter config.

We also add the list of allowed tags, while not strictly a datacenter
config, it's derived from the current users privileges and the
datacenter config.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/API2.pm b/PVE/API2.pm
index a42561604fb2e317e873ba47129a637ce7c68e05..6703b941a73e0159edefdcb58ee3e2e8f6cbb1ac 100644 (file)
--- a/PVE/API2.pm
+++ b/PVE/API2.pm
@@ -5,6 +5,7 @@ use warnings;
 
 use PVE::pvecfg;
 use PVE::DataCenterConfig;
+use PVE::GuestHelpers;
 use PVE::RESTHandler;
 use PVE::JSONSchema;
 
@@ -118,6 +119,7 @@ __PACKAGE__->register_method ({
 
        my $res = {};
 
+       # TODO remove with next major release
        my $datacenter_confg = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
        for my $k (qw(console)) {
            $res->{$k} = $datacenter_confg->{$k} if exists $datacenter_confg->{$k};
@@ -129,5 +131,4 @@ __PACKAGE__->register_method ({
 
        return $res;
     }});
-
 1;

diff --git a/PVE/API2/Cluster.pm b/PVE/API2/Cluster.pm
index 3ca85caa4dd5f3f2a2e9ee62c3fdc88da8f797c0..a06dc83a223c0197e92c6f564ed654400bb6e511 100644 (file)
--- a/PVE/API2/Cluster.pm
+++ b/PVE/API2/Cluster.pm
@@ -10,6 +10,7 @@ use PVE::Cluster qw(cfs_register_file cfs_lock_file cfs_read_file cfs_write_file
 use PVE::DataCenterConfig;
 use PVE::Exception qw(raise_param_exc);
 use PVE::Firewall;
+use PVE::GuestHelpers;
 use PVE::HA::Config;
 use PVE::HA::Env::PVE2;
 use PVE::INotify;
@@ -542,8 +543,9 @@ __PACKAGE__->register_method({
     name => 'get_options',
     path => 'options',
     method => 'GET',
-    description => "Get datacenter options.",
+    description => "Get datacenter options. Without 'Sys.Audit' on '/' not all options are returned.",
     permissions => {
+       user => 'all',
        check => ['perm', '/', [ 'Sys.Audit' ]],
     },
     parameters => {
@@ -557,7 +559,25 @@ __PACKAGE__->register_method({
     code => sub {
        my ($param) = @_;
 
-       return PVE::Cluster::cfs_read_file('datacenter.cfg');
+       my $res = {};
+
+       my $rpcenv = PVE::RPCEnvironment::get();
+       my $authuser = $rpcenv->get_user();
+
+       my $datacenter_config = eval { PVE::Cluster::cfs_read_file('datacenter.cfg') } // {};
+
+       if ($rpcenv->check($authuser, '/', ['Sys.Audit'], 1)) {
+           $res = $datacenter_config;
+       } else {
+           for my $k (qw(console tag-style)) {
+               $res->{$k} = $datacenter_config->{$k} if exists $datacenter_config->{$k};
+           }
+       }
+
+       my $tags = PVE::GuestHelpers::get_allowed_tags($rpcenv, $authuser);
+       $res->{'allowed-tags'} = [sort keys $tags->%*];
+
+       return $res;
     }});
 
 __PACKAGE__->register_method({