src/api2/access/acl.rs: add access permissions

author Dietmar Maurer <dietmar@proxmox.com>

Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)
diff --git a/src/api2/access/acl.rs b/src/api2/access/acl.rs

index a97d02395eb2922ab89576aa9001691f1748273a..82d89072f409f864c2a8336806a26258dac88464 100644 (file)
--- a/src/api2/access/acl.rs
+++ b/src/api2/access/acl.rs
@@ -1,11 +1,12 @@
  use failure::*;
  use ::serde::{Deserialize, Serialize};
  
-use proxmox::api::{api, Router, RpcEnvironment};
+use proxmox::api::{api, Router, RpcEnvironment, Permission};
  use proxmox::api::schema::{Schema, StringSchema, BooleanSchema, ApiStringFormat};
  
  use crate::api2::types::*;
  use crate::config::acl;
+use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
  
  pub const ACL_PROPAGATE_SCHEMA: Schema = BooleanSchema::new(
      "Allow to propagate (inherit) permissions.")
@@ -119,7 +120,10 @@ fn extract_acl_node_data(
          items: {
              type: AclListItem,
          }
-    }
+    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
  )]
  /// Read Access Control List (ACLs).
  pub fn read_acl(
@@ -169,6 +173,9 @@ pub fn read_acl(
              },
         },
      },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
  )]
  /// Update Access Control List (ACLs).
  pub fn update_acl(
author	Dietmar Maurer <dietmar@proxmox.com>
	Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Fri, 17 Apr 2020 08:03:09 +0000 (10:03 +0200)