[pmg-api.git] / PMG / RESTEnvironment.pm

package PMG::RESTEnvironment;

use strict;
use warnings;

use PVE::INotify;
use PVE::RESTEnvironment;
use PVE::Exception qw(raise_perm_exc);

use PMG::Cluster;
use PMG::ClusterConfig;
use PMG::AccessControl;

use base qw(PVE::RESTEnvironment);

my $nodename = PVE::INotify::nodename();

# initialize environment - must be called once at program startup
sub init {
    my ($class, $type, %params) = @_;

    $class = ref($class) || $class;

    my $self = $class->SUPER::init($type, %params);

    $self->{cinfo} = {};
    $self->{usercfg} = {};
    $self->{ticket} = undef;
 
    return $self;
};

# init_request - must be called before each RPC request
sub init_request {
    my ($self, %params) = @_;
    
    $self->SUPER::init_request(%params);
    
    $self->{ticket} = undef;
    $self->{role} = undef;
    $self->{format} = undef;
    $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
    $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
}

sub setup_default_cli_env {
    my ($class, $username) = @_;

    $class->SUPER::setup_default_cli_env($username);

    my $rest_env = $class->get();
    $rest_env->set_role('root');
}

sub set_format {
    my ($self, $ticket) = @_;

    $self->{format} = $ticket;
}

sub get_format {
    my ($self) = @_;

    return $self->{format} // 'json';
}

sub set_ticket {
    my ($self, $ticket) = @_;

    $self->{ticket} = $ticket;
}

sub get_ticket {
    my ($self) = @_;

    return $self->{ticket};
}

sub set_role {
    my ($self, $user) = @_;

    $self->{role} = $user;
}

sub get_role {
    my ($self) = @_;

    return $self->{role};
}

sub check_node_is_master {
    my ($self, $noerr);

    my $master = PMG::Cluster::get_master_node($self->{cinfo});

    return 1 if $master eq 'localhost' || $master eq $nodename;

    return undef if $noerr;

    die "this node ('$nodename') is not the master node\n";
}

sub check_api2_permissions {
    my ($self, $perm, $uri_param) = @_;

    my $username = $self->get_user(1);

    return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';

    raise_perm_exc("user == null") if !$username;

    return 1 if $username eq 'root@pam';

    raise_perm_exc('user != root@pam') if !$perm;

    return 1 if $perm->{user} && $perm->{user} eq 'all';

    my $role = $self->{role};

    if (my $allowed_roles = $perm->{check}) {
	return 1 if grep { $_ eq $role } @$allowed_roles;
    }

    raise_perm_exc();
}

1;
Commit	Line	Data
9d82c6bc DM	1	package PMG::RESTEnvironment;
	2
	3	use strict;
	4	use warnings;
	5
9968426f	6	use PVE::INotify;
9d82c6bc	7	use PVE::RESTEnvironment;
3689f2cd	8	use PVE::Exception qw(raise_perm_exc);
9d82c6bc	9
9968426f	10	use PMG::Cluster;
9d82c6bc	11	use PMG::ClusterConfig;
27ca2dae	12	use PMG::AccessControl;
9d82c6bc DM	13
	14	use base qw(PVE::RESTEnvironment);
	15
9968426f DM	16	my $nodename = PVE::INotify::nodename();
9968426f DM	17
9d82c6bc DM	18	# initialize environment - must be called once at program startup
	19	sub init {
	20	my ($class, $type, %params) = @_;
	21
	22	$class = ref($class) \|\| $class;
	23
	24	my $self = $class->SUPER::init($type, %params);
	25
	26	$self->{cinfo} = {};
27ca2dae	27	$self->{usercfg} = {};
ba11e2d3	28	$self->{ticket} = undef;
9d82c6bc DM	29
	30	return $self;
	31	};
	32
	33	# init_request - must be called before each RPC request
	34	sub init_request {
	35	my ($self, %params) = @_;
	36
	37	$self->SUPER::init_request(%params);
	38
ba11e2d3	39	$self->{ticket} = undef;
9a9be8aa	40	$self->{role} = undef;
01891c99	41	$self->{format} = undef;
9d82c6bc	42	$self->{cinfo} = PVE::INotify::read_file("cluster.conf");
27ca2dae	43	$self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
9d82c6bc DM	44	}
9d82c6bc DM	45
9a9be8aa DM	46	sub setup_default_cli_env {
	47	my ($class, $username) = @_;
	48
	49	$class->SUPER::setup_default_cli_env($username);
	50
	51	my $rest_env = $class->get();
	52	$rest_env->set_role('root');
	53	}
	54
01891c99 DM	55	sub set_format {
	56	my ($self, $ticket) = @_;
	57
	58	$self->{format} = $ticket;
	59	}
	60
	61	sub get_format {
	62	my ($self) = @_;
	63
	64	return $self->{format} // 'json';
	65	}
	66
ba11e2d3 DM	67	sub set_ticket {
	68	my ($self, $ticket) = @_;
	69
	70	$self->{ticket} = $ticket;
	71	}
	72
	73	sub get_ticket {
	74	my ($self) = @_;
	75
	76	return $self->{ticket};
	77	}
	78
9a9be8aa DM	79	sub set_role {
	80	my ($self, $user) = @_;
	81
	82	$self->{role} = $user;
	83	}
	84
	85	sub get_role {
	86	my ($self) = @_;
	87
	88	return $self->{role};
	89	}
	90
9968426f DM	91	sub check_node_is_master {
	92	my ($self, $noerr);
	93
	94	my $master = PMG::Cluster::get_master_node($self->{cinfo});
	95
	96	return 1 if $master eq 'localhost' \|\| $master eq $nodename;
	97
	98	return undef if $noerr;
	99
	100	die "this node ('$nodename') is not the master node\n";
	101	}
	102
27ca2dae	103	sub check_api2_permissions {
9a9be8aa DM	104	my ($self, $perm, $uri_param) = @_;
9a9be8aa DM	105
aedd039f	106	my $username = $self->get_user(1);
27ca2dae DM	107
	108	return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
	109
	110	raise_perm_exc("user == null") if !$username;
	111
	112	return 1 if $username eq 'root@pam';
	113
	114	raise_perm_exc('user != root@pam') if !$perm;
	115
	116	return 1 if $perm->{user} && $perm->{user} eq 'all';
	117
9a9be8aa	118	my $role = $self->{role};
27ca2dae DM	119
	120	if (my $allowed_roles = $perm->{check}) {
	121	return 1 if grep { $_ eq $role } @$allowed_roles;
	122	}
	123
	124	raise_perm_exc();
	125	}
	126
9d82c6bc	127	1;