]> git.proxmox.com Git - pmg-api.git/blob - PMG/RESTEnvironment.pm
projects / pmg-api.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dkim: add QID in warnings
[pmg-api.git] / PMG / RESTEnvironment.pm
1 package PMG::RESTEnvironment;
2
3 use strict;
4 use warnings;
5
6 use PVE::INotify;
7 use PVE::RESTEnvironment;
8 use PVE::Exception qw(raise_perm_exc);
9
10 use PMG::Cluster;
11 use PMG::ClusterConfig;
12 use PMG::AccessControl;
13
14 use base qw(PVE::RESTEnvironment);
15
16 my $nodename = PVE::INotify::nodename();
17
18 # initialize environment - must be called once at program startup
19 sub init {
20 my ($class, $type, %params) = @_;
21
22 $class = ref($class) || $class;
23
24 my $self = $class->SUPER::init($type, %params);
25
26 $self->{cinfo} = {};
27 $self->{usercfg} = {};
28 $self->{ticket} = undef;
29
30 return $self;
31 };
32
33 # init_request - must be called before each RPC request
34 sub init_request {
35 my ($self, %params) = @_;
36
37 $self->SUPER::init_request(%params);
38
39 $self->{ticket} = undef;
40 $self->{role} = undef;
41 $self->{format} = undef;
42 $self->{cinfo} = PVE::INotify::read_file("cluster.conf");
43 $self->{usercfg} = PVE::INotify::read_file("pmg-user.conf");
44 }
45
46 sub setup_default_cli_env {
47 my ($class, $username) = @_;
48
49 $class->SUPER::setup_default_cli_env($username);
50
51 my $rest_env = $class->get();
52 $rest_env->set_role('root');
53 }
54
55 sub set_format {
56 my ($self, $ticket) = @_;
57
58 $self->{format} = $ticket;
59 }
60
61 sub get_format {
62 my ($self) = @_;
63
64 return $self->{format} // 'json';
65 }
66
67 sub set_ticket {
68 my ($self, $ticket) = @_;
69
70 $self->{ticket} = $ticket;
71 }
72
73 sub get_ticket {
74 my ($self) = @_;
75
76 return $self->{ticket};
77 }
78
79 sub set_role {
80 my ($self, $user) = @_;
81
82 $self->{role} = $user;
83 }
84
85 sub get_role {
86 my ($self) = @_;
87
88 return $self->{role};
89 }
90
91 sub check_node_is_master {
92 my ($self, $noerr);
93
94 my $master = PMG::Cluster::get_master_node($self->{cinfo});
95
96 return 1 if $master eq 'localhost' || $master eq $nodename;
97
98 return undef if $noerr;
99
100 die "this node ('$nodename') is not the master node\n";
101 }
102
103 sub check_api2_permissions {
104 my ($self, $perm, $uri_param) = @_;
105
106 my $username = $self->get_user(1);
107
108 return 1 if !$username && $perm->{user} && $perm->{user} eq 'world';
109
110 raise_perm_exc("user == null") if !$username;
111
112 return 1 if $username eq 'root@pam';
113
114 raise_perm_exc('user != root@pam') if !$perm;
115
116 return 1 if $perm->{user} && $perm->{user} eq 'all';
117
118 my $role = $self->{role};
119
120 if (my $allowed_roles = $perm->{check}) {
121 if ($role eq 'helpdesk') {
122 # helpdesk is qmanager + audit
123 return 1 if grep { $_ eq 'audit' } @$allowed_roles;
124 return 1 if grep { $_ eq 'qmanager' } @$allowed_roles;
125 }
126 return 1 if grep { $_ eq $role } @$allowed_roles;
127 }
128
129 raise_perm_exc();
130 }
131
132 1;
PMG API