]>
git.proxmox.com Git - pmg-api.git/blob - src/PMG/API2/Users.pm
243d19a736410cc689c9e2328aa0ed80a98244d8
1 package PMG
::API2
::Users
;
8 use PVE
::Tools
qw(extract_param);
9 use PVE
::JSONSchema
qw(get_standard_option);
12 use PVE
::Exception
qw(raise_perm_exc);
14 use PMG
::RESTEnvironment
;
18 use base
qw(PVE::RESTHandler);
20 my $extract_userdata = sub {
24 foreach my $k (keys %$entry) {
25 $res->{$k} = $entry->{$k} if $k ne 'crypt_pass';
31 __PACKAGE__-
>register_method ({
35 description
=> "List users.",
38 permissions
=> { check
=> [ 'admin', 'qmanager', 'audit' ] },
40 additionalProperties
=> 0,
48 userid
=> { type
=> 'string'},
49 enable
=> { type
=> 'boolean'},
50 role => { type
=> 'string'},
51 comment
=> { type
=> 'string', optional
=> 1},
54 links
=> [ { rel
=> 'child', href
=> "{userid}" } ],
59 my $cfg = PMG
::UserConfig-
>new();
61 my $rpcenv = PMG
::RESTEnvironment-
>get();
62 my $authuser = $rpcenv->get_user();
63 my $role = $rpcenv->get_role();
67 foreach my $userid (sort keys %$cfg) {
68 next if $role eq 'qmanager' && $authuser ne $userid;
69 push @$res, $extract_userdata->($cfg->{$userid});
75 __PACKAGE__-
>register_method ({
81 description
=> "Create new user",
82 parameters
=> $PMG::UserConfig
::create_schema
,
83 returns
=> { type
=> 'null' },
89 my $cfg = PMG
::UserConfig-
>new();
91 die "User '$param->{userid}' already exists\n"
92 if $cfg->{$param->{userid
}};
95 foreach my $k (keys %$param) {
97 if ($k eq 'password') {
98 $entry->{crypt_pass
} = PVE
::Tools
::encrypt_pw
($v);
104 $entry->{enable
} //= 0;
105 $entry->{expire
} //= 0;
106 $entry->{role} //= 'audit';
108 $cfg->{$param->{userid
}} = $entry;
113 PMG
::UserConfig
::lock_config
($code, "create user failed");
118 __PACKAGE__-
>register_method ({
122 description
=> "Read User data.",
123 permissions
=> { check
=> [ 'admin', 'qmanager', 'audit' ] },
127 additionalProperties
=> 0,
129 userid
=> get_standard_option
('userid'),
139 my $cfg = PMG
::UserConfig-
>new();
141 my $rpcenv = PMG
::RESTEnvironment-
>get();
142 my $authuser = $rpcenv->get_user();
143 my $role = $rpcenv->get_role();
146 if $role eq 'qmanager' && $authuser ne $param->{userid
};
148 my $data = $cfg->lookup_user_data($param->{userid
});
150 my $res = $extract_userdata->($data);
155 __PACKAGE__-
>register_method ({
159 description
=> "Update user data.",
162 parameters
=> $PMG::UserConfig
::update_schema
,
163 returns
=> { type
=> 'null' },
169 my $cfg = PMG
::UserConfig-
>new();
171 my $userid = extract_param
($param, 'userid');
173 my $entry = $cfg->lookup_user_data($userid);
175 my $delete_str = extract_param
($param, 'delete');
176 die "no options specified\n"
177 if !$delete_str && !scalar(keys %$param);
179 foreach my $k (PVE
::Tools
::split_list
($delete_str)) {
183 foreach my $k (keys %$param) {
184 my $v = $param->{$k};
185 if ($k eq 'password') {
186 $entry->{crypt_pass
} = PVE
::Tools
::encrypt_pw
($v);
195 PMG
::UserConfig
::lock_config
($code, "update user failed");
200 __PACKAGE__-
>register_method ({
204 description
=> "Delete a user.",
208 additionalProperties
=> 0,
210 userid
=> get_standard_option
('userid'),
213 returns
=> { type
=> 'null' },
219 my $cfg = PMG
::UserConfig-
>new();
221 $cfg->lookup_user_data($param->{userid
}); # user exists?
223 delete $cfg->{$param->{userid
}};
228 PMG
::UserConfig
::lock_config
($code, "delete user failed");
233 __PACKAGE__-
>register_method ({
234 name
=> 'unlock_tfa',
235 path
=> '{userid}/unlock-tfa',
238 description
=> "Unlock a user's TFA authentication.",
239 permissions
=> { check
=> [ 'admin' ] },
241 additionalProperties
=> 0,
243 userid
=> get_standard_option
('userid'),
246 returns
=> { type
=> 'boolean' },
250 my $userid = extract_param
($param, "userid");
252 my $user_was_locked = PMG
::TFAConfig
::lock_config
(sub {
253 my $tfa_cfg = PMG
::TFAConfig-
>new();
254 my $was_locked = $tfa_cfg->api_unlock_tfa($userid);
255 $tfa_cfg->write() if $was_locked;
259 return $user_was_locked;