3 use ::serde
::{Deserialize, Serialize}
;
5 use proxmox
::api
::{api, ApiMethod, Router, RpcEnvironment}
;
6 use proxmox
::api
::schema
::{Schema, StringSchema, BooleanSchema, ApiStringFormat}
;
8 use crate::api2
::types
::*;
9 use crate::config
::acl
;
11 pub const ACL_PROPAGATE_SCHEMA
: Schema
= BooleanSchema
::new(
12 "Allow to propagate (inherit) permissions.")
16 pub const ACL_PATH_SCHEMA
: Schema
= StringSchema
::new(
17 "Access control path.")
18 .format(&ACL_PATH_FORMAT
)
23 pub const ACL_UGID_TYPE_SCHEMA
: Schema
= StringSchema
::new(
24 "Type of 'ugid' property.")
25 .format(&ApiStringFormat
::Enum(&["user", "group"]))
28 pub const ACL_ROLE_SCHEMA
: Schema
= StringSchema
::new(
30 .format(&ApiStringFormat
::Enum(&["Admin", "User", "Audit", "NoAccess"]))
36 schema
: ACL_PROPAGATE_SCHEMA
,
39 schema
: ACL_PATH_SCHEMA
,
42 schema
: ACL_UGID_TYPE_SCHEMA
,
46 description
: "User or Group ID.",
49 schema
: ACL_ROLE_SCHEMA
,
53 #[derive(Serialize, Deserialize)]
55 pub struct AclListItem
{
63 fn extract_acl_node_data(
64 node
: &acl
::AclTreeNode
,
66 list
: &mut Vec
<AclListItem
>,
68 for (user
, roles
) in &node
.users
{
69 for (role
, propagate
) in roles
{
70 list
.push(AclListItem
{
71 path
: if path
.is_empty() { String::from("/") }
else { path.to_string() }
,
72 propagate
: *propagate
,
73 ugid_type
: String
::from("user"),
74 ugid
: user
.to_string(),
75 roleid
: role
.to_string(),
79 for (group
, roles
) in &node
.groups
{
80 for (role
, propagate
) in roles
{
81 list
.push(AclListItem
{
82 path
: if path
.is_empty() { String::from("/") }
else { path.to_string() }
,
83 propagate
: *propagate
,
84 ugid_type
: String
::from("group"),
85 ugid
: group
.to_string(),
86 roleid
: role
.to_string(),
90 for (comp
, child
) in &node
.children
{
91 let new_path
= format
!("{}/{}", path
, comp
);
92 extract_acl_node_data(child
, &new_path
, list
);
98 description
: "ACL entry list.",
105 /// Read Access Control List (ACLs).
107 _rpcenv
: &mut dyn RpcEnvironment
,
108 ) -> Result
<Vec
<AclListItem
>, Error
> {
110 //let auth_user = rpcenv.get_user().unwrap();
112 let (tree
, digest
) = acl
::config()?
;
114 let mut list
: Vec
<AclListItem
> = Vec
::new();
115 extract_acl_node_data(&tree
.root
, "", &mut list
);
120 pub const ROUTER
: Router
= Router
::new()
121 .get(&API_METHOD_READ_ACL
);