pub mod user;
pub mod domain;
pub mod acl;
+pub mod role;
fn authenticate_user(username: &str, password: &str) -> Result<(), Error> {
.post(&API_METHOD_CREATE_TICKET)
),
("domains", &domain::ROUTER),
+ ("roles", &role::ROUTER),
("users", &user::ROUTER),
]);
--- /dev/null
+use failure::*;
+
+use serde_json::{json, Value};
+
+use proxmox::api::{api, Permission};
+use proxmox::api::router::Router;
+
+use crate::api2::types::*;
+use crate::config::acl::ROLE_NAMES;
+
+#[api(
+ returns: {
+ description: "List of roles.",
+ type: Array,
+ items: {
+ type: Object,
+ description: "User name with description.",
+ properties: {
+ role: {
+ description: "Role name.",
+ type: String,
+ },
+ comment: {
+ schema: SINGLE_LINE_COMMENT_SCHEMA,
+ optional: true,
+ },
+ },
+ }
+ },
+ access: {
+ permission: &Permission::Anybody,
+ }
+)]
+/// Role list
+fn list_roles() -> Result<Value, Error> {
+ let mut list = Vec::new();
+
+ for (role, comment) in ROLE_NAMES.iter() {
+ list.push(json!({ "role": role, "comment": comment }));
+ }
+ Ok(list.into())
+}
+
+pub const ROUTER: Router = Router::new()
+ .get(&API_METHOD_LIST_ROLES);
pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess";
lazy_static! {
- pub static ref ROLE_NAMES: HashMap<&'static str, u64> = {
+ pub static ref ROLE_NAMES: HashMap<&'static str, (u64, &'static str)> = {
let mut map = HashMap::new();
- map.insert("Admin", ROLE_ADMIN);
- map.insert("Audit", ROLE_AUDIT);
- map.insert(ROLE_NAME_NO_ACCESS, ROLE_NO_ACCESS);
-
- map.insert("Datastore.Admin", ROLE_DATASTORE_ADMIN);
- map.insert("Datastore.User", ROLE_DATASTORE_USER);
- map.insert("Datastore.Audit", ROLE_DATASTORE_AUDIT);
+ map.insert("Admin", (
+ ROLE_ADMIN,
+ "Administrator",
+ ));
+ map.insert("Audit", (
+ ROLE_AUDIT,
+ "Auditor",
+ ));
+ map.insert(ROLE_NAME_NO_ACCESS, (
+ ROLE_NO_ACCESS,
+ "Disable access",
+ ));
+
+ map.insert("Datastore.Admin", (
+ ROLE_DATASTORE_ADMIN,
+ "Datastore Administrator",
+ ));
+ map.insert("Datastore.User", (
+ ROLE_DATASTORE_USER,
+ "Datastore User",
+ ));
+ map.insert("Datastore.Audit", (
+ ROLE_DATASTORE_AUDIT,
+ "Datastore Auditor",
+ ));
map
};
let roles = self.acl_tree.roles(userid, path);
let mut privs: u64 = 0;
for role in roles {
- if let Some(role_privs) = ROLE_NAMES.get(role.as_str()) {
+ if let Some((role_privs, _)) = ROLE_NAMES.get(role.as_str()) {
privs |= role_privs;
}
}