]>
Commit | Line | Data |
---|---|---|
2c3a6c0a DM |
1 | package PVE::API2::Group; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | use PVE::Cluster qw (cfs_read_file cfs_write_file); | |
6 | use PVE::AccessControl; | |
2c3a6c0a | 7 | use PVE::SafeSyslog; |
2c3a6c0a DM |
8 | use PVE::RESTHandler; |
9 | ||
10 | use base qw(PVE::RESTHandler); | |
11 | ||
2c3a6c0a DM |
12 | __PACKAGE__->register_method ({ |
13 | name => 'index', | |
14 | path => '', | |
15 | method => 'GET', | |
16 | description => "Group index.", | |
96919234 | 17 | permissions => { |
19f60b5e | 18 | description => "The returned list is restricted to groups where you have 'User.Allocate' or 'Sys.Audit' permissions on '/access', or 'User.Allocate' on /access/groups/<group>.", |
96919234 DM |
19 | user => 'all', |
20 | }, | |
2c3a6c0a DM |
21 | parameters => { |
22 | additionalProperties => 0, | |
23 | properties => {}, | |
24 | }, | |
25 | returns => { | |
26 | type => 'array', | |
27 | items => { | |
28 | type => "object", | |
29 | properties => { | |
30 | groupid => { type => 'string' }, | |
31 | }, | |
32 | }, | |
33 | links => [ { rel => 'child', href => "{groupid}" } ], | |
34 | }, | |
35 | code => sub { | |
36 | my ($param) = @_; | |
37 | ||
38 | my $res = []; | |
39 | ||
96919234 | 40 | my $rpcenv = PVE::RPCEnvironment::get(); |
2c3a6c0a | 41 | my $usercfg = cfs_read_file("user.cfg"); |
96919234 DM |
42 | my $authuser = $rpcenv->get_user(); |
43 | ||
19f60b5e | 44 | my $privs = [ 'User.Allocate', 'Sys.Audit' ]; |
96919234 DM |
45 | my $allow = $rpcenv->check_any($authuser, "/access", $privs, 1); |
46 | my $allowed_groups = $rpcenv->filter_groups($authuser, $privs, 1); | |
2c3a6c0a DM |
47 | |
48 | foreach my $group (keys %{$usercfg->{groups}}) { | |
96919234 | 49 | next if !($allow || $allowed_groups->{$group}); |
8de1fb5a DM |
50 | my $data = $usercfg->{groups}->{$group}; |
51 | my $entry = { groupid => $group }; | |
52 | $entry->{comment} = $data->{comment} if defined($data->{comment}); | |
2c3a6c0a DM |
53 | push @$res, $entry; |
54 | } | |
55 | ||
56 | return $res; | |
57 | }}); | |
58 | ||
59 | __PACKAGE__->register_method ({ | |
60 | name => 'create_group', | |
61 | protected => 1, | |
62 | path => '', | |
63 | method => 'POST', | |
96919234 DM |
64 | permissions => { |
65 | check => ['perm', '/access', ['Sys.Modify']], | |
66 | }, | |
2c3a6c0a DM |
67 | description => "Create new group.", |
68 | parameters => { | |
69 | additionalProperties => 0, | |
70 | properties => { | |
71 | groupid => { type => 'string', format => 'pve-groupid' }, | |
72 | comment => { type => 'string', optional => 1 }, | |
73 | }, | |
74 | }, | |
75 | returns => { type => 'null' }, | |
76 | code => sub { | |
77 | my ($param) = @_; | |
78 | ||
79 | PVE::AccessControl::lock_user_config( | |
80 | sub { | |
81 | ||
82 | my $usercfg = cfs_read_file("user.cfg"); | |
83 | ||
84 | my $group = $param->{groupid}; | |
85 | ||
86 | die "group '$group' already exists\n" | |
87 | if $usercfg->{groups}->{$group}; | |
88 | ||
89 | $usercfg->{groups}->{$group} = { users => {} }; | |
90 | ||
91 | $usercfg->{groups}->{$group}->{comment} = $param->{comment} if $param->{comment}; | |
92 | ||
93 | ||
94 | cfs_write_file("user.cfg", $usercfg); | |
95 | }, "create group failed"); | |
96 | ||
97 | return undef; | |
98 | }}); | |
99 | ||
100 | __PACKAGE__->register_method ({ | |
101 | name => 'update_group', | |
102 | protected => 1, | |
103 | path => '{groupid}', | |
104 | method => 'PUT', | |
96919234 DM |
105 | permissions => { |
106 | check => ['perm', '/access', ['Sys.Modify']], | |
107 | }, | |
2c3a6c0a DM |
108 | description => "Update group data.", |
109 | parameters => { | |
110 | additionalProperties => 0, | |
111 | properties => { | |
2c3a6c0a DM |
112 | groupid => { type => 'string', format => 'pve-groupid' }, |
113 | comment => { type => 'string', optional => 1 }, | |
114 | }, | |
115 | }, | |
116 | returns => { type => 'null' }, | |
117 | code => sub { | |
118 | my ($param) = @_; | |
119 | ||
120 | PVE::AccessControl::lock_user_config( | |
121 | sub { | |
122 | ||
123 | my $usercfg = cfs_read_file("user.cfg"); | |
124 | ||
125 | my $group = $param->{groupid}; | |
126 | ||
127 | my $data = $usercfg->{groups}->{$group}; | |
128 | ||
129 | die "group '$group' does not exist\n" | |
130 | if !$data; | |
131 | ||
39c85db8 | 132 | $data->{comment} = $param->{comment} if defined($param->{comment}); |
2c3a6c0a DM |
133 | |
134 | cfs_write_file("user.cfg", $usercfg); | |
39c85db8 | 135 | }, "update group failed"); |
2c3a6c0a DM |
136 | |
137 | return undef; | |
138 | }}); | |
139 | ||
2c3a6c0a DM |
140 | __PACKAGE__->register_method ({ |
141 | name => 'read_group', | |
142 | path => '{groupid}', | |
143 | method => 'GET', | |
96919234 DM |
144 | permissions => { |
145 | check => ['perm', '/access', ['Sys.Audit']], | |
146 | }, | |
2c3a6c0a DM |
147 | description => "Get group configuration.", |
148 | parameters => { | |
149 | additionalProperties => 0, | |
150 | properties => { | |
151 | groupid => { type => 'string', format => 'pve-groupid' }, | |
152 | }, | |
153 | }, | |
8de1fb5a DM |
154 | returns => { |
155 | type => "object", | |
156 | additionalProperties => 0, | |
157 | properties => { | |
158 | comment => { type => 'string', optional => 1 }, | |
159 | members => { | |
160 | type => 'array', | |
161 | items => { | |
162 | type => "string", | |
163 | }, | |
164 | }, | |
165 | }, | |
166 | }, | |
2c3a6c0a DM |
167 | code => sub { |
168 | my ($param) = @_; | |
169 | ||
170 | my $group = $param->{groupid}; | |
171 | ||
172 | my $usercfg = cfs_read_file("user.cfg"); | |
173 | ||
174 | my $data = $usercfg->{groups}->{$group}; | |
175 | ||
176 | die "group '$group' does not exist\n" if !$data; | |
177 | ||
8de1fb5a DM |
178 | my $members = $data->{users} ? [ keys %{$data->{users}} ] : []; |
179 | ||
180 | my $res = { members => $members }; | |
181 | ||
182 | $res->{comment} = $data->{comment} if defined($data->{comment}); | |
183 | ||
184 | return $res; | |
2c3a6c0a DM |
185 | }}); |
186 | ||
187 | ||
188 | __PACKAGE__->register_method ({ | |
189 | name => 'delete_group', | |
190 | protected => 1, | |
191 | path => '{groupid}', | |
192 | method => 'DELETE', | |
96919234 DM |
193 | permissions => { |
194 | check => ['perm', '/access', ['Sys.Modify']], | |
195 | }, | |
2c3a6c0a DM |
196 | description => "Delete group.", |
197 | parameters => { | |
198 | additionalProperties => 0, | |
199 | properties => { | |
200 | groupid => { type => 'string' , format => 'pve-groupid' }, | |
201 | } | |
202 | }, | |
203 | returns => { type => 'null' }, | |
204 | code => sub { | |
205 | my ($param) = @_; | |
206 | ||
207 | PVE::AccessControl::lock_user_config( | |
208 | sub { | |
209 | ||
210 | my $usercfg = cfs_read_file("user.cfg"); | |
211 | ||
212 | my $group = $param->{groupid}; | |
213 | ||
214 | die "group '$group' does not exist\n" | |
215 | if !$usercfg->{groups}->{$group}; | |
216 | ||
217 | delete ($usercfg->{groups}->{$group}); | |
218 | ||
219 | PVE::AccessControl::delete_group_acl($group, $usercfg); | |
220 | ||
221 | cfs_write_file("user.cfg", $usercfg); | |
222 | }, "delete group failed"); | |
223 | ||
224 | return undef; | |
225 | }}); | |
226 | ||
227 | 1; |