]> git.proxmox.com Git - pve-access-control.git/blame - PVE/API2/Group.pm
Revert "Add title and print_width fields to properties"
[pve-access-control.git] / PVE / API2 / Group.pm
CommitLineData
2c3a6c0a
DM
1package PVE::API2::Group;
2
3use strict;
4use warnings;
5use PVE::Cluster qw (cfs_read_file cfs_write_file);
6use PVE::AccessControl;
2c3a6c0a 7use PVE::SafeSyslog;
2c3a6c0a 8use PVE::RESTHandler;
3a5ae7a0 9use PVE::JSONSchema qw(get_standard_option register_standard_option);
2c3a6c0a
DM
10
11use base qw(PVE::RESTHandler);
12
3a5ae7a0
SI
13register_standard_option('group-id', {
14 type => 'string',
15 format => 'pve-groupid',
16 completion => \&PVE::AccessControl::complete_group,
17});
18
19register_standard_option('group-comment', { type => 'string', optional => 1 });
20
2c3a6c0a
DM
21__PACKAGE__->register_method ({
22 name => 'index',
23 path => '',
24 method => 'GET',
25 description => "Group index.",
96919234 26 permissions => {
82b63965 27 description => "The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/<group>.",
96919234
DM
28 user => 'all',
29 },
2c3a6c0a
DM
30 parameters => {
31 additionalProperties => 0,
32 properties => {},
33 },
34 returns => {
35 type => 'array',
36 items => {
37 type => "object",
38 properties => {
3a5ae7a0
SI
39 groupid => get_standard_option('group-id'),
40 comment => get_standard_option('group-comment'),
2c3a6c0a
DM
41 },
42 },
43 links => [ { rel => 'child', href => "{groupid}" } ],
44 },
45 code => sub {
46 my ($param) = @_;
47
48 my $res = [];
49
96919234 50 my $rpcenv = PVE::RPCEnvironment::get();
2c3a6c0a 51 my $usercfg = cfs_read_file("user.cfg");
96919234
DM
52 my $authuser = $rpcenv->get_user();
53
82b63965
DM
54 my $privs = [ 'User.Modify', 'Sys.Audit', 'Group.Allocate'];
55
2c3a6c0a 56 foreach my $group (keys %{$usercfg->{groups}}) {
82b63965 57 next if !$rpcenv->check_any($authuser, "/access/groups/$group", $privs, 1);
8de1fb5a
DM
58 my $data = $usercfg->{groups}->{$group};
59 my $entry = { groupid => $group };
60 $entry->{comment} = $data->{comment} if defined($data->{comment});
2c3a6c0a
DM
61 push @$res, $entry;
62 }
63
64 return $res;
65 }});
66
67__PACKAGE__->register_method ({
68 name => 'create_group',
69 protected => 1,
70 path => '',
71 method => 'POST',
96919234 72 permissions => {
82b63965 73 check => ['perm', '/access/groups', ['Group.Allocate']],
96919234 74 },
2c3a6c0a
DM
75 description => "Create new group.",
76 parameters => {
77 additionalProperties => 0,
78 properties => {
3a5ae7a0
SI
79 groupid => get_standard_option('group-id'),
80 comment => get_standard_option('group-comment'),
2c3a6c0a
DM
81 },
82 },
83 returns => { type => 'null' },
84 code => sub {
85 my ($param) = @_;
86
87 PVE::AccessControl::lock_user_config(
88 sub {
89
90 my $usercfg = cfs_read_file("user.cfg");
91
92 my $group = $param->{groupid};
93
94 die "group '$group' already exists\n"
95 if $usercfg->{groups}->{$group};
96
97 $usercfg->{groups}->{$group} = { users => {} };
98
99 $usercfg->{groups}->{$group}->{comment} = $param->{comment} if $param->{comment};
100
101
102 cfs_write_file("user.cfg", $usercfg);
103 }, "create group failed");
104
105 return undef;
106 }});
107
108__PACKAGE__->register_method ({
109 name => 'update_group',
110 protected => 1,
111 path => '{groupid}',
112 method => 'PUT',
96919234 113 permissions => {
82b63965 114 check => ['perm', '/access/groups', ['Group.Allocate']],
96919234 115 },
2c3a6c0a
DM
116 description => "Update group data.",
117 parameters => {
118 additionalProperties => 0,
119 properties => {
3a5ae7a0
SI
120 groupid => get_standard_option('group-id'),
121 comment => get_standard_option('group-comment'),
2c3a6c0a
DM
122 },
123 },
124 returns => { type => 'null' },
125 code => sub {
126 my ($param) = @_;
127
128 PVE::AccessControl::lock_user_config(
129 sub {
130
131 my $usercfg = cfs_read_file("user.cfg");
132
133 my $group = $param->{groupid};
134
135 my $data = $usercfg->{groups}->{$group};
136
137 die "group '$group' does not exist\n"
138 if !$data;
139
39c85db8 140 $data->{comment} = $param->{comment} if defined($param->{comment});
2c3a6c0a
DM
141
142 cfs_write_file("user.cfg", $usercfg);
39c85db8 143 }, "update group failed");
2c3a6c0a
DM
144
145 return undef;
146 }});
147
2c3a6c0a
DM
148__PACKAGE__->register_method ({
149 name => 'read_group',
150 path => '{groupid}',
151 method => 'GET',
96919234 152 permissions => {
82b63965
DM
153 check => ['perm', '/access/groups', ['Sys.Audit', 'Group.Allocate'], any => 1],
154 },
2c3a6c0a
DM
155 description => "Get group configuration.",
156 parameters => {
157 additionalProperties => 0,
158 properties => {
3a5ae7a0 159 groupid => get_standard_option('group-id'),
2c3a6c0a
DM
160 },
161 },
8de1fb5a
DM
162 returns => {
163 type => "object",
164 additionalProperties => 0,
165 properties => {
3a5ae7a0 166 comment => get_standard_option('group-comment'),
8de1fb5a
DM
167 members => {
168 type => 'array',
3a5ae7a0 169 items => get_standard_option('userid-completed')
8de1fb5a
DM
170 },
171 },
172 },
2c3a6c0a
DM
173 code => sub {
174 my ($param) = @_;
175
176 my $group = $param->{groupid};
177
178 my $usercfg = cfs_read_file("user.cfg");
179
180 my $data = $usercfg->{groups}->{$group};
181
182 die "group '$group' does not exist\n" if !$data;
183
8de1fb5a
DM
184 my $members = $data->{users} ? [ keys %{$data->{users}} ] : [];
185
186 my $res = { members => $members };
187
188 $res->{comment} = $data->{comment} if defined($data->{comment});
189
190 return $res;
2c3a6c0a
DM
191 }});
192
193
194__PACKAGE__->register_method ({
195 name => 'delete_group',
196 protected => 1,
197 path => '{groupid}',
198 method => 'DELETE',
96919234 199 permissions => {
82b63965 200 check => ['perm', '/access/groups', ['Group.Allocate']],
96919234 201 },
2c3a6c0a
DM
202 description => "Delete group.",
203 parameters => {
204 additionalProperties => 0,
205 properties => {
3a5ae7a0 206 groupid => get_standard_option('group-id'),
2c3a6c0a
DM
207 }
208 },
209 returns => { type => 'null' },
210 code => sub {
211 my ($param) = @_;
212
213 PVE::AccessControl::lock_user_config(
214 sub {
215
216 my $usercfg = cfs_read_file("user.cfg");
217
218 my $group = $param->{groupid};
219
220 die "group '$group' does not exist\n"
221 if !$usercfg->{groups}->{$group};
222
223 delete ($usercfg->{groups}->{$group});
224
225 PVE::AccessControl::delete_group_acl($group, $usercfg);
226
227 cfs_write_file("user.cfg", $usercfg);
228 }, "delete group failed");
229
230 return undef;
231 }});
232
2331;