]>
Commit | Line | Data |
---|---|---|
09281ad7 DM |
1 | package PVE::CLI::pveum; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
042eaa3d | 5 | |
66d1b615 | 6 | use PVE::AccessControl; |
09281ad7 DM |
7 | use PVE::RPCEnvironment; |
8 | use PVE::API2::User; | |
9 | use PVE::API2::Group; | |
10 | use PVE::API2::Role; | |
11 | use PVE::API2::ACL; | |
12 | use PVE::API2::AccessControl; | |
369851ac | 13 | use PVE::CLIFormatter; |
09281ad7 | 14 | use PVE::CLIHandler; |
66d1b615 | 15 | use PVE::JSONSchema qw(get_standard_option); |
b34d76e7 | 16 | use PVE::PTY; |
369851ac | 17 | use PVE::RESTHandler; |
66d1b615 | 18 | use PVE::Tools qw(extract_param); |
09281ad7 DM |
19 | |
20 | use base qw(PVE::CLIHandler); | |
21 | ||
e623414a DM |
22 | sub setup_environment { |
23 | PVE::RPCEnvironment->setup_default_cli_env(); | |
24 | } | |
25 | ||
b34d76e7 DC |
26 | sub param_mapping { |
27 | my ($name) = @_; | |
98007830 | 28 | |
b34d76e7 DC |
29 | my $mapping = { |
30 | 'change_password' => [ | |
31 | PVE::CLIHandler::get_standard_mapping('pve-password'), | |
32 | ], | |
33 | 'create_ticket' => [ | |
34 | PVE::CLIHandler::get_standard_mapping('pve-password', { | |
35 | func => sub { | |
36 | # do not accept values given on cmdline | |
37 | return PVE::PTY::read_password('Enter password: '); | |
38 | }, | |
39 | }), | |
40 | ] | |
41 | }; | |
42 | ||
43 | return $mapping->{$name}; | |
98007830 DM |
44 | } |
45 | ||
369851ac FG |
46 | my $print_api_result = sub { |
47 | my ($data, $schema, $options) = @_; | |
48 | PVE::CLIFormatter::print_api_result($data, $schema, undef, $options); | |
49 | }; | |
50 | ||
66d1b615 FG |
51 | my $print_perm_result = sub { |
52 | my ($data, $schema, $options) = @_; | |
53 | ||
54 | if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') { | |
55 | my $table_schema = { | |
56 | type => 'array', | |
57 | items => { | |
58 | type => 'object', | |
59 | properties => { | |
60 | 'path' => { type => 'string', title => 'ACL path' }, | |
61 | 'permissions' => { type => 'string', title => 'Permissions' }, | |
62 | }, | |
63 | }, | |
64 | }; | |
65 | my $table_data = []; | |
66 | foreach my $path (sort keys %$data) { | |
67 | my $value = ''; | |
68 | my $curr = $data->{$path}; | |
69 | foreach my $perm (sort keys %$curr) { | |
70 | $value .= "\n" if $value; | |
71 | $value .= $perm; | |
72 | $value .= " (*)" if $curr->{$perm}; | |
73 | } | |
74 | push @$table_data, { path => $path, permissions => $value }; | |
75 | } | |
76 | PVE::CLIFormatter::print_api_result($table_data, $table_schema, undef, $options); | |
77 | print "Permissions marked with '(*)' have the 'propagate' flag set.\n"; | |
78 | } else { | |
79 | PVE::CLIFormatter::print_api_result($data, $schema, undef, $options); | |
80 | } | |
81 | }; | |
82 | ||
83 | __PACKAGE__->register_method({ | |
84 | name => 'token_permissions', | |
85 | path => 'token_permissions', | |
86 | method => 'GET', | |
87 | description => 'Retrieve effective permissions of given token.', | |
88 | parameters => { | |
89 | additionalProperties => 0, | |
90 | properties => { | |
91 | userid => get_standard_option('userid'), | |
92 | tokenid => get_standard_option('token-subid'), | |
93 | path => get_standard_option('acl-path', { | |
94 | description => "Only dump this specific path, not the whole tree.", | |
95 | optional => 1, | |
96 | }), | |
97 | }, | |
98 | }, | |
99 | returns => { | |
100 | type => 'object', | |
101 | description => 'Hash of structure "path" => "privilege" => "propagate boolean".', | |
102 | }, | |
103 | code => sub { | |
104 | my ($param) = @_; | |
105 | ||
106 | my $token_subid = extract_param($param, "tokenid"); | |
107 | $param->{userid} = PVE::AccessControl::join_tokenid($param->{userid}, $token_subid); | |
108 | ||
109 | return PVE::API2::AccessControl->permissions($param); | |
110 | }}); | |
111 | ||
09281ad7 | 112 | our $cmddef = { |
1e41cdc9 PA |
113 | user => { |
114 | add => [ 'PVE::API2::User', 'create_user', ['userid'] ], | |
115 | modify => [ 'PVE::API2::User', 'update_user', ['userid'] ], | |
116 | delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ], | |
369851ac | 117 | list => [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options], |
66d1b615 | 118 | permissions => [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options], |
084c149a FG |
119 | token => { |
120 | add => [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ], | |
ccaecac1 | 121 | modify => [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ], |
084c149a FG |
122 | remove => [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options ], |
123 | list => [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler::standard_output_options], | |
66d1b615 | 124 | permissions => [ __PACKAGE__, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler::standard_output_options], |
084c149a | 125 | } |
1e41cdc9 PA |
126 | }, |
127 | group => { | |
128 | add => [ 'PVE::API2::Group', 'create_group', ['groupid'] ], | |
129 | modify => [ 'PVE::API2::Group', 'update_group', ['groupid'] ], | |
130 | delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ], | |
369851ac | 131 | list => [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options], |
1e41cdc9 PA |
132 | }, |
133 | role => { | |
134 | add => [ 'PVE::API2::Role', 'create_role', ['roleid'] ], | |
135 | modify => [ 'PVE::API2::Role', 'update_role', ['roleid'] ], | |
136 | delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ], | |
369851ac | 137 | list => [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options], |
1e41cdc9 PA |
138 | }, |
139 | acl => { | |
140 | modify => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }], | |
141 | delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }], | |
369851ac | 142 | list => [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler::standard_output_options], |
1e41cdc9 | 143 | }, |
09281ad7 DM |
144 | ticket => [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef, |
145 | sub { | |
146 | my ($res) = @_; | |
147 | print "$res->{ticket}\n"; | |
148 | }], | |
149 | ||
765305e2 | 150 | passwd => [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ], |
09281ad7 | 151 | |
1e41cdc9 PA |
152 | useradd => { alias => 'user add' }, |
153 | usermod => { alias => 'user modify' }, | |
154 | userdel => { alias => 'user delete' }, | |
09281ad7 | 155 | |
1e41cdc9 PA |
156 | groupadd => { alias => 'group add' }, |
157 | groupmod => { alias => 'group modify' }, | |
158 | groupdel => { alias => 'group delete' }, | |
09281ad7 | 159 | |
1e41cdc9 PA |
160 | roleadd => { alias => 'role add' }, |
161 | rolemod => { alias => 'role modify' }, | |
162 | roledel => { alias => 'role delete' }, | |
09281ad7 | 163 | |
1e41cdc9 PA |
164 | aclmod => { alias => 'acl modify' }, |
165 | acldel => { alias => 'acl delete' }, | |
09281ad7 DM |
166 | }; |
167 | ||
168 | 1; |