1 package PVE
::API2
::Group
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use Data
::Dumper
; # fixme: remove
14 use base
qw(PVE::RESTHandler);
16 my $extract_group_data = sub {
17 my ($data, $full) = @_;
21 $res->{comment
} = $data->{comment
} if defined($data->{comment
});
23 return $res if !$full;
25 $res->{users
} = $data->{users
} ?
[ keys %{$data->{users
}} ] : [];
30 # fixme: index should return more/all attributes?
31 __PACKAGE__-
>register_method ({
35 description
=> "Group index.",
37 description
=> "The returned list is restricted to groups where you have 'User.Allocate' or 'Sys.Audit' permissions on '/access', or 'User.Allocate' on /access/groups/<group>.",
41 additionalProperties
=> 0,
49 groupid
=> { type
=> 'string' },
52 links
=> [ { rel
=> 'child', href
=> "{groupid}" } ],
59 my $rpcenv = PVE
::RPCEnvironment
::get
();
60 my $usercfg = cfs_read_file
("user.cfg");
61 my $authuser = $rpcenv->get_user();
63 my $privs = [ 'User.Allocate', 'Sys.Audit' ];
64 my $allow = $rpcenv->check_any($authuser, "/access", $privs, 1);
65 my $allowed_groups = $rpcenv->filter_groups($authuser, $privs, 1);
67 foreach my $group (keys %{$usercfg->{groups
}}) {
68 next if !($allow || $allowed_groups->{$group});
69 my $entry = &$extract_group_data($usercfg->{groups
}->{$group});
70 $entry->{groupid
} = $group;
77 __PACKAGE__-
>register_method ({
78 name
=> 'create_group',
83 check
=> ['perm', '/access', ['Sys.Modify']],
85 description
=> "Create new group.",
87 additionalProperties
=> 0,
89 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
90 comment
=> { type
=> 'string', optional
=> 1 },
93 returns
=> { type
=> 'null' },
97 PVE
::AccessControl
::lock_user_config
(
100 my $usercfg = cfs_read_file
("user.cfg");
102 my $group = $param->{groupid
};
104 die "group '$group' already exists\n"
105 if $usercfg->{groups
}->{$group};
107 $usercfg->{groups
}->{$group} = { users
=> {} };
109 $usercfg->{groups
}->{$group}->{comment
} = $param->{comment
} if $param->{comment
};
112 cfs_write_file
("user.cfg", $usercfg);
113 }, "create group failed");
118 __PACKAGE__-
>register_method ({
119 name
=> 'update_group',
124 check
=> ['perm', '/access', ['Sys.Modify']],
126 description
=> "Update group data.",
128 additionalProperties
=> 0,
130 # fixme: set/delete members
131 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
132 comment
=> { type
=> 'string', optional
=> 1 },
135 returns
=> { type
=> 'null' },
139 PVE
::AccessControl
::lock_user_config
(
142 my $usercfg = cfs_read_file
("user.cfg");
144 my $group = $param->{groupid
};
146 my $data = $usercfg->{groups
}->{$group};
148 die "group '$group' does not exist\n"
151 $data->{comment
} = $param->{comment
} if defined($param->{comment
});
153 cfs_write_file
("user.cfg", $usercfg);
154 }, "update group failed");
159 # fixme: return format!
160 __PACKAGE__-
>register_method ({
161 name
=> 'read_group',
165 check
=> ['perm', '/access', ['Sys.Audit']],
167 description
=> "Get group configuration.",
169 additionalProperties
=> 0,
171 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
178 my $group = $param->{groupid
};
180 my $usercfg = cfs_read_file
("user.cfg");
182 my $data = $usercfg->{groups
}->{$group};
184 die "group '$group' does not exist\n" if !$data;
186 return &$extract_group_data($data, 1);
190 __PACKAGE__-
>register_method ({
191 name
=> 'delete_group',
196 check
=> ['perm', '/access', ['Sys.Modify']],
198 description
=> "Delete group.",
200 additionalProperties
=> 0,
202 groupid
=> { type
=> 'string' , format
=> 'pve-groupid' },
205 returns
=> { type
=> 'null' },
209 PVE
::AccessControl
::lock_user_config
(
212 my $usercfg = cfs_read_file
("user.cfg");
214 my $group = $param->{groupid
};
216 die "group '$group' does not exist\n"
217 if !$usercfg->{groups
}->{$group};
219 delete ($usercfg->{groups
}->{$group});
221 PVE
::AccessControl
::delete_group_acl
($group, $usercfg);
223 cfs_write_file
("user.cfg", $usercfg);
224 }, "delete group failed");
projects / pve-access-control.git / blob