PVE/API2/Group.pm

   1 package PVE::API2::Group;
   2
   3 use strict;
   4 use warnings;
   5 use PVE::Cluster qw (cfs_read_file cfs_write_file);
   6 use PVE::AccessControl;
   7
   8 use PVE::SafeSyslog;
   9
  10 use Data::Dumper; # fixme: remove
  11
  12 use PVE::RESTHandler;
  13
  14 use base qw(PVE::RESTHandler);
  15
  16 my $extract_group_data = sub {
  17     my ($data, $full) = @_;
  18
  19     my $res = {};
  20
  21     $res->{comment} = $data->{comment} if defined($data->{comment});
  22
  23     return $res if !$full;
  24
  25     $res->{users} = $data->{users} ? [ keys %{$data->{users}} ] : [];
  26
  27     return $res;
  28 };
  29
  30 # fixme: index should return more/all attributes?
  31 __PACKAGE__->register_method ({
  32     name => 'index',
  33     path => '',
  34     method => 'GET',
  35     description => "Group index.",
  36     parameters => {
  37         additionalProperties => 0,
  38         properties => {},
  39     },
  40     returns => {
  41         type => 'array',
  42         items => {
  43             type => "object",
  44             properties => {
  45                 groupid => { type => 'string' },
  46             },
  47         },
  48         links => [ { rel => 'child', href => "{groupid}" } ],
  49     },
  50     code => sub {
  51         my ($param) = @_;
  52
  53         my $res = [];
  54
  55         my $usercfg = cfs_read_file("user.cfg");
  56
  57         foreach my $group (keys %{$usercfg->{groups}}) {
  58             my $entry = &$extract_group_data($usercfg->{groups}->{$group});
  59             $entry->{groupid} = $group;
  60             push @$res, $entry;
  61         }
  62
  63         return $res;
  64     }});
  65
  66 __PACKAGE__->register_method ({
  67     name => 'create_group',
  68     protected => 1,
  69     path => '',
  70     method => 'POST',
  71     description => "Create new group.",
  72     parameters => {
  73         additionalProperties => 0,
  74         properties => {
  75             groupid => { type => 'string', format => 'pve-groupid' },
  76             comment => { type => 'string', optional => 1 },
  77         },
  78     },
  79     returns => { type => 'null' },
  80     code => sub {
  81         my ($param) = @_;
  82
  83         PVE::AccessControl::lock_user_config(
  84             sub {
  85
  86                 my $usercfg = cfs_read_file("user.cfg");
  87
  88                 my $group = $param->{groupid};
  89
  90                 die "group '$group' already exists\n"
  91                     if $usercfg->{groups}->{$group};
  92
  93                 $usercfg->{groups}->{$group} = { users => {} };
  94
  95                 $usercfg->{groups}->{$group}->{comment} = $param->{comment} if $param->{comment};
  96
  97
  98                 cfs_write_file("user.cfg", $usercfg);
  99             }, "create group failed");
 100
 101         return undef;
 102     }});
 103
 104 __PACKAGE__->register_method ({
 105     name => 'update_group',
 106     protected => 1,
 107     path => '{groupid}',
 108     method => 'PUT',
 109     description => "Update group data.",
 110     parameters => {
 111         additionalProperties => 0,
 112         properties => {
 113             # fixme: set/delete members
 114             groupid => { type => 'string', format => 'pve-groupid' },
 115             comment => { type => 'string', optional => 1 },
 116         },
 117     },
 118     returns => { type => 'null' },
 119     code => sub {
 120         my ($param) = @_;
 121
 122         PVE::AccessControl::lock_user_config(
 123             sub {
 124
 125                 my $usercfg = cfs_read_file("user.cfg");
 126
 127                 my $group = $param->{groupid};
 128
 129                 my $data = $usercfg->{groups}->{$group};
 130
 131                 die "group '$group' does not exist\n"
 132                     if !$data;
 133
 134                 $data->{comment} = $param->{comment} if $param->{comment};
 135
 136                 cfs_write_file("user.cfg", $usercfg);
 137             }, "create group failed");
 138
 139         return undef;
 140     }});
 141
 142 # fixme: return format!
 143 __PACKAGE__->register_method ({
 144     name => 'read_group',
 145     path => '{groupid}',
 146     method => 'GET',
 147     description => "Get group configuration.",
 148     parameters => {
 149         additionalProperties => 0,
 150         properties => {
 151             groupid => { type => 'string', format => 'pve-groupid' },
 152         },
 153     },
 154     returns => {},
 155     code => sub {
 156         my ($param) = @_;
 157
 158         my $group = $param->{groupid};
 159
 160         my $usercfg = cfs_read_file("user.cfg");
 161
 162         my $data = $usercfg->{groups}->{$group};
 163
 164         die "group '$group' does not exist\n" if !$data;
 165
 166         return &$extract_group_data($data, 1);
 167     }});
 168
 169
 170 __PACKAGE__->register_method ({
 171     name => 'delete_group',
 172     protected => 1,
 173     path => '{groupid}',
 174     method => 'DELETE',
 175     description => "Delete group.",
 176     parameters => {
 177         additionalProperties => 0,
 178         properties => {
 179             groupid => { type => 'string' , format => 'pve-groupid' },
 180         }
 181     },
 182     returns => { type => 'null' },
 183     code => sub {
 184         my ($param) = @_;
 185
 186         PVE::AccessControl::lock_user_config(
 187             sub {
 188
 189                 my $usercfg = cfs_read_file("user.cfg");
 190
 191                 my $group = $param->{groupid};
 192
 193                 die "group '$group' does not exist\n"
 194                     if !$usercfg->{groups}->{$group};
 195
 196                 delete ($usercfg->{groups}->{$group});
 197
 198                 PVE::AccessControl::delete_group_acl($group, $usercfg);
 199
 200                 cfs_write_file("user.cfg", $usercfg);
 201             }, "delete group failed");
 202
 203         return undef;
 204     }});
 205
 206 1;