1 package PVE
::API2
::Group
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
9 use PVE
::JSONSchema
qw(get_standard_option register_standard_option);
11 use base
qw(PVE::RESTHandler);
13 register_standard_option
('group-id', {
15 format
=> 'pve-groupid',
16 completion
=> \
&PVE
::AccessControl
::complete_group
,
19 register_standard_option
('group-comment', { type
=> 'string', optional
=> 1 });
21 __PACKAGE__-
>register_method ({
25 description
=> "Group index.",
27 description
=> "The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/<group>.",
31 additionalProperties
=> 0,
39 groupid
=> get_standard_option
('group-id'),
40 comment
=> get_standard_option
('group-comment'),
43 format
=> 'pve-userid-list',
45 description
=> 'list of users which form this group',
49 links
=> [ { rel
=> 'child', href
=> "{groupid}" } ],
56 my $rpcenv = PVE
::RPCEnvironment
::get
();
57 my $usercfg = cfs_read_file
("user.cfg");
58 my $authuser = $rpcenv->get_user();
60 my $privs = [ 'User.Modify', 'Sys.Audit', 'Group.Allocate'];
62 foreach my $group (keys %{$usercfg->{groups
}}) {
63 next if !$rpcenv->check_any($authuser, "/access/groups/$group", $privs, 1);
64 my $data = $usercfg->{groups
}->{$group};
65 my $entry = { groupid
=> $group };
66 $entry->{comment
} = $data->{comment
} if defined($data->{comment
});
67 $entry->{users
} = join (',', sort keys %{$data->{users
}}) if defined($data->{users
});
74 __PACKAGE__-
>register_method ({
75 name
=> 'create_group',
80 check
=> ['perm', '/access/groups', ['Group.Allocate']],
82 description
=> "Create new group.",
84 additionalProperties
=> 0,
86 groupid
=> get_standard_option
('group-id'),
87 comment
=> get_standard_option
('group-comment'),
90 returns
=> { type
=> 'null' },
94 PVE
::AccessControl
::lock_user_config
(
97 my $usercfg = cfs_read_file
("user.cfg");
99 my $group = $param->{groupid
};
101 die "group '$group' already exists\n"
102 if $usercfg->{groups
}->{$group};
104 $usercfg->{groups
}->{$group} = { users
=> {} };
106 $usercfg->{groups
}->{$group}->{comment
} = $param->{comment
} if $param->{comment
};
109 cfs_write_file
("user.cfg", $usercfg);
110 }, "create group failed");
115 __PACKAGE__-
>register_method ({
116 name
=> 'update_group',
121 check
=> ['perm', '/access/groups', ['Group.Allocate']],
123 description
=> "Update group data.",
125 additionalProperties
=> 0,
127 groupid
=> get_standard_option
('group-id'),
128 comment
=> get_standard_option
('group-comment'),
131 returns
=> { type
=> 'null' },
135 PVE
::AccessControl
::lock_user_config
(
138 my $usercfg = cfs_read_file
("user.cfg");
140 my $group = $param->{groupid
};
142 my $data = $usercfg->{groups
}->{$group};
144 die "group '$group' does not exist\n"
147 $data->{comment
} = $param->{comment
} if defined($param->{comment
});
149 cfs_write_file
("user.cfg", $usercfg);
150 }, "update group failed");
155 __PACKAGE__-
>register_method ({
156 name
=> 'read_group',
160 check
=> ['perm', '/access/groups', ['Sys.Audit', 'Group.Allocate'], any
=> 1],
162 description
=> "Get group configuration.",
164 additionalProperties
=> 0,
166 groupid
=> get_standard_option
('group-id'),
171 additionalProperties
=> 0,
173 comment
=> get_standard_option
('group-comment'),
176 items
=> get_standard_option
('userid-completed')
183 my $group = $param->{groupid
};
185 my $usercfg = cfs_read_file
("user.cfg");
187 my $data = $usercfg->{groups
}->{$group};
189 die "group '$group' does not exist\n" if !$data;
191 my $members = $data->{users
} ?
[ keys %{$data->{users
}} ] : [];
193 my $res = { members
=> $members };
195 $res->{comment
} = $data->{comment
} if defined($data->{comment
});
201 __PACKAGE__-
>register_method ({
202 name
=> 'delete_group',
207 check
=> ['perm', '/access/groups', ['Group.Allocate']],
209 description
=> "Delete group.",
211 additionalProperties
=> 0,
213 groupid
=> get_standard_option
('group-id'),
216 returns
=> { type
=> 'null' },
220 PVE
::AccessControl
::lock_user_config
(
223 my $usercfg = cfs_read_file
("user.cfg");
225 my $group = $param->{groupid
};
227 die "group '$group' does not exist\n"
228 if !$usercfg->{groups
}->{$group};
230 delete ($usercfg->{groups
}->{$group});
232 PVE
::AccessControl
::delete_group_acl
($group, $usercfg);
234 cfs_write_file
("user.cfg", $usercfg);
235 }, "delete group failed");