1 package PVE
::API2
::Group
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use base
qw(PVE::RESTHandler);
12 __PACKAGE__-
>register_method ({
16 description
=> "Group index.",
18 description
=> "The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/<group>.",
22 additionalProperties
=> 0,
30 groupid
=> { type
=> 'string' },
33 links
=> [ { rel
=> 'child', href
=> "{groupid}" } ],
40 my $rpcenv = PVE
::RPCEnvironment
::get
();
41 my $usercfg = cfs_read_file
("user.cfg");
42 my $authuser = $rpcenv->get_user();
44 my $privs = [ 'User.Modify', 'Sys.Audit', 'Group.Allocate'];
46 foreach my $group (keys %{$usercfg->{groups
}}) {
47 next if !$rpcenv->check_any($authuser, "/access/groups/$group", $privs, 1);
48 my $data = $usercfg->{groups
}->{$group};
49 my $entry = { groupid
=> $group };
50 $entry->{comment
} = $data->{comment
} if defined($data->{comment
});
57 __PACKAGE__-
>register_method ({
58 name
=> 'create_group',
63 check
=> ['perm', '/access/groups', ['Group.Allocate']],
65 description
=> "Create new group.",
67 additionalProperties
=> 0,
69 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
70 comment
=> { type
=> 'string', optional
=> 1 },
73 returns
=> { type
=> 'null' },
77 PVE
::AccessControl
::lock_user_config
(
80 my $usercfg = cfs_read_file
("user.cfg");
82 my $group = $param->{groupid
};
84 die "group '$group' already exists\n"
85 if $usercfg->{groups
}->{$group};
87 $usercfg->{groups
}->{$group} = { users
=> {} };
89 $usercfg->{groups
}->{$group}->{comment
} = $param->{comment
} if $param->{comment
};
92 cfs_write_file
("user.cfg", $usercfg);
93 }, "create group failed");
98 __PACKAGE__-
>register_method ({
99 name
=> 'update_group',
104 check
=> ['perm', '/access/groups', ['Group.Allocate']],
106 description
=> "Update group data.",
108 additionalProperties
=> 0,
111 type
=> 'string', format
=> 'pve-groupid',
112 completion
=> \
&PVE
::AccessControl
::complete_group
,
114 comment
=> { type
=> 'string', optional
=> 1 },
117 returns
=> { type
=> 'null' },
121 PVE
::AccessControl
::lock_user_config
(
124 my $usercfg = cfs_read_file
("user.cfg");
126 my $group = $param->{groupid
};
128 my $data = $usercfg->{groups
}->{$group};
130 die "group '$group' does not exist\n"
133 $data->{comment
} = $param->{comment
} if defined($param->{comment
});
135 cfs_write_file
("user.cfg", $usercfg);
136 }, "update group failed");
141 __PACKAGE__-
>register_method ({
142 name
=> 'read_group',
146 check
=> ['perm', '/access/groups', ['Sys.Audit', 'Group.Allocate'], any
=> 1],
148 description
=> "Get group configuration.",
150 additionalProperties
=> 0,
152 groupid
=> { type
=> 'string', format
=> 'pve-groupid' },
157 additionalProperties
=> 0,
159 comment
=> { type
=> 'string', optional
=> 1 },
171 my $group = $param->{groupid
};
173 my $usercfg = cfs_read_file
("user.cfg");
175 my $data = $usercfg->{groups
}->{$group};
177 die "group '$group' does not exist\n" if !$data;
179 my $members = $data->{users
} ?
[ keys %{$data->{users
}} ] : [];
181 my $res = { members
=> $members };
183 $res->{comment
} = $data->{comment
} if defined($data->{comment
});
189 __PACKAGE__-
>register_method ({
190 name
=> 'delete_group',
195 check
=> ['perm', '/access/groups', ['Group.Allocate']],
197 description
=> "Delete group.",
199 additionalProperties
=> 0,
202 type
=> 'string' , format
=> 'pve-groupid',
203 completion
=> \
&PVE
::AccessControl
::complete_group
,
207 returns
=> { type
=> 'null' },
211 PVE
::AccessControl
::lock_user_config
(
214 my $usercfg = cfs_read_file
("user.cfg");
216 my $group = $param->{groupid
};
218 die "group '$group' does not exist\n"
219 if !$usercfg->{groups
}->{$group};
221 delete ($usercfg->{groups
}->{$group});
223 PVE
::AccessControl
::delete_group_acl
($group, $usercfg);
225 cfs_write_file
("user.cfg", $usercfg);
226 }, "delete group failed");