1 package PVE
::API2
::Group
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
9 use PVE
::JSONSchema
qw(get_standard_option register_standard_option);
11 use base
qw(PVE::RESTHandler);
13 register_standard_option
('group-id', {
15 format
=> 'pve-groupid',
17 completion
=> \
&PVE
::AccessControl
::complete_group
,
20 register_standard_option
('group-comment', { type
=> 'string', optional
=> 1 });
22 __PACKAGE__-
>register_method ({
26 description
=> "Group index.",
28 description
=> "The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/<group>.",
32 additionalProperties
=> 0,
40 groupid
=> get_standard_option
('group-id'),
41 comment
=> get_standard_option
('group-comment'),
44 links
=> [ { rel
=> 'child', href
=> "{groupid}" } ],
51 my $rpcenv = PVE
::RPCEnvironment
::get
();
52 my $usercfg = cfs_read_file
("user.cfg");
53 my $authuser = $rpcenv->get_user();
55 my $privs = [ 'User.Modify', 'Sys.Audit', 'Group.Allocate'];
57 foreach my $group (keys %{$usercfg->{groups
}}) {
58 next if !$rpcenv->check_any($authuser, "/access/groups/$group", $privs, 1);
59 my $data = $usercfg->{groups
}->{$group};
60 my $entry = { groupid
=> $group };
61 $entry->{comment
} = $data->{comment
} if defined($data->{comment
});
68 __PACKAGE__-
>register_method ({
69 name
=> 'create_group',
74 check
=> ['perm', '/access/groups', ['Group.Allocate']],
76 description
=> "Create new group.",
78 additionalProperties
=> 0,
80 groupid
=> get_standard_option
('group-id'),
81 comment
=> get_standard_option
('group-comment'),
84 returns
=> { type
=> 'null' },
88 PVE
::AccessControl
::lock_user_config
(
91 my $usercfg = cfs_read_file
("user.cfg");
93 my $group = $param->{groupid
};
95 die "group '$group' already exists\n"
96 if $usercfg->{groups
}->{$group};
98 $usercfg->{groups
}->{$group} = { users
=> {} };
100 $usercfg->{groups
}->{$group}->{comment
} = $param->{comment
} if $param->{comment
};
103 cfs_write_file
("user.cfg", $usercfg);
104 }, "create group failed");
109 __PACKAGE__-
>register_method ({
110 name
=> 'update_group',
115 check
=> ['perm', '/access/groups', ['Group.Allocate']],
117 description
=> "Update group data.",
119 additionalProperties
=> 0,
121 groupid
=> get_standard_option
('group-id'),
122 comment
=> get_standard_option
('group-comment'),
125 returns
=> { type
=> 'null' },
129 PVE
::AccessControl
::lock_user_config
(
132 my $usercfg = cfs_read_file
("user.cfg");
134 my $group = $param->{groupid
};
136 my $data = $usercfg->{groups
}->{$group};
138 die "group '$group' does not exist\n"
141 $data->{comment
} = $param->{comment
} if defined($param->{comment
});
143 cfs_write_file
("user.cfg", $usercfg);
144 }, "update group failed");
149 __PACKAGE__-
>register_method ({
150 name
=> 'read_group',
154 check
=> ['perm', '/access/groups', ['Sys.Audit', 'Group.Allocate'], any
=> 1],
156 description
=> "Get group configuration.",
158 additionalProperties
=> 0,
160 groupid
=> get_standard_option
('group-id'),
165 additionalProperties
=> 0,
167 comment
=> get_standard_option
('group-comment'),
170 items
=> get_standard_option
('userid-completed')
177 my $group = $param->{groupid
};
179 my $usercfg = cfs_read_file
("user.cfg");
181 my $data = $usercfg->{groups
}->{$group};
183 die "group '$group' does not exist\n" if !$data;
185 my $members = $data->{users
} ?
[ keys %{$data->{users
}} ] : [];
187 my $res = { members
=> $members };
189 $res->{comment
} = $data->{comment
} if defined($data->{comment
});
195 __PACKAGE__-
>register_method ({
196 name
=> 'delete_group',
201 check
=> ['perm', '/access/groups', ['Group.Allocate']],
203 description
=> "Delete group.",
205 additionalProperties
=> 0,
207 groupid
=> get_standard_option
('group-id'),
210 returns
=> { type
=> 'null' },
214 PVE
::AccessControl
::lock_user_config
(
217 my $usercfg = cfs_read_file
("user.cfg");
219 my $group = $param->{groupid
};
221 die "group '$group' does not exist\n"
222 if !$usercfg->{groups
}->{$group};
224 delete ($usercfg->{groups
}->{$group});
226 PVE
::AccessControl
::delete_group_acl
($group, $usercfg);
228 cfs_write_file
("user.cfg", $usercfg);
229 }, "delete group failed");