1 package PVE
::API2
::Role
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
10 use Data
::Dumper
; # fixme: remove
14 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
20 description
=> "Role index.",
25 additionalProperties
=> 0,
33 roleid
=> { type
=> 'string' },
36 links
=> [ { rel
=> 'child', href
=> "{roleid}" } ],
43 my $usercfg = cfs_read_file
("user.cfg");
45 foreach my $role (keys %{$usercfg->{roles
}}) {
46 my $privs = join(',', sort keys %{$usercfg->{roles
}->{$role}});
47 push @$res, { roleid
=> $role, privs
=> $privs,
48 special
=> PVE
::AccessControl
::role_is_special
($role) };
54 __PACKAGE__-
>register_method ({
55 name
=> 'create_role',
60 check
=> ['perm', '/access', ['Sys.Modify']],
62 description
=> "Create new role.",
64 additionalProperties
=> 0,
66 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
67 privs
=> { type
=> 'string' , format
=> 'pve-priv-list', optional
=> 1 },
70 returns
=> { type
=> 'null' },
74 PVE
::AccessControl
::lock_user_config
(
77 my $usercfg = cfs_read_file
("user.cfg");
79 my $role = $param->{roleid
};
81 die "role '$role' already exists\n"
82 if $usercfg->{roles
}->{$role};
84 $usercfg->{roles
}->{$role} = {};
86 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
88 cfs_write_file
("user.cfg", $usercfg);
89 }, "create role failed");
94 __PACKAGE__-
>register_method ({
95 name
=> 'update_role',
100 check
=> ['perm', '/access', ['Sys.Modify']],
102 description
=> "Create new role.",
104 additionalProperties
=> 0,
106 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
107 privs
=> { type
=> 'string' , format
=> 'pve-priv-list' },
115 returns
=> { type
=> 'null' },
119 PVE
::AccessControl
::lock_user_config
(
122 my $role = $param->{roleid
};
124 my $usercfg = cfs_read_file
("user.cfg");
126 die "role '$role' does not exist\n"
127 if !$usercfg->{roles
}->{$role};
129 $usercfg->{roles
}->{$role} = {} if !$param->{append
};
131 PVE
::AccessControl
::add_role_privs
($role, $usercfg, $param->{privs
});
133 cfs_write_file
("user.cfg", $usercfg);
134 }, "update role failed");
139 # fixme: return format!
140 __PACKAGE__-
>register_method ({
147 description
=> "Get role configuration.",
149 additionalProperties
=> 0,
151 roleid
=> { type
=> 'string' , format
=> 'pve-roleid' },
158 my $usercfg = cfs_read_file
("user.cfg");
160 my $role = $param->{roleid
};
162 my $data = $usercfg->{roles
}->{$role};
164 die "role '$role' does not exist\n" if !$data;
170 __PACKAGE__-
>register_method ({
171 name
=> 'delete_role',
176 check
=> ['perm', '/access', ['Sys.Modify']],
178 description
=> "Delete role.",
180 additionalProperties
=> 0,
182 roleid
=> { type
=> 'string', format
=> 'pve-roleid' },
185 returns
=> { type
=> 'null' },
189 PVE
::AccessControl
::lock_user_config
(
192 my $role = $param->{roleid
};
194 my $usercfg = cfs_read_file
("user.cfg");
196 die "role '$role' does not exist\n"
197 if !$usercfg->{roles
}->{$role};
199 die "auto-generated role '$role' can not be deleted\n"
200 if PVE
::AccessControl
::role_is_special
($role);
202 delete ($usercfg->{roles
}->{$role});
204 # fixme: delete role from acl?
206 cfs_write_file
("user.cfg", $usercfg);
207 }, "delete role failed");
projects / pve-access-control.git / blob