1 package PVE
::API2
::User
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::Tools
qw(split_list);
7 use PVE
::AccessControl
;
8 use PVE
::JSONSchema
qw(get_standard_option);
12 use Data
::Dumper
; # fixme: remove
16 use base
qw(PVE::RESTHandler);
18 my $extract_user_data = sub {
19 my ($data, $full) = @_;
23 foreach my $prop (qw(enable expire firstname lastname email comment)) {
24 $res->{$prop} = $data->{$prop} if defined($data->{$prop});
27 return $res if !$full;
29 $res->{groups
} = $data->{groups
} ?
[ keys %{$data->{groups
}} ] : [];
34 __PACKAGE__-
>register_method ({
38 description
=> "User index.",
40 additionalProperties
=> 0,
48 userid
=> { type
=> 'string' },
51 links
=> [ { rel
=> 'child', href
=> "{userid}" } ],
58 my $usercfg = cfs_read_file
("user.cfg");
60 foreach my $user (keys %{$usercfg->{users
}}) {
61 next if $user eq 'root';
63 my $entry = &$extract_user_data($usercfg->{users
}->{$user});
64 $entry->{userid
} = $user;
71 __PACKAGE__-
>register_method ({
72 name
=> 'create_user',
76 description
=> "Create new user.",
78 additionalProperties
=> 0,
80 userid
=> get_standard_option
('userid'),
81 password
=> { type
=> 'string', optional
=> 1 },
82 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list'},
83 firstname
=> { type
=> 'string', optional
=> 1 },
84 lastname
=> { type
=> 'string', optional
=> 1 },
85 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
86 comment
=> { type
=> 'string', optional
=> 1 },
88 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
94 description
=> "Enable the account (default). You can set this to '0' to disable the accout",
101 returns
=> { type
=> 'null' },
105 PVE
::AccessControl
::lock_user_config
(
108 my ($username, $ruid, $realm) = PVE
::AccessControl
::verify_username
($param->{userid
});
110 my $usercfg = cfs_read_file
("user.cfg");
112 die "user '$username' already exists\n"
113 if $usercfg->{users
}->{$username};
115 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
116 if $param->{password
};
118 my $enable = defined($param->{enable
}) ?
$param->{enable
} : 1;
119 $usercfg->{users
}->{$username} = { enable
=> $enable };
120 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if $param->{expire
};
122 if ($param->{groups
}) {
123 foreach my $group (split_list
($param->{groups
})) {
124 if ($usercfg->{groups
}->{$group}) {
125 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
127 die "no such group '$group'\n";
132 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if $param->{firstname
};
133 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if $param->{lastname
};
134 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if $param->{email
};
135 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if $param->{comment
};
137 cfs_write_file
("user.cfg", $usercfg);
138 }, "create user failed");
143 __PACKAGE__-
>register_method ({
147 description
=> "Get user configuration.",
149 additionalProperties
=> 0,
151 userid
=> get_standard_option
('userid'),
155 additionalProperties
=> 0,
157 enable
=> { type
=> 'boolean' },
158 expire
=> { type
=> 'integer', optional
=> 1 },
159 firstname
=> { type
=> 'string', optional
=> 1 },
160 lastname
=> { type
=> 'string', optional
=> 1 },
161 email
=> { type
=> 'string', optional
=> 1 },
162 comment
=> { type
=> 'string', optional
=> 1 },
163 groups
=> { type
=> 'array' },
169 my ($username, undef, $domain) =
170 PVE
::AccessControl
::verify_username
($param->{userid
});
172 my $usercfg = cfs_read_file
("user.cfg");
174 my $data = $usercfg->{users
}->{$username};
176 die "user '$username' does not exist\n" if !$data;
178 return &$extract_user_data($data, 1);
181 __PACKAGE__-
>register_method ({
182 name
=> 'update_user',
186 description
=> "Update user configuration.",
188 additionalProperties
=> 0,
190 userid
=> get_standard_option
('userid'),
191 password
=> { type
=> 'string', optional
=> 1 },
192 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list' },
196 requires
=> 'groups',
199 description
=> "Enable/disable the account.",
203 firstname
=> { type
=> 'string', optional
=> 1 },
204 lastname
=> { type
=> 'string', optional
=> 1 },
205 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
206 comment
=> { type
=> 'string', optional
=> 1 },
208 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
215 returns
=> { type
=> 'null' },
219 PVE
::AccessControl
::lock_user_config
(
222 my ($username, $ruid, $realm) =
223 PVE
::AccessControl
::verify_username
($param->{userid
});
225 my $usercfg = cfs_read_file
("user.cfg");
227 die "user '$username' does not exist\n"
228 if !$usercfg->{users
}->{$username};
230 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
231 if $param->{password
};
233 $usercfg->{users
}->{$username}->{enable
} = $param->{enable
} if defined($param->{enable
});
235 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if defined($param->{expire
});
237 PVE
::AccessControl
::delete_user_group
($username, $usercfg)
238 if (!$param->{append
} && $param->{groups
});
240 if ($param->{groups
}) {
241 foreach my $group (split_list
($param->{groups
})) {
242 if ($usercfg->{groups
}->{$group}) {
243 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
245 die "no such group '$group'\n";
250 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if defined($param->{firstname
});
251 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if defined($param->{lastname
});
252 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if defined($param->{email
});
253 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if defined($param->{comment
});
255 cfs_write_file
("user.cfg", $usercfg);
256 }, "update user failed");
261 __PACKAGE__-
>register_method ({
262 name
=> 'delete_user',
266 description
=> "Delete user.",
268 additionalProperties
=> 0,
270 userid
=> get_standard_option
('userid'),
273 returns
=> { type
=> 'null' },
277 PVE
::AccessControl
::lock_user_config
(
280 my ($username, $ruid, $realm) =
281 PVE
::AccessControl
::verify_username
($param->{userid
});
283 my $usercfg = cfs_read_file
("user.cfg");
285 die "user '$username' does not exist\n"
286 if !$usercfg->{users
}->{$username};
288 delete ($usercfg->{users
}->{$username});
290 PVE
::AccessControl
::delete_shadow_password
($ruid) if $realm eq 'pve';
291 PVE
::AccessControl
::delete_user_group
($username, $usercfg);
292 PVE
::AccessControl
::delete_user_acl
($username, $usercfg);
294 cfs_write_file
("user.cfg", $usercfg);
295 }, "delete user failed");