1 package PVE
::API2
::User
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::Tools
qw(split_list);
7 use PVE
::AccessControl
;
8 use PVE
::JSONSchema
qw(get_standard_option);
12 use Data
::Dumper
; # fixme: remove
16 use base
qw(PVE::RESTHandler);
18 my $extract_user_data = sub {
19 my ($data, $full) = @_;
23 foreach my $prop (qw(enable expire firstname lastname email comment)) {
24 $res->{$prop} = $data->{$prop} if defined($data->{$prop});
27 return $res if !$full;
29 $res->{groups
} = $data->{groups
} ?
[ keys %{$data->{groups
}} ] : [];
34 __PACKAGE__-
>register_method ({
38 description
=> "User index.",
40 additionalProperties
=> 0,
44 description
=> "Optional filter for enable property.",
54 userid
=> { type
=> 'string' },
57 links
=> [ { rel
=> 'child', href
=> "{userid}" } ],
64 my $usercfg = cfs_read_file
("user.cfg");
66 foreach my $user (keys %{$usercfg->{users
}}) {
67 next if $user eq 'root';
69 my $entry = &$extract_user_data($usercfg->{users
}->{$user});
71 if (defined($param->{enabled
})) {
72 next if $entry->{enable
} && !$param->{enabled
};
73 next if !$entry->{enable
} && $param->{enabled
};
76 $entry->{userid
} = $user;
83 __PACKAGE__-
>register_method ({
84 name
=> 'create_user',
88 description
=> "Create new user.",
90 additionalProperties
=> 0,
92 userid
=> get_standard_option
('userid'),
93 password
=> { type
=> 'string', optional
=> 1 },
94 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list'},
95 firstname
=> { type
=> 'string', optional
=> 1 },
96 lastname
=> { type
=> 'string', optional
=> 1 },
97 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
98 comment
=> { type
=> 'string', optional
=> 1 },
100 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
106 description
=> "Enable the account (default). You can set this to '0' to disable the accout",
113 returns
=> { type
=> 'null' },
117 PVE
::AccessControl
::lock_user_config
(
120 my ($username, $ruid, $realm) = PVE
::AccessControl
::verify_username
($param->{userid
});
122 my $usercfg = cfs_read_file
("user.cfg");
124 die "user '$username' already exists\n"
125 if $usercfg->{users
}->{$username};
127 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
128 if $param->{password
};
130 my $enable = defined($param->{enable
}) ?
$param->{enable
} : 1;
131 $usercfg->{users
}->{$username} = { enable
=> $enable };
132 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if $param->{expire
};
134 if ($param->{groups
}) {
135 foreach my $group (split_list
($param->{groups
})) {
136 if ($usercfg->{groups
}->{$group}) {
137 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
139 die "no such group '$group'\n";
144 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if $param->{firstname
};
145 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if $param->{lastname
};
146 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if $param->{email
};
147 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if $param->{comment
};
149 cfs_write_file
("user.cfg", $usercfg);
150 }, "create user failed");
155 __PACKAGE__-
>register_method ({
159 description
=> "Get user configuration.",
161 additionalProperties
=> 0,
163 userid
=> get_standard_option
('userid'),
167 additionalProperties
=> 0,
169 enable
=> { type
=> 'boolean' },
170 expire
=> { type
=> 'integer', optional
=> 1 },
171 firstname
=> { type
=> 'string', optional
=> 1 },
172 lastname
=> { type
=> 'string', optional
=> 1 },
173 email
=> { type
=> 'string', optional
=> 1 },
174 comment
=> { type
=> 'string', optional
=> 1 },
175 groups
=> { type
=> 'array' },
181 my ($username, undef, $domain) =
182 PVE
::AccessControl
::verify_username
($param->{userid
});
184 my $usercfg = cfs_read_file
("user.cfg");
186 my $data = $usercfg->{users
}->{$username};
188 die "user '$username' does not exist\n" if !$data;
190 return &$extract_user_data($data, 1);
193 __PACKAGE__-
>register_method ({
194 name
=> 'update_user',
198 description
=> "Update user configuration.",
200 additionalProperties
=> 0,
202 userid
=> get_standard_option
('userid'),
203 password
=> { type
=> 'string', optional
=> 1 },
204 groups
=> { type
=> 'string', optional
=> 1, format
=> 'pve-groupid-list' },
208 requires
=> 'groups',
211 description
=> "Enable/disable the account.",
215 firstname
=> { type
=> 'string', optional
=> 1 },
216 lastname
=> { type
=> 'string', optional
=> 1 },
217 email
=> { type
=> 'string', optional
=> 1, format
=> 'email-opt' },
218 comment
=> { type
=> 'string', optional
=> 1 },
220 description
=> "Account expiration date (seconds since epoch). '0' means no expiration date.",
227 returns
=> { type
=> 'null' },
231 PVE
::AccessControl
::lock_user_config
(
234 my ($username, $ruid, $realm) =
235 PVE
::AccessControl
::verify_username
($param->{userid
});
237 my $usercfg = cfs_read_file
("user.cfg");
239 die "user '$username' does not exist\n"
240 if !$usercfg->{users
}->{$username};
242 PVE
::AccessControl
::domain_set_password
($realm, $ruid, $param->{password
})
243 if $param->{password
};
245 $usercfg->{users
}->{$username}->{enable
} = $param->{enable
} if defined($param->{enable
});
247 $usercfg->{users
}->{$username}->{expire
} = $param->{expire
} if defined($param->{expire
});
249 PVE
::AccessControl
::delete_user_group
($username, $usercfg)
250 if (!$param->{append
} && defined($param->{groups
}));
252 if ($param->{groups
}) {
253 foreach my $group (split_list
($param->{groups
})) {
254 if ($usercfg->{groups
}->{$group}) {
255 PVE
::AccessControl
::add_user_group
($username, $usercfg, $group);
257 die "no such group '$group'\n";
262 $usercfg->{users
}->{$username}->{firstname
} = $param->{firstname
} if defined($param->{firstname
});
263 $usercfg->{users
}->{$username}->{lastname
} = $param->{lastname
} if defined($param->{lastname
});
264 $usercfg->{users
}->{$username}->{email
} = $param->{email
} if defined($param->{email
});
265 $usercfg->{users
}->{$username}->{comment
} = $param->{comment
} if defined($param->{comment
});
267 cfs_write_file
("user.cfg", $usercfg);
268 }, "update user failed");
273 __PACKAGE__-
>register_method ({
274 name
=> 'delete_user',
278 description
=> "Delete user.",
280 additionalProperties
=> 0,
282 userid
=> get_standard_option
('userid'),
285 returns
=> { type
=> 'null' },
289 PVE
::AccessControl
::lock_user_config
(
292 my ($username, $ruid, $realm) =
293 PVE
::AccessControl
::verify_username
($param->{userid
});
295 my $usercfg = cfs_read_file
("user.cfg");
297 die "user '$username' does not exist\n"
298 if !$usercfg->{users
}->{$username};
300 delete ($usercfg->{users
}->{$username});
302 PVE
::AccessControl
::delete_shadow_password
($ruid) if $realm eq 'pve';
303 PVE
::AccessControl
::delete_user_group
($username, $usercfg);
304 PVE
::AccessControl
::delete_user_acl
($username, $usercfg);
306 cfs_write_file
("user.cfg", $usercfg);
307 }, "delete user failed");