]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/CLI/pveum.pm
1 package PVE
::CLI
::pveum
;
6 use PVE
::AccessControl
;
7 use PVE
::RPCEnvironment
;
12 use PVE
::API2
::AccessControl
;
13 use PVE
::API2
::Domains
;
14 use PVE
::CLIFormatter
;
16 use PVE
::JSONSchema
qw(get_standard_option);
19 use PVE
::Tools
qw(extract_param);
21 use base
qw(PVE::CLIHandler);
23 sub setup_environment
{
24 PVE
::RPCEnvironment-
>setup_default_cli_env();
31 'change_password' => [
32 PVE
::CLIHandler
::get_standard_mapping
('pve-password'),
35 PVE
::CLIHandler
::get_standard_mapping
('pve-password', {
37 # do not accept values given on cmdline
38 return PVE
::PTY
::read_password
('Enter password: ');
44 return $mapping->{$name};
47 my $print_api_result = sub {
48 my ($data, $schema, $options) = @_;
49 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
52 my $print_perm_result = sub {
53 my ($data, $schema, $options) = @_;
55 if (!defined($options->{'output-format'}) || $options->{'output-format'} eq 'text') {
61 'path' => { type
=> 'string', title
=> 'ACL path' },
62 'permissions' => { type
=> 'string', title
=> 'Permissions' },
67 foreach my $path (sort keys %$data) {
69 my $curr = $data->{$path};
70 foreach my $perm (sort keys %$curr) {
71 $value .= "\n" if $value;
73 $value .= " (*)" if $curr->{$perm};
75 push @$table_data, { path
=> $path, permissions
=> $value };
77 PVE
::CLIFormatter
::print_api_result
($table_data, $table_schema, undef, $options);
78 print "Permissions marked with '(*)' have the 'propagate' flag set.\n";
80 PVE
::CLIFormatter
::print_api_result
($data, $schema, undef, $options);
84 __PACKAGE__-
>register_method({
85 name
=> 'token_permissions',
86 path
=> 'token_permissions',
88 description
=> 'Retrieve effective permissions of given token.',
90 additionalProperties
=> 0,
92 userid
=> get_standard_option
('userid'),
93 tokenid
=> get_standard_option
('token-subid'),
94 path
=> get_standard_option
('acl-path', {
95 description
=> "Only dump this specific path, not the whole tree.",
102 description
=> 'Hash of structure "path" => "privilege" => "propagate boolean".',
107 my $token_subid = extract_param
($param, "tokenid");
108 $param->{userid
} = PVE
::AccessControl
::join_tokenid
($param->{userid
}, $token_subid);
110 return PVE
::API2
::AccessControl-
>permissions($param);
115 add
=> [ 'PVE::API2::User', 'create_user', ['userid'] ],
116 modify
=> [ 'PVE::API2::User', 'update_user', ['userid'] ],
117 delete => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
118 list
=> [ 'PVE::API2::User', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
119 permissions
=> [ 'PVE::API2::AccessControl', 'permissions', ['userid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
121 add
=> [ 'PVE::API2::User', 'generate_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
122 modify
=> [ 'PVE::API2::User', 'update_token_info', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
123 remove
=> [ 'PVE::API2::User', 'remove_token', ['userid', 'tokenid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
124 list
=> [ 'PVE::API2::User', 'token_index', ['userid'], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
125 permissions
=> [ __PACKAGE__
, 'token_permissions', ['userid', 'tokenid'], {}, $print_perm_result, $PVE::RESTHandler
::standard_output_options
],
129 add
=> [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
130 modify
=> [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
131 delete => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
132 list
=> [ 'PVE::API2::Group', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
135 add
=> [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
136 modify
=> [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
137 delete => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
138 list
=> [ 'PVE::API2::Role', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
141 modify
=> [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 0 }],
142 delete => [ 'PVE::API2::ACL', 'update_acl', ['path'], { delete => 1 }],
143 list
=> [ 'PVE::API2::ACL', 'read_acl', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
147 add
=> [ 'PVE::API2::Domains', 'create', ['realm'] ],
148 modify
=> [ 'PVE::API2::Domains', 'update', ['realm'] ],
149 delete => [ 'PVE::API2::Domains', 'delete', ['realm'] ],
150 list
=> [ 'PVE::API2::Domains', 'index', [], {}, $print_api_result, $PVE::RESTHandler
::standard_output_options
],
153 ticket
=> [ 'PVE::API2::AccessControl', 'create_ticket', ['username'], undef,
156 print "$res->{ticket}\n";
159 passwd
=> [ 'PVE::API2::AccessControl', 'change_password', ['userid'] ],
161 useradd
=> { alias
=> 'user add' },
162 usermod
=> { alias
=> 'user modify' },
163 userdel
=> { alias
=> 'user delete' },
165 groupadd
=> { alias
=> 'group add' },
166 groupmod
=> { alias
=> 'group modify' },
167 groupdel
=> { alias
=> 'group delete' },
169 roleadd
=> { alias
=> 'role add' },
170 rolemod
=> { alias
=> 'role modify' },
171 roledel
=> { alias
=> 'role delete' },
173 aclmod
=> { alias
=> 'acl modify' },
174 acldel
=> { alias
=> 'acl delete' },
projects / pve-access-control.git / blob