fix #233: return cluster name on successful login

[pve-access-control.git] / PVE / API2 / AccessControl.pm

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 318ee1536a47473ac1c4f165d2790232f4eda3fa..93f384af56cc38740643ca2a61b2ea542dd05485 100644 (file)
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -7,6 +7,7 @@ use PVE::Exception qw(raise raise_perm_exc);
 use PVE::SafeSyslog;
 use PVE::RPCEnvironment;
 use PVE::Cluster qw(cfs_read_file);
+use PVE::Corosync;
 use PVE::RESTHandler;
 use PVE::AccessControl;
 use PVE::JSONSchema qw(get_standard_option);
@@ -140,7 +141,7 @@ my $compute_api_permission = sub {
     my $priv_re_map = {
        vms => qr/VM\.|Permissions\.Modify/,
        access => qr/(User|Group)\.|Permissions\.Modify/,
-       storage => qr/Datastore\./,
+       storage => qr/Datastore\.|Permissions\.Modify/,
        nodes => qr/Sys\.|Permissions\.Modify/,
        dc => qr/Sys\.Audit/,
     };
@@ -184,7 +185,7 @@ __PACKAGE__->register_method ({
     path => 'ticket', 
     method => 'GET',
     permissions => { user => 'world' },
-    description => "Dummy. Useful for formaters which want to provide a login page.",
+    description => "Dummy. Useful for formatters which want to provide a login page.",
     parameters => {
        additionalProperties => 0,
     },
@@ -205,10 +206,10 @@ __PACKAGE__->register_method ({
        additionalProperties => 0,
        properties => {
            username => {
-               description => "User name",
-               type => 'string',
-               maxLength => 64,
-               completion => \&PVE::AccessControl::complete_username,
+               description => "User name",
+               type => 'string',
+               maxLength => 64,
+               completion => \&PVE::AccessControl::complete_username,
            },
            realm =>  get_standard_option('realm', {
                description => "You can optionally pass the realm using this parameter. Normally the realm is simply added to the username <username>\@<relam>.",
@@ -246,6 +247,7 @@ __PACKAGE__->register_method ({
            username => { type => 'string' },
            ticket => { type => 'string', optional => 1},
            CSRFPreventionToken => { type => 'string', optional => 1 },
+           clustername => { type => 'string', optional => 1 },
        }
     },
     code => sub {
@@ -277,13 +279,23 @@ __PACKAGE__->register_method ({
 
        $res->{cap} = &$compute_api_permission($rpcenv, $username);
 
+       if (PVE::Corosync::check_conf_exists(1)) {
+           if ($rpcenv->check($username, '/', ['Sys.Audit'], 1)) {
+               my $conf = cfs_read_file('corosync.conf');
+               my $totem = PVE::Corosync::totem_config($conf);
+               if ($totem->{cluster_name}) {
+                   $res->{clustername} = $totem->{cluster_name};
+               }
+           }
+       }
+
        PVE::Cluster::log_msg('info', 'root@pam', "successful auth for user '$username'");
 
        return $res;
     }});
 
 __PACKAGE__->register_method ({
-    name => 'change_passsword', 
+    name => 'change_password',
     path => 'password', 
     method => 'PUT',
     permissions => { 
@@ -301,9 +313,7 @@ __PACKAGE__->register_method ({
     parameters => {
        additionalProperties => 0,
        properties => {
-           userid => get_standard_option('userid', {
-               completion => \&PVE::AccessControl::complete_username,
-           }),
+           userid => get_standard_option('userid-completed'),
            password => { 
                description => "The new password.",
                type => 'string',