moved Pool.pm to pve-manager package

[pve-access-control.git] / PVE / API2 / AccessControl.pm

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 46b55104238da897f3d2e8c809bcd97fb1ad8efc..a3829fdac5618ed32285f5ef11f163769d3b2eec 100644 (file)
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -48,6 +48,9 @@ __PACKAGE__->register_method ({
     path => '', 
     method => 'GET',
     description => "Directory index.",
+    permissions => { 
+       user => 'all',
+    },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -132,7 +135,10 @@ __PACKAGE__->register_method ({
     name => 'create_ticket', 
     path => 'ticket', 
     method => 'POST',
-    permissions => { user => 'world' },
+    permissions => { 
+       description => "You need to pass valid credientials.",
+       user => 'world' 
+    },
     protected => 1, # else we can't access shadow files
     description => "Create or verify authentication ticket.",
     parameters => {
@@ -211,10 +217,13 @@ __PACKAGE__->register_method ({
     path => 'password', 
     method => 'PUT',
     permissions => { 
-       description => "Each user is allowed to change his own password. A user can change the password of another user if he has modify permission on /access/groups/<group> on a group where user <userid> is member of.",
+       description => "Each user is allowed to change his own password. A user can change the password of another user if he has 'Realm.AllocateUser' (on the realm of user <userid>) and 'User.Modify' permission on /access/groups/<group> on a group where user <userid> is member of.",
        check => [ 'or', 
                   ['userid-param', 'self'],
-                  ['userid-group', ['User.Modify']],
+                  [ 'and',
+                    [ 'userid-param', 'Realm.AllocateUser'],
+                    [ 'userid-group', ['User.Modify']]
+                  ]
            ],
     },
     protected => 1, # else we can't access shadow files