use PVE::JSONSchema qw(get_standard_option);
use PVE::SafeSyslog;
-
-use Data::Dumper; # fixme: remove
-
use PVE::RESTHandler;
my $domainconfigfile = "domains.cfg";
path => '',
method => 'GET',
description => "Authentication domain index.",
- permissions => { user => 'world' },
+ permissions => {
+ description => "Anyone can access that, because we need that list for the login box (before the user is authenticated).",
+ user => 'world',
+ },
parameters => {
additionalProperties => 0,
properties => {},
protected => 1,
path => '',
method => 'POST',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Add an authentication server.",
parameters => {
additionalProperties => 0,
name => 'update',
path => '{realm}',
method => 'PUT',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Update authentication server settings.",
protected => 1,
parameters => {
path => '{realm}',
method => 'GET',
description => "Get auth server configuration.",
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate', 'Sys.Audit'], any => 1],
+ },
parameters => {
additionalProperties => 0,
properties => {
name => 'delete',
path => '{realm}',
method => 'DELETE',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Delete an authentication server.",
protected => 1,
parameters => {