use PVE::JSONSchema qw(get_standard_option);
use PVE::SafeSyslog;
-
-use Data::Dumper; # fixme: remove
-
use PVE::RESTHandler;
my $domainconfigfile = "domains.cfg";
path => '',
method => 'GET',
description => "Authentication domain index.",
- permissions => { user => 'world' },
+ permissions => {
+ description => "Anyone can access that, because we need that list for the login box (before the user is authenticated).",
+ user => 'world',
+ },
parameters => {
additionalProperties => 0,
properties => {},
protected => 1,
path => '',
method => 'POST',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Add an authentication server.",
parameters => {
additionalProperties => 0,
optional => 1,
},
port => {
- description => "Server port",
+ description => "Server port. Use '0' if you want to use default settings'",
type => 'integer',
- minimum => 1,
+ minimum => 0,
maximum => 65535,
optional => 1,
},
if (defined($param->{secure})) {
$cfg->{$realm}->{secure} = $param->{secure} ? 1 : 0;
}
-
+
if ($param->{default}) {
foreach my $r (keys %$cfg) {
delete $cfg->{$r}->{default};
foreach my $p (keys %$param) {
next if $p eq 'realm';
- $cfg->{$realm}->{$p} = $param->{$p};
+ $cfg->{$realm}->{$p} = $param->{$p} if $param->{$p};
+ }
+
+ # port 0 ==> use default
+ # server2 == '' ===> delete server2
+ for my $p (qw(port server2)) {
+ if (defined($param->{$p}) && !$param->{$p}) {
+ delete $cfg->{$realm}->{$p};
+ }
}
cfs_write_file($domainconfigfile, $cfg);
name => 'update',
path => '{realm}',
method => 'PUT',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Update authentication server settings.",
protected => 1,
parameters => {
optional => 1,
},
port => {
- description => "Server port",
+ description => "Server port. Use '0' if you want to use default settings'",
type => 'integer',
- minimum => 1,
+ minimum => 0,
maximum => 65535,
optional => 1,
},
}
foreach my $p (keys %$param) {
- $cfg->{$realm}->{$p} = $param->{$p};
+ if ($param->{$p}) {
+ $cfg->{$realm}->{$p} = $param->{$p};
+ } else {
+ delete $cfg->{$realm}->{$p};
+ }
}
cfs_write_file($domainconfigfile, $cfg);
path => '{realm}',
method => 'GET',
description => "Get auth server configuration.",
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate', 'Sys.Audit'], any => 1],
+ },
parameters => {
additionalProperties => 0,
properties => {
name => 'delete',
path => '{realm}',
method => 'DELETE',
+ permissions => {
+ check => ['perm', '/access/realm', ['Realm.Allocate']],
+ },
description => "Delete an authentication server.",
protected => 1,
parameters => {
projects / pve-access-control.git / blobdiff