path => '',
method => 'GET',
description => "Group index.",
+ permissions => {
+ description => "The returned list is restricted to groups where you have 'User.Allocate' or 'Sys.Audit' permissions on '/access', or 'User.Allocate' on /access/groups/<group>.",
+ user => 'all',
+ },
parameters => {
additionalProperties => 0,
properties => {},
my $res = [];
+ my $rpcenv = PVE::RPCEnvironment::get();
my $usercfg = cfs_read_file("user.cfg");
+ my $authuser = $rpcenv->get_user();
+
+ my $privs = [ 'User.Allocate', 'Sys.Audit' ];
+ my $allow = $rpcenv->check_any($authuser, "/access", $privs, 1);
+ my $allowed_groups = $rpcenv->filter_groups($authuser, $privs, 1);
foreach my $group (keys %{$usercfg->{groups}}) {
+ next if !($allow || $allowed_groups->{$group});
my $entry = &$extract_group_data($usercfg->{groups}->{$group});
$entry->{groupid} = $group;
push @$res, $entry;
protected => 1,
path => '',
method => 'POST',
+ permissions => {
+ check => ['perm', '/access', ['Sys.Modify']],
+ },
description => "Create new group.",
parameters => {
additionalProperties => 0,
protected => 1,
path => '{groupid}',
method => 'PUT',
+ permissions => {
+ check => ['perm', '/access', ['Sys.Modify']],
+ },
description => "Update group data.",
parameters => {
additionalProperties => 0,
name => 'read_group',
path => '{groupid}',
method => 'GET',
+ permissions => {
+ check => ['perm', '/access', ['Sys.Audit']],
+ },
description => "Get group configuration.",
parameters => {
additionalProperties => 0,
protected => 1,
path => '{groupid}',
method => 'DELETE',
+ permissions => {
+ check => ['perm', '/access', ['Sys.Modify']],
+ },
description => "Delete group.",
parameters => {
additionalProperties => 0,