moved add_vm_to_pool/remove_vm_from_pool from qemu-server

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 26f61a369ba2335593778884adfd36186a749686..a9bf2dd9a1ec522cbd2a003a608f506a1dc97252 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -364,8 +364,10 @@ my $privgroups = {
            'VM.Config.HWType',
            'VM.Config.Options', # covers all other things 
            'VM.Allocate', 
+           'VM.Clone', 
            'VM.Migrate',
            'VM.Monitor', 
+           'VM.Snapshot', 
        ],
        user => [
            'VM.Config.CDROM', # change CDROM media
@@ -456,6 +458,8 @@ sub create_roles {
            $special_roles->{"PVEAuditor"}->{$p} = 1;
        }
     }
+
+    $special_roles->{"PVETemplateUser"} = { 'VM.Clone' => 1, 'VM.Audit' => 1 };
 };
 
 create_roles();
@@ -955,4 +959,36 @@ sub check_permissions {
     return 1;
 }
 
+sub add_vm_to_pool {
+    my ($vmid, $pool) = @_;
+
+    my $addVMtoPoolFn = sub {
+       my $usercfg = cfs_read_file("user.cfg");
+       if (my $data = $usercfg->{pools}->{$pool}) {
+           $data->{vms}->{$vmid} = 1;
+           $usercfg->{vms}->{$vmid} = $pool;
+           cfs_write_file("user.cfg", $usercfg);
+       }
+    };
+
+    lock_user_config($addVMtoPoolFn, "can't add VM $vmid to pool '$pool'");
+}
+
+sub remove_vm_from_pool {
+    my ($vmid) = @_;
+    
+    my $delVMfromPoolFn = sub {
+       my $usercfg = cfs_read_file("user.cfg");
+       if (my $pool = $usercfg->{vms}->{$vmid}) {
+           if (my $data = $usercfg->{pools}->{$pool}) {
+               delete $data->{vms}->{$vmid};
+               delete $usercfg->{vms}->{$vmid};
+               cfs_write_file("user.cfg", $usercfg);
+           }
+       }
+    };
+
+    lock_user_config($delVMfromPoolFn, "pool cleanup for VM $vmid failed");
+}
+
 1;