api: get user: declare token schema

[pve-access-control.git] / src / PVE / API2 / User.pm

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 3d4d4e08d02775a36b5bb66299065647e66ffb9a..34545546b530ff50044dff28f31b0d8ca881d600 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -221,7 +221,7 @@ __PACKAGE__->register_method ({
        check => [
            'and',
            [ 'userid-param', 'Realm.AllocateUser'],
-           [ 'userid-group', ['User.Modify'], groups_param => 1],
+           [ 'userid-group', ['User.Modify'], groups_param => 'create'],
        ],
     },
     description => "Create new user.",
@@ -323,6 +323,7 @@ __PACKAGE__->register_method ({
            tokens => {
                optional => 1,
                type => 'object',
+               additionalProperties => get_standard_option('token-info'),
            },
        },
        type => "object"
@@ -345,7 +346,7 @@ __PACKAGE__->register_method ({
     path => '{userid}',
     method => 'PUT',
     permissions => {
-       check => ['userid-group', ['User.Modify'], groups_param => 1 ],
+       check => ['userid-group', ['User.Modify'], groups_param => 'update' ],
     },
     description => "Update user configuration.",
     parameters => {
@@ -453,7 +454,7 @@ __PACKAGE__->register_method ({
 
            my $partial_deletion = '';
            eval {
-               PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+               PVE::AccessControl::user_remove_tfa($userid);
                $partial_deletion = ' - but deleted related TFA';
 
                PVE::AccessControl::delete_user_group($userid, $usercfg);