fix #1998: correct return properties for read_role

we have each privilege as property of the return object,
so we generate it from $valid_privs

this has the advantage that all privileges are well documented
with that api call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 80959b0a26d65d8eedac8aa070ecac05a8b18f48..83e4a9d4a9ab20b1efce78c4b433f6db3e0f72d2 100644 (file)
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -163,9 +163,7 @@ __PACKAGE__->register_method ({
     returns => {
        type => "object",
        additionalProperties => 0,
     returns => {
        type => "object",
        additionalProperties => 0,

-       properties => {
-           privs =>  get_standard_option('role-privs'),
-       },
+       properties => PVE::AccessControl::create_priv_properties(),

     },
     code => sub {
        my ($param) = @_;
     },
     code => sub {
        my ($param) = @_;

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 44fc0aa924849f11780f427c8d891f26ea975dab..bdadfd2ae58397ddc876c540730d20ed00dc41e6 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -499,6 +499,17 @@ sub create_roles {
 
 create_roles();
 
 
 create_roles();
 

+sub create_priv_properties {
+    my $properties = {};
+    foreach my $priv (keys %$valid_privs) {
+       $properties->{$priv} = {
+           type => 'boolean',
+           optional => 1,
+       };
+    }
+    return $properties;
+}
+

 sub role_is_special {
     my ($role) = @_;
     return (exists $special_roles->{$role}) ? 1 : 0;
 sub role_is_special {
     my ($role) = @_;
     return (exists $special_roles->{$role}) ? 1 : 0;