From: Dominik Csapak <d.csapak@proxmox.com>
Date: Thu, 1 Jul 2021 12:25:00 +0000 (+0200)
Subject: api: user: add realmtype to user list
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=8bb59c2612f72d90f099864c1fb0538893e76afe

api: user: add realmtype to user list

this makes it much easier to determine if a user can e.g.
change a password or tfa, based on realm

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 05de57f..f1249a8 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -149,7 +149,11 @@ __PACKAGE__->register_method ({
 		    items => $token_info_extend->({
 			tokenid => get_standard_option('token-subid'),
 		    }),
-		}
+		},
+		realmtype => {
+		    type => 'string',
+		    description => 'The type of the users realm',
+		},
 	    },
 	},
 	links => [ { rel => 'child', href => "{userid}" } ],
@@ -161,6 +165,9 @@ __PACKAGE__->register_method ({
 	my $usercfg = $rpcenv->{user_cfg};
 	my $authuser = $rpcenv->get_user();
 
+	my $domainscfg = cfs_read_file('domains.cfg');
+	my $domainids = $domainscfg->{ids};
+
 	my $res = [];
 
 	my $privs = [ 'User.Modify', 'Sys.Audit' ];
@@ -184,6 +191,12 @@ __PACKAGE__->register_method ({
 	    $entry->{tokens} = [ map { { tokenid => $_, %{$entry->{tokens}->{$_}} } } sort keys %{$entry->{tokens}} ]
 		if defined($entry->{tokens});
 
+	    my (undef, undef, $realm) = PVE::AccessControl::verify_username($user, 1);
+
+	    if (defined($realm) && $domainids->{$realm}) {
+		$entry->{realmtype} = $domainids->{$realm}->{type};
+	    }
+
 	    $entry->{userid} = $user;
 	    push @$res, $entry;
 	}