From 19f60b5e3cc46ba86b81739caefcb3dde3195fcd Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 26 Jan 2012 08:26:31 +0100 Subject: [PATCH] use User.Allocate instead of User.Add/User.Delete --- PVE/API2/Group.pm | 4 ++-- PVE/API2/User.pm | 10 +++++----- PVE/AccessControl.pm | 14 ++++++-------- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/PVE/API2/Group.pm b/PVE/API2/Group.pm index ddea3dc..b3cc15e 100644 --- a/PVE/API2/Group.pm +++ b/PVE/API2/Group.pm @@ -34,7 +34,7 @@ __PACKAGE__->register_method ({ method => 'GET', description => "Group index.", permissions => { - description => "The returned list is restricted to groups where you have 'User.Add' or 'Sys.Audit' permissions on '/access', or 'User.Add' on /access/groups/.", + description => "The returned list is restricted to groups where you have 'User.Allocate' or 'Sys.Audit' permissions on '/access', or 'User.Allocate' on /access/groups/.", user => 'all', }, parameters => { @@ -60,7 +60,7 @@ __PACKAGE__->register_method ({ my $usercfg = cfs_read_file("user.cfg"); my $authuser = $rpcenv->get_user(); - my $privs = [ 'User.Add', 'Sys.Audit' ]; + my $privs = [ 'User.Allocate', 'Sys.Audit' ]; my $allow = $rpcenv->check_any($authuser, "/access", $privs, 1); syslog("info", "TEST $allow"); my $allowed_groups = $rpcenv->filter_groups($authuser, $privs, 1); diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm index aa88dfd..6f4aff1 100644 --- a/PVE/API2/User.pm +++ b/PVE/API2/User.pm @@ -38,7 +38,7 @@ __PACKAGE__->register_method ({ method => 'GET', description => "User index.", permissions => { - description => "The returned list is restricted to users where you have 'User.Modify' or 'User.Delete' permissions on '/access' or on a group the user belongs too. But it always includes the current (authenticated) user.", + description => "The returned list is restricted to users where you have 'User.Modify' or 'User.Allocate' permissions on '/access' or on a group the user belongs too. But it always includes the current (authenticated) user.", user => 'all', }, parameters => { @@ -70,7 +70,7 @@ __PACKAGE__->register_method ({ my $res = []; - my $privs = [ 'User.Modify', 'User.Delete' ]; + my $privs = [ 'User.Modify', 'User.Allocate' ]; my $canUserMod = $rpcenv->check_any($authuser, "/access", $privs, 1); my $groups = $rpcenv->filter_groups($authuser, $privs, 1); @@ -102,8 +102,8 @@ __PACKAGE__->register_method ({ path => '', method => 'POST', permissions => { - description => "You need 'User.Add' permissions to '/access/groups/' for any group specified, or 'User.Add' on '/access' if you pass no groups.", - check => ['userid-group', ['User.Add'], groups_param => 1], + description => "You need 'User.Allocate' permissions to '/access/groups/' for any group specified, or 'User.Allocate' on '/access' if you pass no groups.", + check => ['userid-group', ['User.Allocate'], groups_param => 1], }, description => "Create new user.", parameters => { @@ -302,7 +302,7 @@ __PACKAGE__->register_method ({ method => 'DELETE', description => "Delete user.", permissions => { - check => ['userid-group', ['User.Delete']], + check => ['userid-group', ['User.Allocate']], }, parameters => { additionalProperties => 0, diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index 6afe65c..ee731d8 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -566,10 +566,11 @@ my $privgroups = { }, Datastore => { root => [ - 'Datastore.Allocate', 'Permissions.Modify', ], - admin => [], + admin => [ + 'Datastore.Allocate', + ], user => [ 'Datastore.AllocateSpace', ], @@ -578,14 +579,11 @@ my $privgroups = { ], }, User => { - root => [ - - ], + root => [], admin => [ 'User.Modify', - 'User.Add', - 'User.Delete', - ], + 'User.Allocate', + ], user => [], audit => [], }, -- 2.39.2