use PVE::Firewall;
use PVE::API2::Firewall::Rules;
-use Data::Dumper; # fixme: remove
use base qw(PVE::RESTHandler);
my ($cluster_conf) = @_;
my $res = [];
- foreach my $group (keys %{$cluster_conf->{groups}}) {
+ foreach my $group (sort keys %{$cluster_conf->{groups}}) {
my $data = {
group => $group,
};
path => '',
method => 'GET',
description => "List security groups.",
+ permissions => { user => 'all' },
parameters => {
additionalProperties => 0,
properties => {},
method => 'POST',
description => "Create new security group.",
protected => 1,
+ permissions => {
+ check => ['perm', '/', [ 'Sys.Modify' ]],
+ },
parameters => {
additionalProperties => 0,
properties => {
raise_param_exc({ group => "Security group '$param->{rename}' does not exists" })
if !$cluster_conf->{groups}->{$param->{rename}};
+ # prevent overwriting an existing group
+ raise_param_exc({ group => "Security group '$param->{group}' does already exist" })
+ if $cluster_conf->{groups}->{$param->{group}} &&
+ $param->{group} ne $param->{rename};
+
my $data = delete $cluster_conf->{groups}->{$param->{rename}};
$cluster_conf->{groups}->{$param->{group}} = $data;
if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {