]> git.proxmox.com Git - pve-firewall.git/blobdiff - src/PVE/API2/Firewall/Groups.pm
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
make group digest stable
[pve-firewall.git] / src / PVE / API2 / Firewall / Groups.pm
diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index 9e4d08a4f260dd31e0a28268bff4ecc2c680379d..99ea41877cc6196bb504e5945f13bbaff045b41a 100644 (file)
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -16,7 +16,7 @@ my $get_security_group_list = sub {
     my ($cluster_conf) = @_;
 
     my $res = [];
-    foreach my $group (keys %{$cluster_conf->{groups}}) {
+    foreach my $group (sort keys %{$cluster_conf->{groups}}) {
        my $data = { 
            group => $group,
        };
@@ -36,6 +36,7 @@ __PACKAGE__->register_method({
     path => '',
     method => 'GET',
     description => "List security groups.",
+    permissions => { user => 'all' },
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -69,6 +70,9 @@ __PACKAGE__->register_method({
     method => 'POST',
     description => "Create new security group.",
     protected => 1,
+    permissions => {
+       check => ['perm', '/', [ 'Sys.Modify' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => { 
@@ -118,40 +122,6 @@ __PACKAGE__->register_method({
        return undef;
     }});
 
-__PACKAGE__->register_method({
-    name => 'delete_security_group',
-    path => '{group}',
-    method => 'DELETE',
-    description => "Delete security group.",
-    protected => 1,
-    parameters => {
-       additionalProperties => 0,
-       properties => { 
-           group => get_standard_option('pve-security-group-name'),
-           digest => get_standard_option('pve-config-digest'),
-       },
-    },
-    returns => { type => 'null' },
-    code => sub {
-       my ($param) = @_;
-           
-       my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
-
-       return undef if !$cluster_conf->{groups}->{$param->{group}};
-
-       my (undef, $digest) = &$get_security_group_list($cluster_conf);
-       PVE::Tools::assert_if_modified($digest, $param->{digest});
-
-       die "Security group '$param->{group}' is not empty\n" 
-           if scalar(@{$cluster_conf->{groups}->{$param->{group}}});
-
-       delete $cluster_conf->{groups}->{$param->{group}};
-
-       PVE::Firewall::save_clusterfw_conf($cluster_conf);
-
-       return undef;
-    }});
-
 __PACKAGE__->register_method ({
     subclass => "PVE::API2::Firewall::GroupRules",  
     path => '{group}',
Firewall test scripts