X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FGroups.pm;h=99ea41877cc6196bb504e5945f13bbaff045b41a;hp=9e4d08a4f260dd31e0a28268bff4ecc2c680379d;hb=f76f3caefb35b14838f783e48ff3e3b44c91e196;hpb=e2beb7aa9900c650ec69594a2f26cc2889908134

diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index 9e4d08a..99ea418 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -16,7 +16,7 @@ my $get_security_group_list = sub {
     my ($cluster_conf) = @_;
 
     my $res = [];
-    foreach my $group (keys %{$cluster_conf->{groups}}) {
+    foreach my $group (sort keys %{$cluster_conf->{groups}}) {
 	my $data = { 
 	    group => $group,
 	};
@@ -36,6 +36,7 @@ __PACKAGE__->register_method({
     path => '',
     method => 'GET',
     description => "List security groups.",
+    permissions => { user => 'all' },
     parameters => {
     	additionalProperties => 0,
 	properties => {},
@@ -69,6 +70,9 @@ __PACKAGE__->register_method({
     method => 'POST',
     description => "Create new security group.",
     protected => 1,
+    permissions => {
+	check => ['perm', '/', [ 'Sys.Modify' ]],
+    },
     parameters => {
 	additionalProperties => 0,
 	properties => { 
@@ -118,40 +122,6 @@ __PACKAGE__->register_method({
 	return undef;
     }});
 
-__PACKAGE__->register_method({
-    name => 'delete_security_group',
-    path => '{group}',
-    method => 'DELETE',
-    description => "Delete security group.",
-    protected => 1,
-    parameters => {
-	additionalProperties => 0,
-	properties => { 
-	    group => get_standard_option('pve-security-group-name'),
-	    digest => get_standard_option('pve-config-digest'),
-	},
-    },
-    returns => { type => 'null' },
-    code => sub {
-	my ($param) = @_;
-	    
-	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
-
-	return undef if !$cluster_conf->{groups}->{$param->{group}};
-
-	my (undef, $digest) = &$get_security_group_list($cluster_conf);
-	PVE::Tools::assert_if_modified($digest, $param->{digest});
-
-	die "Security group '$param->{group}' is not empty\n" 
-	    if scalar(@{$cluster_conf->{groups}->{$param->{group}}});
-
-	delete $cluster_conf->{groups}->{$param->{group}};
-
-	PVE::Firewall::save_clusterfw_conf($cluster_conf);
-
-	return undef;
-    }});
-
 __PACKAGE__->register_method ({
     subclass => "PVE::API2::Firewall::GroupRules",  
     path => '{group}',