X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FAPI2%2FFirewall%2FGroups.pm;h=99ea41877cc6196bb504e5945f13bbaff045b41a;hp=c5fdc8b54c5f24148322e264c42067f7aa684ea6;hb=f76f3caefb35b14838f783e48ff3e3b44c91e196;hpb=5d38d64fa42881c571db1566cfcb350a3da31269

diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm
index c5fdc8b..99ea418 100644
--- a/src/PVE/API2/Firewall/Groups.pm
+++ b/src/PVE/API2/Firewall/Groups.pm
@@ -16,9 +16,9 @@ my $get_security_group_list = sub {
     my ($cluster_conf) = @_;
 
     my $res = [];
-    foreach my $group (keys %{$cluster_conf->{groups}}) {
+    foreach my $group (sort keys %{$cluster_conf->{groups}}) {
 	my $data = { 
-	    name => $group,
+	    group => $group,
 	};
 	if (my $comment = $cluster_conf->{group_comments}->{$group}) {
 	    $data->{comment} = $comment;
@@ -36,15 +36,17 @@ __PACKAGE__->register_method({
     path => '',
     method => 'GET',
     description => "List security groups.",
+    permissions => { user => 'all' },
     parameters => {
     	additionalProperties => 0,
+	properties => {},
     },
     returns => {
 	type => 'array',
 	items => {
 	    type => "object",
 	    properties => { 
-		name => get_standard_option('pve-security-group-name'),
+		group => get_standard_option('pve-security-group-name'),
 		digest => get_standard_option('pve-config-digest', { optional => 0} ),
 		comment => { 
 		    type => 'string',
@@ -52,7 +54,7 @@ __PACKAGE__->register_method({
 		}
 	    },
 	},
-	links => [ { rel => 'child', href => "{name}" } ],
+	links => [ { rel => 'child', href => "{group}" } ],
     },
     code => sub {
 	my ($param) = @_;
@@ -68,10 +70,13 @@ __PACKAGE__->register_method({
     method => 'POST',
     description => "Create new security group.",
     protected => 1,
+    permissions => {
+	check => ['perm', '/', [ 'Sys.Modify' ]],
+    },
     parameters => {
 	additionalProperties => 0,
 	properties => { 
-	    name => get_standard_option('pve-security-group-name'),
+	    group => get_standard_option('pve-security-group-name'),
 	    comment => {
 		type => 'string',
 		optional => 1,
@@ -93,23 +98,23 @@ __PACKAGE__->register_method({
 	    my (undef, $digest) = &$get_security_group_list($cluster_conf);
 	    PVE::Tools::assert_if_modified($digest, $param->{digest});
 
-	    raise_param_exc({ name => "Security group '$param->{rename}' does not exists" }) 
+	    raise_param_exc({ group => "Security group '$param->{rename}' does not exists" }) 
 		if !$cluster_conf->{groups}->{$param->{rename}};
 
 	    my $data = delete $cluster_conf->{groups}->{$param->{rename}};
-	    $cluster_conf->{groups}->{$param->{name}} = $data;
+	    $cluster_conf->{groups}->{$param->{group}} = $data;
 	    if (my $comment = delete $cluster_conf->{group_comments}->{$param->{rename}}) {
-		$cluster_conf->{group_comments}->{$param->{name}} = $comment;
+		$cluster_conf->{group_comments}->{$param->{group}} = $comment;
 	    }
-	    $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+	    $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
 	} else {
 	    foreach my $name (keys %{$cluster_conf->{groups}}) {
-		raise_param_exc({ name => "Security group '$name' already exists" }) 
-		    if $name eq $param->{name};
+		raise_param_exc({ group => "Security group '$name' already exists" }) 
+		    if $name eq $param->{group};
 	    }
 
-	    $cluster_conf->{groups}->{$param->{name}} = [];
-	    $cluster_conf->{group_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+	    $cluster_conf->{groups}->{$param->{group}} = [];
+	    $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment});
 	}
 
 	PVE::Firewall::save_clusterfw_conf($cluster_conf);
@@ -117,40 +122,6 @@ __PACKAGE__->register_method({
 	return undef;
     }});
 
-__PACKAGE__->register_method({
-    name => 'delete_security_group',
-    path => '{name}',
-    method => 'DELETE',
-    description => "Delete security group.",
-    protected => 1,
-    parameters => {
-	additionalProperties => 0,
-	properties => { 
-	    name => get_standard_option('pve-security-group-name'),
-	    digest => get_standard_option('pve-config-digest'),
-	},
-    },
-    returns => { type => 'null' },
-    code => sub {
-	my ($param) = @_;
-	    
-	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
-
-	return undef if !$cluster_conf->{groups}->{$param->{name}};
-
-	my (undef, $digest) = &$get_security_group_list($cluster_conf);
-	PVE::Tools::assert_if_modified($digest, $param->{digest});
-
-	die "Security group '$param->{name}' is not empty\n" 
-	    if scalar(@{$cluster_conf->{groups}->{$param->{name}}});
-
-	delete $cluster_conf->{groups}->{$param->{name}};
-
-	PVE::Firewall::save_clusterfw_conf($cluster_conf);
-
-	return undef;
-    }});
-
 __PACKAGE__->register_method ({
     subclass => "PVE::API2::Firewall::GroupRules",  
     path => '{group}',