From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 2 Mar 2015 05:27:19 +0000 (+0100)
Subject: implement permission for Alias class.
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=5d2891a96f8ad1eeef2a3e6054ae88fca2a74933

implement permission for Alias class.
---

diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm
index 54af915..6f421fb 100644
--- a/src/PVE/API2/Firewall/Aliases.pm
+++ b/src/PVE/API2/Firewall/Aliases.pm
@@ -39,6 +39,12 @@ sub save_aliases {
     die "implement this in subclass";
 }
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    die "implement this in subclass";
+}
+
 my $additional_param_hash = {};
 
 sub additional_parameters {
@@ -75,6 +81,7 @@ sub register_get_aliases {
 	path => '',
 	method => 'GET',
 	description => "List aliases",
+	permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
 	parameters => {
 	    additionalProperties => 0,
 	    properties => $properties,
@@ -120,6 +127,7 @@ sub register_create_alias {
 	path => '',
 	method => 'POST',
 	description => "Create IP or Network Alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -159,6 +167,7 @@ sub register_read_alias {
 	path => '{name}',
 	method => 'GET',
 	description => "Read alias.",
+	permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
 	parameters => {
 	    additionalProperties => 0,
 	    properties => $properties,
@@ -194,6 +203,7 @@ sub register_update_alias {
 	path => '{name}',
 	method => 'PUT',
 	description => "Update IP or Network alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -249,6 +259,7 @@ sub register_delete_alias {
 	path => '{name}',
 	method => 'DELETE',
 	description => "Remove IP or Network alias.",
+	permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
 	protected => 1,
 	parameters => {
 	    additionalProperties => 0,
@@ -290,6 +301,12 @@ use warnings;
 
 use base qw(PVE::API2::Firewall::AliasesBase);
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'cluster';
+}
+
 sub load_config {
     my ($class, $param) = @_;
 
@@ -316,6 +333,12 @@ use PVE::JSONSchema qw(get_standard_option);
 
 use base qw(PVE::API2::Firewall::AliasesBase);
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'vm';
+}
+
 __PACKAGE__->additional_parameters({ 
     node => get_standard_option('pve-node'),
     vmid => get_standard_option('pve-vmid'),				   
@@ -348,6 +371,12 @@ use PVE::JSONSchema qw(get_standard_option);
 
 use base qw(PVE::API2::Firewall::AliasesBase);
 
+sub rule_env {
+    my ($class, $param) = @_;
+    
+    return 'ct';
+}
+
 __PACKAGE__->additional_parameters({ 
     node => get_standard_option('pve-node'),
     vmid => get_standard_option('pve-vmid'),