[pbs-devel] [RFC proxmox-backup 09/15] api: allow listing users + tokens

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Oct 20 12:10:51 CEST 2020 

On Mon, Oct 19, 2020 at 09:39:13AM +0200, Fabian Grünbichler wrote:
> since it's not possible to extend existing structs, UserWithTokens
> duplicates most of user::User.. to avoid duplicating user::ApiToken as
> well, this returns full API token IDs, not just the token name part.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> 
> Notes:
>     returning the full tokenid is a difference compared to PVE
> 
>  src/api2/access/user.rs | 115 ++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 111 insertions(+), 4 deletions(-)
> 
> diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs
> index 4197cf60..8a019e53 100644
> --- a/src/api2/access/user.rs
> +++ b/src/api2/access/user.rs
> @@ -1,5 +1,7 @@
>  use anyhow::{bail, Error};
> +use serde::{Serialize, Deserialize};
>  use serde_json::Value;
> +use std::collections::HashMap;
>  use std::convert::TryFrom;
>  
>  use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
> @@ -19,9 +21,91 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
>      .max_length(64)
>      .schema();
>  
> +#[api(
> +    properties: {
> +        userid: {
> +            schema: PROXMOX_USER_ID_SCHEMA,
> +        },
> +        comment: {
> +            optional: true,
> +            schema: SINGLE_LINE_COMMENT_SCHEMA,
> +        },
> +        enable: {
> +            optional: true,
> +            schema: user::ENABLE_USER_SCHEMA,
> +        },
> +        expire: {
> +            optional: true,
> +            schema: user::EXPIRE_USER_SCHEMA,
> +        },
> +        firstname: {
> +            optional: true,
> +            schema: user::FIRST_NAME_SCHEMA,
> +        },
> +        lastname: {
> +            schema: user::LAST_NAME_SCHEMA,
> +            optional: true,
> +         },
> +        email: {
> +            schema: user::EMAIL_SCHEMA,
> +            optional: true,
> +        },
> +        tokens: {
> +            type: Array,
> +            optional: true,
> +            description: "List of user's API tokens.",
> +            items: {
> +                type: user::ApiToken
> +            },
> +        },
> +    }
> +)]
> +#[derive(Serialize,Deserialize)]
> +/// User properties with added list of ApiTokens
> +pub struct UserWithTokens {
> +    pub userid: Userid,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub comment: Option<String>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub enable: Option<bool>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub expire: Option<i64>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub firstname: Option<String>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub lastname: Option<String>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub email: Option<String>,
> +    #[serde(skip_serializing_if="Option::is_none")]
> +    pub tokens: Option<Vec<user::ApiToken>>,
> +}
> +
> +impl UserWithTokens {
> +    fn new(user: user::User) -> Self {
> +        Self {
> +            userid: user.userid,
> +            comment: user.comment,
> +            enable: user.enable,
> +            expire: user.expire,
> +            firstname: user.firstname,
> +            lastname: user.lastname,
> +            email: user.email,
> +            tokens: None,
> +        }
> +    }
> +}
> +
> +
>  #[api(
>      input: {
> -        properties: {},
> +        properties: {
> +            include_tokens: {
> +                type: bool,
> +                description: "Include user's API tokens in returned list.",
> +                optional: true,
> +                default: false,
> +            },
> +        },
>      },
>      returns: {
>          description: "List users (with config digest).",
> @@ -35,10 +119,10 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
>  )]
>  /// List users
>  pub fn list_users(
> -    _param: Value,
> +    include_tokens: bool,
>      _info: &ApiMethod,
>      mut rpcenv: &mut dyn RpcEnvironment,
> -) -> Result<Vec<user::User>, Error> {
> +) -> Result<Vec<UserWithTokens>, Error> {
>  
>      let (config, digest) = user::config()?;
>  
> @@ -52,11 +136,34 @@ pub fn list_users(
>          top_level_allowed || user.userid == userid
>      };
>  
> +
>      let list:Vec<user::User> = config.convert_to_typed_array("user")?;
>  
>      rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
>  
> -    Ok(list.into_iter().filter(filter_by_privs).collect())
> +    let iter = list.into_iter().filter(filter_by_privs);
> +    let list = if include_tokens {
> +        let tokens:Vec<user::ApiToken> = config.convert_to_typed_array("token")?;

missing space after ':' ;-)

> +        let mut user_to_tokens = tokens.into_iter()
> +            .fold(HashMap::new(), |mut map: HashMap<Userid, Vec<user::ApiToken>>, token: user::ApiToken| {

too long (and .into_iter() should be on a new line)

> +                if let Ok(owner) = token.tokenid.owner() {
> +                    map.entry(owner).or_insert_with(|| Vec::new()).push(token);

The `or_insert_with(...)` could be `or_default()`

> +                }
> +                map
> +            });
> +        iter
> +            .map(|user: user::User| {
> +                let mut user = UserWithTokens::new(user);
> +                user.tokens = user_to_tokens.remove(&user.userid);
> +                user
> +            })
> +            .collect()
> +    } else {
> +        iter.map(|user: user::User| UserWithTokens::new(user))
> +            .collect()
> +    };
> +
> +    Ok(list)
>  }
>  
>  #[api(
> -- 
> 2.20.1

More information about the pbs-devel mailing list