[pve-devel] r4985 - pve-access-control/trunk

svn-commits at proxmox.com svn-commits at proxmox.com
Thu Aug 12 15:02:37 CEST 2010 

Author: dietmar
Date: 2010-08-12 13:02:37 +0000 (Thu, 12 Aug 2010)
New Revision: 4985

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/Makefile
   pve-access-control/trunk/User.pm
   pve-access-control/trunk/pveum
Log:


Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm	2010-08-12 12:24:16 UTC (rev 4984)
+++ pve-access-control/trunk/AccessControl.pm	2010-08-12 13:02:37 UTC (rev 4985)
@@ -397,7 +397,18 @@
     }
 
 }
+sub delete_group_acl {
 
+    my ($group, $usercfg) = @_;
+
+    foreach my $acl (keys %{$usercfg->{acl}}) {
+
+	delete ($usercfg->{acl}->{$acl}->{groups}->{$group}) 
+	    if $usercfg->{acl}->{$acl}->{groups}->{$group};
+    }
+
+}
+
 sub disable_user {
 
     my ($username, $usercfg) = @_;

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-08-12 12:24:16 UTC (rev 4984)
+++ pve-access-control/trunk/ChangeLog	2010-08-12 13:02:37 UTC (rev 4985)
@@ -1,5 +1,11 @@
 2010-08-12  Proxmox Support Team  <support at proxmox.com>
 
+	* User.pm: strict error checking - use 'die' instead of 'warn'
+
+	* User.pm (delete_user): raise error when user does not exist.
+
+	* Group.pm (delete_group):  raise error when group does not exist.
+
 	* pveum: use the new
 	RESTHandler (PVE::API2::User->cli_handler()). That way we have
 	automatic command line argument parsing.

Modified: pve-access-control/trunk/Makefile
===================================================================
--- pve-access-control/trunk/Makefile	2010-08-12 12:24:16 UTC (rev 4984)
+++ pve-access-control/trunk/Makefile	2010-08-12 13:02:37 UTC (rev 4985)
@@ -17,6 +17,7 @@
 DEB=${PACKAGE}_${VERSION}-${PKGREL}_${ARCH}.deb
 
 API2_SOURCES= 		\
+	Group.pm	\
 	User.pm
 
 all: ${DEB}

Modified: pve-access-control/trunk/User.pm
===================================================================
--- pve-access-control/trunk/User.pm	2010-08-12 12:24:16 UTC (rev 4984)
+++ pve-access-control/trunk/User.pm	2010-08-12 13:02:37 UTC (rev 4985)
@@ -99,11 +99,7 @@
 
 		die "user '$username' already exists\n" 
 		    if $usercfg->{users}->{$username};
-			 
-		# fixme: how should we handle that?
-		warn "ignore password - can't set password on auth domain '$domain'\n" 
-		    if $domain && $param->{password};
-		
+			 		
 		if ($param->{password}) {
 		    if ($domain) {
 			die "can't set password on auth domain '$domain'\n";
@@ -115,12 +111,11 @@
 		PVE::AccessControl::enable_user($username, $usercfg);
 
 		if ($param->{groups}) {
-		    foreach my $group (split_list($param->{groups})) {
+		    foreach my $group (PVE::AccessControl::split_list($param->{groups})) {
 			if ($usercfg->{groups}->{$group}) {
 			    PVE::AccessControl::add_user_group($username, $usercfg, $group);
 			} else {
-			    warn "ignore group '$group' - no such group\n";
-			    next;
+			    die "no such group '$group'\n";
 			}
 		    }
 		}
@@ -215,12 +210,11 @@
 		    if (!$param->{append} && $param->{groups});
 
 		if ($param->{groups}) {
-		    foreach my $group (split_list($param->{groups})) {
+		    foreach my $group (PVE::AccessControl::split_list($param->{groups})) {
 			if ($usercfg->{groups}->{$group}) {
 			    PVE::AccessControl::add_user_group($username, $usercfg, $group);
 			} else {
-			    warn "ignore group '$group' - no such group\n";
-			    next;
+			    die "no such group '$group'\n";
 			}
 		    }
 		}
@@ -263,9 +257,11 @@
 
 		my $usercfg = read_file("usercfg");
 
-		delete ($usercfg->{users}->{$username})
-		    if $usercfg->{users}->{$username};
+		die "user '$username' does not exist\n" 
+		    if !$usercfg->{users}->{$username};
 
+		delete ($usercfg->{users}->{$username});
+
 		PVE::AccessControl::delete_shadow_password($username) if !$domain;
 		PVE::AccessControl::delete_user_group($username, $usercfg);
 		PVE::AccessControl::delete_user_acl($username, $usercfg);

Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum	2010-08-12 12:24:16 UTC (rev 4984)
+++ pve-access-control/trunk/pveum	2010-08-12 13:02:37 UTC (rev 4985)
@@ -8,6 +8,7 @@
 use Term::ReadLine;
 use PVE::INotify;
 use PVE::API2::User;
+use PVE::API2::Group;
 
 use Data::Dumper; # fixme: remove
 
@@ -98,16 +99,16 @@
 
     my $group = shift;
 
-    PVE::AccessControl::add_group($group);
+    PVE::API2::Group->cli_handler('create_group', \@ARGV, { groupid => $group });
 
+    exit (0);
+
 } elsif ($cmd eq 'groupdel') {
 
     my $group = shift;
 
-    die "no group specified\n" if !$group;
+    PVE::API2::Group->cli_handler('delete_group', \@ARGV, { groupid => $group });
 
-    PVE::AccessControl::delete_group($group);
-
     exit(0);
 
 } elsif ($cmd eq 'roleadd') {

More information about the pve-devel mailing list