[pve-devel] r5574 - in pve-access-control/trunk: . PVE PVE/API2

svn-commits at proxmox.com svn-commits at proxmox.com
Mon Feb 21 14:01:35 CET 2011


Author: dietmar
Date: 2011-02-21 14:01:35 +0100 (Mon, 21 Feb 2011)
New Revision: 5574

Modified:
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/PVE/API2/Group.pm
   pve-access-control/trunk/PVE/API2/User.pm
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/pveum
Log:
implement modgroup


Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/ChangeLog	2011-02-21 13:01:35 UTC (rev 5574)
@@ -1,3 +1,8 @@
+2011-02-21  Proxmox Support Team  <support at proxmox.com>
+
+	* PVE/API2/Group.pm (update_group): implement modgroup (set
+	comment)
+
 2011-02-18  Proxmox Support Team  <support at proxmox.com>
 
 	* PVE/AccessControl.pm (create_roles): try to create a predefined

Modified: pve-access-control/trunk/PVE/API2/Group.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/Group.pm	2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/API2/Group.pm	2011-02-21 13:01:35 UTC (rev 5574)
@@ -13,6 +13,20 @@
 
 use base qw(PVE::RESTHandler);
 
+my $extract_group_data = sub {
+    my ($data, $full) = @_;
+
+    my $res = {};
+
+    $res->{comment} = $data->{comment} if defined($data->{comment});
+
+    return $res if !$full;
+
+    $res->{users} = $data->{users} ? [ keys %{$data->{users}} ] : [];
+
+    return $res;
+};
+
 # fixme: index should return more/all attributes?
 __PACKAGE__->register_method ({
     name => 'index', 
@@ -41,7 +55,9 @@
 	my $usercfg = cfs_read_file("user.cfg");
  
 	foreach my $group (keys %{$usercfg->{groups}}) {
-	    push @$res, { id => $group };
+	    my $entry = &$extract_group_data($usercfg->{groups}->{$group});
+	    $entry->{id} = $group;
+	    push @$res, $entry;
 	}
 
 	return $res;
@@ -57,6 +73,7 @@
    	additionalProperties => 0,
 	properties => {
 	    groupid => { type => 'string', format => 'pve-groupid' },
+	    comment => { type => 'string', optional => 1 },
 	},
     },
     returns => { type => 'null' },
@@ -73,14 +90,55 @@
 		die "group '$group' already exists\n" 
 		    if $usercfg->{groups}->{$group};
 
-		$usercfg->{groups}->{$group} = {};
+		$usercfg->{groups}->{$group} = { users => {} };
 
+		$usercfg->{groups}->{$group}->{comment} = $param->{comment} if $param->{comment};
+
+		
 		cfs_write_file("user.cfg", $usercfg);
 	    }, "create group failed");
 
 	return undef;
     }});
 
+__PACKAGE__->register_method ({
+    name => 'update_group', 
+    protected => 1,
+    path => '{groupid}', 
+    method => 'PUT',
+    description => "Update group data.",
+    parameters => {
+   	additionalProperties => 0,
+	properties => {
+	    # fixme: set/delete members
+	    groupid => { type => 'string', format => 'pve-groupid' },
+	    comment => { type => 'string', optional => 1 },
+	},
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+
+	PVE::AccessControl::lock_user_config(
+	    sub {
+			
+		my $usercfg = cfs_read_file("user.cfg");
+
+		my $group = $param->{groupid};
+	
+		my $data = $usercfg->{groups}->{$group};
+
+		die "group '$group' does not exist\n" 
+		    if !$data;
+
+		$data->{comment} = $param->{comment} if $param->{comment};
+		
+		cfs_write_file("user.cfg", $usercfg);
+	    }, "create group failed");
+
+	return undef;
+    }});
+
 # fixme: return format!
 __PACKAGE__->register_method ({
     name => 'read_group', 
@@ -105,7 +163,7 @@
 
 	die "group '$group' does not exist\n" if !$data;
 
-	return $data;
+	return &$extract_group_data($data, 1);
     }});
 
 

Modified: pve-access-control/trunk/PVE/API2/User.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/User.pm	2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/API2/User.pm	2011-02-21 13:01:35 UTC (rev 5574)
@@ -16,20 +16,18 @@
 use base qw(PVE::RESTHandler);
 
 my $extract_user_data = sub {
-    my ($data) = @_;
+    my ($data, $full) = @_;
 
-    my $res;
+    my $res = {};
 
     foreach my $prop (qw(domid enabled expire name comment)) {
 	$res->{$prop} = $data->{$prop} if defined($data->{$prop});
     }
 
-    if ($data->{groups}) {
-	if (my @ga = keys %{$data->{groups}}) {
-	    $res->{groups} = join(',', @ga);
-	}
-    }
+    return $res if !$full;
 
+    $res->{groups} = $data->{groups} ? [ keys %{$data->{groups}} ] : [];
+
     return $res;
 };
 
@@ -177,7 +175,7 @@
 	    expire => { type => 'integer' },
 	    name => { type => 'string', optional => 1 },
 	    comment => { type => 'string', optional => 1 },    
-	    groups => { type => 'string', optional => 1, format => 'pve-groupid-list'},
+	    groups => { type => 'array' },
 	}
     },
     code => sub {
@@ -192,7 +190,7 @@
 
 	die "user '$username' does not exist\n" if !$data;
 
-	return &$extract_user_data($data);
+	return &$extract_user_data($data, 1);
     }});
 
 __PACKAGE__->register_method ({

Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-21 13:01:35 UTC (rev 5574)
@@ -395,7 +395,7 @@
 
     my ($username, $usercfg, $group) = @_;
     $usercfg->{users}->{$username}->{groups}->{$group} = 1;
-    $usercfg->{groups}->{$group}->{$username} = 1;
+    $usercfg->{groups}->{$group}->{users}->{$username} = 1;
 }
 
 sub delete_user_group {
@@ -404,8 +404,8 @@
     
     foreach my $group (keys %{$usercfg->{groups}}) {
 
-	delete ($usercfg->{groups}->{$group}->{$username}) 
-	    if $usercfg->{groups}->{$group}->{$username};
+	delete ($usercfg->{groups}->{$group}->{users}->{$username}) 
+	    if $usercfg->{groups}->{$group}->{users}->{$username};
     }
 }
 
@@ -659,10 +659,12 @@
 	$cfg->{roles}->{$r} = $special_roles->{$r};
     }
 
+    # fixme: remove 'root' group (not required)?
+
     # add root user and group (superuser)
     $cfg->{users}->{root}->{enabled} = 1;
     $cfg->{users}->{root}->{groups}->{root} = 1;
-    $cfg->{groups}->{root}->{root} = 1;
+    $cfg->{groups}->{root}->{users}->{root} = 1;
 }
 
 sub parse_user_config {
@@ -729,7 +731,7 @@
 	    #$cfg->{groups}->{$group}->{$user} = 1;
 
 	} elsif ($et eq 'group') {
-	    my ($group, $userlist) = @data;
+	    my ($group, $userlist, $comment) = @data;
 
 	    if (!verify_groupname($group, 1)) {
 		warn "user config - ignore group '$group' - invalid characters in group name\n";
@@ -737,8 +739,10 @@
 	    }
 
 	    # make sure to add the group (even if there are no members)
-	    $cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
+	    $cfg->{groups}->{$group} = { users => {} } if !$cfg->{groups}->{$group};
 
+	    $cfg->{groups}->{$group}->{comment} = decode_text($comment) if $comment;
+
 	    foreach my $user (split_list($userlist)) {
 
 		if (!verify_username($user, 1)) {
@@ -748,7 +752,7 @@
 
 		if ($cfg->{users}->{$user}) { # user exists 
 		    $cfg->{users}->{$user}->{groups}->{$group} = 1;
-		    $cfg->{groups}->{$group}->{$user} = 1;
+		    $cfg->{groups}->{$group}->{users}->{$user} = 1;
 		} else {
 		    warn "user config - ignore invalid group member '$user'\n";
 		}
@@ -1021,8 +1025,9 @@
 	next if $group eq 'root';
 
 	my $d = $cfg->{groups}->{$group};
-	my $list = join (',', keys %$d);
-	$data .= "group:$group:$list:\n";
+	my $list = join (',', keys %{$d->{users}});
+	my $comment = $d->{comment} ? encode_text($d->{comment}) : '';	
+	$data .= "group:$group:$list:$comment:\n";
     }
 
     $data .= "\n";
@@ -1123,7 +1128,7 @@
 	}
 
 	foreach my $g (keys %{$acl->{groups}}) {
-	    next if !$cfg->{groups}->{$g}->{$user};
+	    next if !$cfg->{groups}->{$g}->{users}->{$user};
 	    if (my $ri = $acl->{groups}->{$g}) {
 		my $new = {};
 		foreach my $role (keys %$ri) {

Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum	2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/pveum	2011-02-21 13:01:35 UTC (rev 5574)
@@ -64,6 +64,7 @@
     userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
 
     groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
+    groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
     groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
 
     roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],



More information about the pve-devel mailing list