[pve-devel] r5574 - in pve-access-control/trunk: . PVE PVE/API2
svn-commits at proxmox.com
svn-commits at proxmox.com
Mon Feb 21 14:01:35 CET 2011
Author: dietmar
Date: 2011-02-21 14:01:35 +0100 (Mon, 21 Feb 2011)
New Revision: 5574
Modified:
pve-access-control/trunk/ChangeLog
pve-access-control/trunk/PVE/API2/Group.pm
pve-access-control/trunk/PVE/API2/User.pm
pve-access-control/trunk/PVE/AccessControl.pm
pve-access-control/trunk/pveum
Log:
implement modgroup
Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog 2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/ChangeLog 2011-02-21 13:01:35 UTC (rev 5574)
@@ -1,3 +1,8 @@
+2011-02-21 Proxmox Support Team <support at proxmox.com>
+
+ * PVE/API2/Group.pm (update_group): implement modgroup (set
+ comment)
+
2011-02-18 Proxmox Support Team <support at proxmox.com>
* PVE/AccessControl.pm (create_roles): try to create a predefined
Modified: pve-access-control/trunk/PVE/API2/Group.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/Group.pm 2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/API2/Group.pm 2011-02-21 13:01:35 UTC (rev 5574)
@@ -13,6 +13,20 @@
use base qw(PVE::RESTHandler);
+my $extract_group_data = sub {
+ my ($data, $full) = @_;
+
+ my $res = {};
+
+ $res->{comment} = $data->{comment} if defined($data->{comment});
+
+ return $res if !$full;
+
+ $res->{users} = $data->{users} ? [ keys %{$data->{users}} ] : [];
+
+ return $res;
+};
+
# fixme: index should return more/all attributes?
__PACKAGE__->register_method ({
name => 'index',
@@ -41,7 +55,9 @@
my $usercfg = cfs_read_file("user.cfg");
foreach my $group (keys %{$usercfg->{groups}}) {
- push @$res, { id => $group };
+ my $entry = &$extract_group_data($usercfg->{groups}->{$group});
+ $entry->{id} = $group;
+ push @$res, $entry;
}
return $res;
@@ -57,6 +73,7 @@
additionalProperties => 0,
properties => {
groupid => { type => 'string', format => 'pve-groupid' },
+ comment => { type => 'string', optional => 1 },
},
},
returns => { type => 'null' },
@@ -73,14 +90,55 @@
die "group '$group' already exists\n"
if $usercfg->{groups}->{$group};
- $usercfg->{groups}->{$group} = {};
+ $usercfg->{groups}->{$group} = { users => {} };
+ $usercfg->{groups}->{$group}->{comment} = $param->{comment} if $param->{comment};
+
+
cfs_write_file("user.cfg", $usercfg);
}, "create group failed");
return undef;
}});
+__PACKAGE__->register_method ({
+ name => 'update_group',
+ protected => 1,
+ path => '{groupid}',
+ method => 'PUT',
+ description => "Update group data.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ # fixme: set/delete members
+ groupid => { type => 'string', format => 'pve-groupid' },
+ comment => { type => 'string', optional => 1 },
+ },
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ PVE::AccessControl::lock_user_config(
+ sub {
+
+ my $usercfg = cfs_read_file("user.cfg");
+
+ my $group = $param->{groupid};
+
+ my $data = $usercfg->{groups}->{$group};
+
+ die "group '$group' does not exist\n"
+ if !$data;
+
+ $data->{comment} = $param->{comment} if $param->{comment};
+
+ cfs_write_file("user.cfg", $usercfg);
+ }, "create group failed");
+
+ return undef;
+ }});
+
# fixme: return format!
__PACKAGE__->register_method ({
name => 'read_group',
@@ -105,7 +163,7 @@
die "group '$group' does not exist\n" if !$data;
- return $data;
+ return &$extract_group_data($data, 1);
}});
Modified: pve-access-control/trunk/PVE/API2/User.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/User.pm 2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/API2/User.pm 2011-02-21 13:01:35 UTC (rev 5574)
@@ -16,20 +16,18 @@
use base qw(PVE::RESTHandler);
my $extract_user_data = sub {
- my ($data) = @_;
+ my ($data, $full) = @_;
- my $res;
+ my $res = {};
foreach my $prop (qw(domid enabled expire name comment)) {
$res->{$prop} = $data->{$prop} if defined($data->{$prop});
}
- if ($data->{groups}) {
- if (my @ga = keys %{$data->{groups}}) {
- $res->{groups} = join(',', @ga);
- }
- }
+ return $res if !$full;
+ $res->{groups} = $data->{groups} ? [ keys %{$data->{groups}} ] : [];
+
return $res;
};
@@ -177,7 +175,7 @@
expire => { type => 'integer' },
name => { type => 'string', optional => 1 },
comment => { type => 'string', optional => 1 },
- groups => { type => 'string', optional => 1, format => 'pve-groupid-list'},
+ groups => { type => 'array' },
}
},
code => sub {
@@ -192,7 +190,7 @@
die "user '$username' does not exist\n" if !$data;
- return &$extract_user_data($data);
+ return &$extract_user_data($data, 1);
}});
__PACKAGE__->register_method ({
Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm 2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/PVE/AccessControl.pm 2011-02-21 13:01:35 UTC (rev 5574)
@@ -395,7 +395,7 @@
my ($username, $usercfg, $group) = @_;
$usercfg->{users}->{$username}->{groups}->{$group} = 1;
- $usercfg->{groups}->{$group}->{$username} = 1;
+ $usercfg->{groups}->{$group}->{users}->{$username} = 1;
}
sub delete_user_group {
@@ -404,8 +404,8 @@
foreach my $group (keys %{$usercfg->{groups}}) {
- delete ($usercfg->{groups}->{$group}->{$username})
- if $usercfg->{groups}->{$group}->{$username};
+ delete ($usercfg->{groups}->{$group}->{users}->{$username})
+ if $usercfg->{groups}->{$group}->{users}->{$username};
}
}
@@ -659,10 +659,12 @@
$cfg->{roles}->{$r} = $special_roles->{$r};
}
+ # fixme: remove 'root' group (not required)?
+
# add root user and group (superuser)
$cfg->{users}->{root}->{enabled} = 1;
$cfg->{users}->{root}->{groups}->{root} = 1;
- $cfg->{groups}->{root}->{root} = 1;
+ $cfg->{groups}->{root}->{users}->{root} = 1;
}
sub parse_user_config {
@@ -729,7 +731,7 @@
#$cfg->{groups}->{$group}->{$user} = 1;
} elsif ($et eq 'group') {
- my ($group, $userlist) = @data;
+ my ($group, $userlist, $comment) = @data;
if (!verify_groupname($group, 1)) {
warn "user config - ignore group '$group' - invalid characters in group name\n";
@@ -737,8 +739,10 @@
}
# make sure to add the group (even if there are no members)
- $cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
+ $cfg->{groups}->{$group} = { users => {} } if !$cfg->{groups}->{$group};
+ $cfg->{groups}->{$group}->{comment} = decode_text($comment) if $comment;
+
foreach my $user (split_list($userlist)) {
if (!verify_username($user, 1)) {
@@ -748,7 +752,7 @@
if ($cfg->{users}->{$user}) { # user exists
$cfg->{users}->{$user}->{groups}->{$group} = 1;
- $cfg->{groups}->{$group}->{$user} = 1;
+ $cfg->{groups}->{$group}->{users}->{$user} = 1;
} else {
warn "user config - ignore invalid group member '$user'\n";
}
@@ -1021,8 +1025,9 @@
next if $group eq 'root';
my $d = $cfg->{groups}->{$group};
- my $list = join (',', keys %$d);
- $data .= "group:$group:$list:\n";
+ my $list = join (',', keys %{$d->{users}});
+ my $comment = $d->{comment} ? encode_text($d->{comment}) : '';
+ $data .= "group:$group:$list:$comment:\n";
}
$data .= "\n";
@@ -1123,7 +1128,7 @@
}
foreach my $g (keys %{$acl->{groups}}) {
- next if !$cfg->{groups}->{$g}->{$user};
+ next if !$cfg->{groups}->{$g}->{users}->{$user};
if (my $ri = $acl->{groups}->{$g}) {
my $new = {};
foreach my $role (keys %$ri) {
Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum 2011-02-21 07:59:03 UTC (rev 5573)
+++ pve-access-control/trunk/pveum 2011-02-21 13:01:35 UTC (rev 5574)
@@ -64,6 +64,7 @@
userdel => [ 'PVE::API2::User', 'delete_user', ['userid'] ],
groupadd => [ 'PVE::API2::Group', 'create_group', ['groupid'] ],
+ groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
More information about the pve-devel
mailing list