[pve-devel] r5612 - in pve-access-control/trunk: . PVE/API2
svn-commits at proxmox.com
svn-commits at proxmox.com
Thu Feb 24 13:19:06 CET 2011
Author: dietmar
Date: 2011-02-24 13:19:06 +0100 (Thu, 24 Feb 2011)
New Revision: 5612
Modified:
pve-access-control/trunk/ChangeLog
pve-access-control/trunk/PVE/API2/ACL.pm
pve-access-control/trunk/pveum
Log:
* PVE/API2/ACL.pm: cleanup API - use '-users' and '-gropus'
instead of '-uglist'
Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog 2011-02-24 11:46:39 UTC (rev 5611)
+++ pve-access-control/trunk/ChangeLog 2011-02-24 12:19:06 UTC (rev 5612)
@@ -1,3 +1,8 @@
+2011-02-24 Proxmox Support Team <support at proxmox.com>
+
+ * PVE/API2/ACL.pm: cleanup API - use '-users' and '-gropus'
+ instead of '-uglist'
+
2011-02-23 Proxmox Support Team <support at proxmox.com>
* PVE/API2/AccessControl.pm (create_ticket): moved code from REST.pm
Modified: pve-access-control/trunk/PVE/API2/ACL.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/ACL.pm 2011-02-24 11:46:39 UTC (rev 5611)
+++ pve-access-control/trunk/PVE/API2/ACL.pm 2011-02-24 12:19:06 UTC (rev 5612)
@@ -5,6 +5,7 @@
use PVE::Cluster qw (cfs_read_file cfs_write_file);
use PVE::Tools qw(split_list);
use PVE::AccessControl;
+use PVE::Exception qw(raise_param_exc);
use PVE::SafeSyslog;
@@ -76,21 +77,53 @@
protected => 1,
path => '',
method => 'PUT',
- description => "Update Access Control List.",
+ description => "Update Access Control List (add or remove permissions).",
parameters => {
additionalProperties => 0,
properties => {
- path => { type => 'string' },
- uglist => { type => 'string' },
- roles => { type => 'string', format => 'pve-roleid-list' },
- propagate => { type => 'boolean', optional => 1 },
- delete => { type => 'boolean', optional => 1 },
+ path => {
+ description => "Access control path",
+ type => 'string',
+ },
+ users => {
+ description => "List of users.",
+ type => 'string', format => 'pve-userid-list',
+ optional => 1,
+ },
+ groups => {
+ description => "List of groups.",
+ type => 'string', format => 'pve-groupid-list',
+ optional => 1,
+ },
+ roles => {
+ description => "List of roles.",
+ type => 'string', format => 'pve-roleid-list',
+ },
+ propagate => {
+ description => "Allow to propagate (inherit) permissions.",
+ type => 'boolean',
+ optional => 1,
+ },
+ delete => {
+ description => "Remove permissions (instead of adding it).",
+ type => 'boolean',
+ optional => 1,
+ },
},
},
returns => { type => 'null' },
code => sub {
my ($param) = @_;
+ if (!($param->{users} || $param->{groups})) {
+ raise_param_exc({
+ users => "either 'users' or 'groups' is required.",
+ groups => "either 'users' or 'groups' is required." });
+ }
+
+ my $path = PVE::AccessControl::normalize_path($param->{path});
+ raise_param_exc({ path => "invalid ACL path '$param->{path}'" }) if !$path;
+
PVE::AccessControl::lock_user_config(
sub {
@@ -98,39 +131,33 @@
my $propagate = $param->{propagate} ? 1 : 0;
- my $path = PVE::AccessControl::normalize_path($param->{path});
-
- die "invalid ACL path '$param->{path}'\n" if !$path;
-
foreach my $role (split_list($param->{roles})) {
die "role '$role' does not exist\n"
if !$cfg->{roles}->{$role};
- foreach my $ug (split_list($param->{uglist})) {
+ foreach my $group (split_list($param->{groups})) {
- if ($ug =~ m/^@(\w+)$/) {
- my $group = $1;
+ die "group '$group' does not exist\n"
+ if !$cfg->{groups}->{$group};
- die "group '$group' does not exist\n"
- if !$cfg->{groups}->{$group};
-
- if ($param->{delete}) {
- delete($cfg->{acl}->{$path}->{groups}->{$group}->{$role});
- } else {
- $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
- }
+ if ($param->{delete}) {
+ delete($cfg->{acl}->{$path}->{groups}->{$group}->{$role});
} else {
- my $username = PVE::AccessControl::verify_username($ug);
+ $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
+ }
+ }
- die "user '$username' does not exist\n"
- if !$cfg->{users}->{$username};
+ foreach my $userid (split_list($param->{users})) {
+ my $username = PVE::AccessControl::verify_username($userid);
- if ($param->{delete}) {
- delete($cfg->{acl}->{$path}->{users}->{$username}->{$role});
- } else {
- $cfg->{acl}->{$path}->{users}->{$username}->{$role} = $propagate;
- }
- }
+ die "user '$username' does not exist\n"
+ if !$cfg->{users}->{$username};
+
+ if ($param->{delete}) {
+ delete($cfg->{acl}->{$path}->{users}->{$username}->{$role});
+ } else {
+ $cfg->{acl}->{$path}->{users}->{$username}->{$role} = $propagate;
+ }
}
}
Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum 2011-02-24 11:46:39 UTC (rev 5611)
+++ pve-access-control/trunk/pveum 2011-02-24 12:19:06 UTC (rev 5612)
@@ -72,8 +72,8 @@
rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
- aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path', 'uglist', 'roles'], { delete => 0 }],
- acldel => [ 'PVE::API2::ACL', 'update_acl', ['path', 'uglist', 'roles'], { delete => 1 }],
+ aclmod => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 0 }],
+ acldel => [ 'PVE::API2::ACL', 'update_acl', ['path', 'roles'], { delete => 1 }],
};
my $cmd = shift;
More information about the pve-devel
mailing list