[pve-devel] [PATCH access-control] pveum: Allow listing of roles and their privileges
Philip Abernethy
p.abernethy at proxmox.com
Fri Sep 22 16:24:08 CEST 2017
Use the existing 'index' API call from PVE::API2::Role to produce a
tidy list of all available roles and their associated privileges.
---
Concerns #1502 but doesn't fix it completely.
PVE/CLI/pveum.pm | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/PVE/CLI/pveum.pm b/PVE/CLI/pveum.pm
index aef7089..26807a5 100755
--- a/PVE/CLI/pveum.pm
+++ b/PVE/CLI/pveum.pm
@@ -54,6 +54,37 @@ our $cmddef = {
groupmod => [ 'PVE::API2::Group', 'update_group', ['groupid'] ],
groupdel => [ 'PVE::API2::Group', 'delete_group', ['groupid'] ],
+ rolelst => [ 'PVE::API2::Role', 'index', [ ], undef,
+ sub {
+ my ($res) = @_;
+ my $longest = 0;
+ foreach my $role(map($_->{roleid}, @$res)) {
+ my $len = length $role;
+ $longest = $len if $len > $longest;
+ }
+ $longest += 2;
+ my $width = 96;
+ my $maxlength = $width - $longest;
+ printf("%-${longest}s%s\n", "ROLE", "PRIVILEGES");
+ for my $role(sort {lc($a->{roleid}) cmp lc($b->{roleid})} @$res) {
+ my @lines_privs = ("");
+ my $cur_line = 0;
+ for my $priv(split(',', $role->{privs})) {
+ if (length($lines_privs[$cur_line]) == 0) {
+ $lines_privs[$cur_line] .= "$priv";
+ } elsif (length($lines_privs[$cur_line]) + length($priv) <= $maxlength) {
+ $lines_privs[$cur_line] .= ", $priv";
+ } else {
+ $lines_privs[++$cur_line] .= "$priv";
+ }
+ }
+ printf("%-${longest}s%s\n", "$role->{roleid}:", $lines_privs[0]);
+ for my $line(1..(scalar(@lines_privs) - 1)) {
+ printf("%${longest}s%s\n", "", $lines_privs[$line]);
+ }
+ }
+ }
+ ],
roleadd => [ 'PVE::API2::Role', 'create_role', ['roleid'] ],
rolemod => [ 'PVE::API2::Role', 'update_role', ['roleid'] ],
roledel => [ 'PVE::API2::Role', 'delete_role', ['roleid'] ],
--
2.11.0
More information about the pve-devel
mailing list