[pve-devel] [PATCH access-control v5 3/5] refactor API using get/register_standard_option

Stoiko Ivanov s.ivanov at proxmox.com
Thu Jun 21 14:31:45 CEST 2018


Pull out duplicated property definitions in the API into
register_standard_option/get_standard_option calls.
(All parameters, which are thus added to the API calls were optional).

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 PVE/API2/ACL.pm           |  28 +++++-----
 PVE/API2/AccessControl.pm |  12 ++---
 PVE/API2/Group.pm         |  36 +++++++------
 PVE/API2/Role.pm          |  52 +++++++++++-------
 PVE/API2/User.pm          | 134 ++++++++++++++++++++++------------------------
 5 files changed, 139 insertions(+), 123 deletions(-)

diff --git a/PVE/API2/ACL.pm b/PVE/API2/ACL.pm
index d37771b..3e42ac0 100644
--- a/PVE/API2/ACL.pm
+++ b/PVE/API2/ACL.pm
@@ -6,6 +6,7 @@ use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::Tools qw(split_list);
 use PVE::AccessControl;
 use PVE::Exception qw(raise_param_exc);
+use PVE::JSONSchema qw(get_standard_option register_standard_option);
 
 use PVE::SafeSyslog;
 
@@ -13,6 +14,17 @@ use PVE::RESTHandler;
 
 use base qw(PVE::RESTHandler);
 
+register_standard_option('acl-propagate', {
+    description => "Allow to propagate (inherit) permissions.",
+    type => 'boolean',
+    optional => 1,
+    default => 1,
+});
+register_standard_option('acl-path', {
+    description => "Access control path",
+    type => 'string',
+});
+
 __PACKAGE__->register_method ({
     name => 'read_acl',
     path => '',
@@ -32,11 +44,11 @@ __PACKAGE__->register_method ({
 	    type => "object",
 	    additionalProperties => 0,
 	    properties => {
-		path => { type => 'string' },
+		propagate => get_standard_option('acl-propagate'),
+		path => get_standard_option('acl-path'),
 		type => { type => 'string', enum => ['user', 'group'] },
 		ugid => { type => 'string' },
 		roleid => { type => 'string' },
-		propagate => { type => 'boolean' },
 	    },
 	},
     },
@@ -90,10 +102,8 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    path => {
-		description => "Access control path",
-		type => 'string',
-	    },
+	    propagate => get_standard_option('acl-propagate'),
+	    path => get_standard_option('acl-path'),
 	    users => {
 		description => "List of users.",
 		type => 'string',  format => 'pve-userid-list',
@@ -108,12 +118,6 @@ __PACKAGE__->register_method ({
 		description => "List of roles.",
 		type => 'string', format => 'pve-roleid-list',
 	    },
-	    propagate => {
-		description => "Allow to propagate (inherit) permissions.",
-		type => 'boolean',
-		optional => 1,
-		default => 1,
-	    },
 	    delete => {
 		description => "Remove permissions (instead of adding it).",
 		type => 'boolean',
diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index afcd2fa..414da3a 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -205,10 +205,10 @@ __PACKAGE__->register_method ({
 	additionalProperties => 0,
 	properties => {
 	    username => {
-		description => "User name",
-		type => 'string',
-		maxLength => 64,
-		completion => \&PVE::AccessControl::complete_username,
+	        description => "User name",
+	        type => 'string',
+	        maxLength => 64,
+	        completion => \&PVE::AccessControl::complete_username,
 	    },
 	    realm =>  get_standard_option('realm', {
 		description => "You can optionally pass the realm using this parameter. Normally the realm is simply added to the username <username>\@<relam>.",
@@ -301,9 +301,7 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    userid => get_standard_option('userid', {
-		completion => \&PVE::AccessControl::complete_username,
-	    }),
+	    userid => get_standard_option('userid-completed'),
 	    password => { 
 		description => "The new password.",
 		type => 'string',
diff --git a/PVE/API2/Group.pm b/PVE/API2/Group.pm
index fca8a2a..37f8be2 100644
--- a/PVE/API2/Group.pm
+++ b/PVE/API2/Group.pm
@@ -6,9 +6,18 @@ use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::AccessControl;
 use PVE::SafeSyslog;
 use PVE::RESTHandler;
+use PVE::JSONSchema qw(get_standard_option register_standard_option);
 
 use base qw(PVE::RESTHandler);
 
+register_standard_option('group-id', {
+    type => 'string',
+    format => 'pve-groupid',
+    completion => \&PVE::AccessControl::complete_group,
+});
+
+register_standard_option('group-comment', { type => 'string', optional => 1 });
+
 __PACKAGE__->register_method ({
     name => 'index', 
     path => '', 
@@ -27,7 +36,8 @@ __PACKAGE__->register_method ({
 	items => {
 	    type => "object",
 	    properties => {
-		groupid => { type => 'string' },
+		groupid => get_standard_option('group-id'),
+		comment => get_standard_option('group-comment'),
 	    },
 	},
 	links => [ { rel => 'child', href => "{groupid}" } ],
@@ -66,8 +76,8 @@ __PACKAGE__->register_method ({
     parameters => {
    	additionalProperties => 0,
 	properties => {
-	    groupid => { type => 'string', format => 'pve-groupid' },
-	    comment => { type => 'string', optional => 1 },
+	    groupid => get_standard_option('group-id'),
+	    comment => get_standard_option('group-comment'),
 	},
     },
     returns => { type => 'null' },
@@ -107,11 +117,8 @@ __PACKAGE__->register_method ({
     parameters => {
    	additionalProperties => 0,
 	properties => {
-	    groupid => {
-		type => 'string', format => 'pve-groupid',
-		completion => \&PVE::AccessControl::complete_group,
-	    },
-	    comment => { type => 'string', optional => 1 },
+	    groupid => get_standard_option('group-id'),
+	    comment => get_standard_option('group-comment'),
 	},
     },
     returns => { type => 'null' },
@@ -149,19 +156,17 @@ __PACKAGE__->register_method ({
     parameters => {
    	additionalProperties => 0,
 	properties => {
-	    groupid => { type => 'string', format => 'pve-groupid' },
+	    groupid => get_standard_option('group-id'),
 	},
     },
     returns => {
 	type => "object",
 	additionalProperties => 0,
 	properties => {
-	    comment => { type => 'string', optional => 1 },
+	    comment => get_standard_option('group-comment'),
 	    members => {
 		type => 'array',
-		items => {
-		    type => "string",
-		},
+		items => get_standard_option('userid-completed')
 	    },
 	},
     },
@@ -198,10 +203,7 @@ __PACKAGE__->register_method ({
     parameters => {
    	additionalProperties => 0,
 	properties => {
-	    groupid => {
-		type => 'string' , format => 'pve-groupid',
-		completion => \&PVE::AccessControl::complete_group,
-	    },
+	    groupid => get_standard_option('group-id'),
 	}
     },
     returns => { type => 'null' },
diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index adbb4db..80959b0 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::AccessControl;
+use PVE::JSONSchema qw(get_standard_option register_standard_option);
 
 use PVE::SafeSyslog;
 
@@ -11,6 +12,16 @@ use PVE::RESTHandler;
 
 use base qw(PVE::RESTHandler);
 
+register_standard_option('role-id', {
+    type => 'string',
+    format => 'pve-roleid',
+});
+register_standard_option('role-privs', {
+    type => 'string' ,
+    format => 'pve-priv-list',
+    optional => 1,
+});
+
 __PACKAGE__->register_method ({
     name => 'index',
     path => '',
@@ -28,7 +39,9 @@ __PACKAGE__->register_method ({
 	items => {
 	    type => "object",
 	    properties => {
-		roleid => { type => 'string' },
+		roleid => get_standard_option('role-id'),
+		privs =>  get_standard_option('role-privs'),
+		special => { type => 'boolean', optional => 1, default => 0 },
 	    },
 	},
 	links => [ { rel => 'child', href => "{roleid}" } ],
@@ -64,8 +77,8 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    roleid => { type => 'string', format => 'pve-roleid' },
-	    privs => { type => 'string' , format => 'pve-priv-list', optional => 1 },
+	    roleid => get_standard_option('role-id'),
+	    privs =>  get_standard_option('role-privs'),
 	},
     },
     returns => { type => 'null' },
@@ -100,17 +113,13 @@ __PACKAGE__->register_method ({
     permissions => {
 	check => ['perm', '/access', ['Sys.Modify']],
     },
-    description => "Create new role.",
+    description => "Update an existing role.",
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    roleid => { type => 'string', format => 'pve-roleid' },
-	    privs => { type => 'string' , format => 'pve-priv-list' },
-	    append => {
-		type => 'boolean',
-		optional => 1,
-		requires => 'privs',
-	    },
+	    roleid => get_standard_option('role-id'),
+	    privs =>  get_standard_option('role-privs'),
+	    append => { type => 'boolean', optional => 1, requires => 'privs' },
 	},
     },
     returns => { type => 'null' },
@@ -137,7 +146,6 @@ __PACKAGE__->register_method ({
 	return undef;
 }});
 
-# fixme: return format!
 __PACKAGE__->register_method ({
     name => 'read_role',
     path => '{roleid}',
@@ -149,10 +157,16 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    roleid => { type => 'string' , format => 'pve-roleid' },
+	    roleid => get_standard_option('role-id'),
+	},
+    },
+    returns => {
+	type => "object",
+	additionalProperties => 0,
+	properties => {
+	    privs =>  get_standard_option('role-privs'),
 	},
     },
-    returns => {},
     code => sub {
 	my ($param) = @_;
 
@@ -165,7 +179,8 @@ __PACKAGE__->register_method ({
 	die "role '$role' does not exist\n" if !$data;
 
 	return $data;
-}});
+    }
+});
 
 __PACKAGE__->register_method ({
     name => 'delete_role',
@@ -179,8 +194,8 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    roleid => { type => 'string', format => 'pve-roleid' },
-	}
+	    roleid => get_standard_option('role-id'),
+	},
     },
     returns => { type => 'null' },
     code => sub {
@@ -206,6 +221,7 @@ __PACKAGE__->register_method ({
 	    }, "delete role failed");
 
 	return undef;
-}});
+    }
+});
 
 1;
diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 1dc0293..4c859dc 100644
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -6,7 +6,7 @@ use PVE::Exception qw(raise raise_perm_exc);
 use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::Tools qw(split_list);
 use PVE::AccessControl;
-use PVE::JSONSchema qw(get_standard_option);
+use PVE::JSONSchema qw(get_standard_option register_standard_option);
 
 use PVE::SafeSyslog;
 
@@ -14,6 +14,33 @@ use PVE::RESTHandler;
 
 use base qw(PVE::RESTHandler);
 
+register_standard_option('user-enable', {
+    description => "Enable the account (default). You can set this to '0' to disable the account",
+    type => 'boolean',
+    optional => 1,
+    default => 1,
+});
+register_standard_option('user-expire', {
+    description => "Account expiration date (seconds since epoch). '0' means no expiration date.",
+    type => 'integer',
+    minimum => 0,
+    optional => 1,
+});
+register_standard_option('user-firstname', { type => 'string', optional => 1 });
+register_standard_option('user-lastname', { type => 'string', optional => 1 });
+register_standard_option('user-email', { type => 'string', optional => 1, format => 'email-opt' });
+register_standard_option('user-comment', { type => 'string', optional => 1 });
+register_standard_option('user-keys', {
+    description => "Keys for two factor auth (yubico).",
+    type => 'string',
+    optional => 1,
+});
+register_standard_option('group-list', {
+    type => 'string', format => 'pve-groupid-list',
+    optional => 1,
+    completion => \&PVE::AccessControl::complete_group,
+});
+
 my $extract_user_data = sub {
     my ($data, $full) = @_;
 
@@ -54,7 +81,14 @@ __PACKAGE__->register_method ({
 	items => {
 	    type => "object",
 	    properties => {
-		userid => { type => 'string' },
+	        userid => get_standard_option('userid-completed'),
+	        enable => get_standard_option('user-enable'),
+	        expire => get_standard_option('user-expire'),
+	        firstname => get_standard_option('user-firstname'),
+	        lastname => get_standard_option('user-lastname'),
+	        email => get_standard_option('user-email'),
+	        comment => get_standard_option('user-comment'),
+	        keys => get_standard_option('user-keys'),
 	    },
 	},
 	links => [ { rel => 'child', href => "{userid}" } ],
@@ -109,7 +143,14 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    userid => get_standard_option('userid'),
+	    userid => get_standard_option('userid-completed'),
+	    enable => get_standard_option('user-enable'),
+	    expire => get_standard_option('user-expire'),
+	    firstname => get_standard_option('user-firstname'),
+	    lastname => get_standard_option('user-lastname'),
+	    email => get_standard_option('user-email'),
+	    comment => get_standard_option('user-comment'),
+	    keys => get_standard_option('user-keys'),
 	    password => {
 		description => "Initial password.",
 		type => 'string',
@@ -117,32 +158,7 @@ __PACKAGE__->register_method ({
 		minLength => 5,
 		maxLength => 64
 	    },
-	    groups => {
-		type => 'string', format => 'pve-groupid-list',
-		optional => 1,
-		completion => \&PVE::AccessControl::complete_group,
-	    },
-	    firstname => { type => 'string', optional => 1 },
-	    lastname => { type => 'string', optional => 1 },
-	    email => { type => 'string', optional => 1, format => 'email-opt' },
-	    comment => { type => 'string', optional => 1 },
-	    keys => {
-		description => "Keys for two factor auth (yubico).",
-		type => 'string',
-		optional => 1,
-	    },
-	    expire => {
-		description => "Account expiration date (seconds since epoch). '0' means no expiration date.",
-		type => 'integer',
-		minimum => 0,
-		optional => 1,
-	    },
-	    enable => {
-		description => "Enable the account (default). You can set this to '0' to disable the accout",
-		type => 'boolean',
-		optional => 1,
-		default => 1,
-	    },
+	    groups => get_standard_option('group-list'),
 	},
     },
     returns => { type => 'null' },
@@ -199,21 +215,22 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    userid => get_standard_option('userid'),
+	    userid => get_standard_option('userid-completed'),
 	},
     },
     returns => {
 	additionalProperties => 0,
 	properties => {
-	    enable => { type => 'boolean' },
-	    expire => { type => 'integer', optional => 1 },
-	    firstname => { type => 'string', optional => 1 },
-	    lastname => { type => 'string', optional => 1 },
-	    email => { type => 'string', optional => 1 },
-	    comment => { type => 'string', optional => 1 },
-	    keys => { type => 'string', optional => 1 },
+	    enable => get_standard_option('user-enable'),
+	    expire => get_standard_option('user-expire'),
+	    firstname => get_standard_option('user-firstname'),
+	    lastname => get_standard_option('user-lastname'),
+	    email => get_standard_option('user-email'),
+	    comment => get_standard_option('user-comment'),
+	    keys => get_standard_option('user-keys'),
 	    groups => { type => 'array' },
-	}
+	},
+	type => "object"
     },
     code => sub {
 	my ($param) = @_;
@@ -240,39 +257,20 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    userid => get_standard_option('userid', {
-		completion => \&PVE::AccessControl::complete_username,
-	    }),
-	    groups => {
-		type => 'string', format => 'pve-groupid-list',
-		optional => 1,
-		completion => \&PVE::AccessControl::complete_group,
-	    },
+	    userid => get_standard_option('userid-completed'),
+	    enable => get_standard_option('user-enable'),
+	    expire => get_standard_option('user-expire'),
+	    firstname => get_standard_option('user-firstname'),
+	    lastname => get_standard_option('user-lastname'),
+	    email => get_standard_option('user-email'),
+	    comment => get_standard_option('user-comment'),
+	    keys => get_standard_option('user-keys'),
+	    groups => get_standard_option('group-list'),
 	    append => {
 		type => 'boolean',
 		optional => 1,
 		requires => 'groups',
 	    },
-	    enable => {
-		description => "Enable/disable the account.",
-		type => 'boolean',
-		optional => 1,
-	    },
-	    firstname => { type => 'string', optional => 1 },
-	    lastname => { type => 'string', optional => 1 },
-	    email => { type => 'string', optional => 1, format => 'email-opt' },
-	    comment => { type => 'string', optional => 1 },
-	    keys => {
-		description => "Keys for two factor auth (yubico).",
-		type => 'string',
-		optional => 1,
-	    },
-	    expire => {
-		description => "Account expiration date (seconds since epoch). '0' means no expiration date.",
-		type => 'integer',
-		minimum => 0,
-		optional => 1
-	    },
 	},
     },
     returns => { type => 'null' },
@@ -333,9 +331,7 @@ __PACKAGE__->register_method ({
     parameters => {
 	additionalProperties => 0,
 	properties => {
-	    userid => get_standard_option('userid', {
-		completion => \&PVE::AccessControl::complete_username,
-	    }),
+	    userid => get_standard_option('userid-completed'),
 	}
     },
     returns => { type => 'null' },
-- 
2.11.0




More information about the pve-devel mailing list