[pve-devel] [PATCH access-control] fix #1998: correct return properties for read_role

Dominik Csapak d.csapak at proxmox.com
Fri Nov 23 14:11:51 CET 2018


we have each privilege as property of the return object,
so we generate it from $valid_privs

this has the advantage that all privileges are well documented
with that api call

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 PVE/API2/Role.pm     |  4 +---
 PVE/AccessControl.pm | 11 +++++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 80959b0..83e4a9d 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -163,9 +163,7 @@ __PACKAGE__->register_method ({
     returns => {
 	type => "object",
 	additionalProperties => 0,
-	properties => {
-	    privs =>  get_standard_option('role-privs'),
-	},
+	properties => PVE::AccessControl::create_priv_properties(),
     },
     code => sub {
 	my ($param) = @_;
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 44fc0aa..bdadfd2 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -499,6 +499,17 @@ sub create_roles {
 
 create_roles();
 
+sub create_priv_properties {
+    my $properties = {};
+    foreach my $priv (keys %$valid_privs) {
+	$properties->{$priv} = {
+	    type => 'boolean',
+	    optional => 1,
+	};
+    }
+    return $properties;
+}
+
 sub role_is_special {
     my ($role) = @_;
     return (exists $special_roles->{$role}) ? 1 : 0;
-- 
2.11.0





More information about the pve-devel mailing list