[pve-devel] [PATCH v2 pve-network 11/15] add permissions
Alexandre Derumier
aderumier at odiso.com
Tue Nov 26 10:00:26 CET 2019
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/API2/Network/SDN.pm | 8 +++---
PVE/API2/Network/SDN/Controllers.pm | 36 +++++++++++++--------------
PVE/API2/Network/SDN/Vnets.pm | 36 +++++++++++++--------------
PVE/API2/Network/SDN/Zones.pm | 36 +++++++++++++--------------
PVE/API2/Network/SDN/Zones/Content.pm | 6 ++---
PVE/API2/Network/SDN/Zones/Status.pm | 6 ++---
6 files changed, 64 insertions(+), 64 deletions(-)
diff --git a/PVE/API2/Network/SDN.pm b/PVE/API2/Network/SDN.pm
index 66856c5..2d76b2e 100644
--- a/PVE/API2/Network/SDN.pm
+++ b/PVE/API2/Network/SDN.pm
@@ -37,7 +37,7 @@ __PACKAGE__->register_method({
method => 'GET',
description => "Directory index.",
permissions => {
- check => ['perm', '/', [ 'Sys.Audit' ]],
+ check => ['perm', '/', [ 'SDN.Audit' ]],
},
parameters => {
additionalProperties => 0,
@@ -82,9 +82,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'PUT',
description => "Apply sdn controller changes && reload.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
},
diff --git a/PVE/API2/Network/SDN/Controllers.pm b/PVE/API2/Network/SDN/Controllers.pm
index a740dbd..70ecd60 100644
--- a/PVE/API2/Network/SDN/Controllers.pm
+++ b/PVE/API2/Network/SDN/Controllers.pm
@@ -38,7 +38,7 @@ __PACKAGE__->register_method ({
method => 'GET',
description => "SDN controllers index.",
permissions => {
- description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/controllers/<controller>'",
+ description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/controllers/<controller>'",
user => 'all',
},
parameters => {
@@ -74,8 +74,8 @@ __PACKAGE__->register_method ({
my @sids = PVE::Network::SDN::Controllers::sdn_controllers_ids($cfg);
my $res = [];
foreach my $id (@sids) {
-# my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-# next if !$rpcenv->check_any($authuser, "/cluster/sdn/controllers/$id", $privs, 1);
+ my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+ next if !$rpcenv->check_any($authuser, "/sdn/controllers/$id", $privs, 1);
my $scfg = &$api_sdn_controllers_config($cfg, $id);
next if $param->{type} && $param->{type} ne $scfg->{type};
@@ -93,9 +93,9 @@ __PACKAGE__->register_method ({
path => '{controller}',
method => 'GET',
description => "Read sdn controller configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers/{controller}', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/controllers/{controller}', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
@@ -118,9 +118,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'POST',
description => "Create a new sdn controller object.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::Controllers::Plugin->createSchema(),
returns => { type => 'null' },
code => sub {
@@ -158,9 +158,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'DELETE',
description => "Revert sdn controller changes.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
},
@@ -180,9 +180,9 @@ __PACKAGE__->register_method ({
path => '{controller}',
method => 'PUT',
description => "Update sdn controller object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::Controllers::Plugin->updateSchema(),
returns => { type => 'null' },
code => sub {
@@ -222,9 +222,9 @@ __PACKAGE__->register_method ({
path => '{controller}',
method => 'DELETE',
description => "Delete sdn controller object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/controllers', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/controllers', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
properties => {
diff --git a/PVE/API2/Network/SDN/Vnets.pm b/PVE/API2/Network/SDN/Vnets.pm
index bb3415f..d66cd14 100644
--- a/PVE/API2/Network/SDN/Vnets.pm
+++ b/PVE/API2/Network/SDN/Vnets.pm
@@ -33,7 +33,7 @@ __PACKAGE__->register_method ({
method => 'GET',
description => "SDN vnets index.",
permissions => {
- description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/vnets/<vnet>'",
+ description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/vnets/<vnet>'",
user => 'all',
},
parameters => {
@@ -59,8 +59,8 @@ __PACKAGE__->register_method ({
my @sids = PVE::Network::SDN::Vnets::sdn_vnets_ids($cfg);
my $res = [];
foreach my $id (@sids) {
-# my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-# next if !$rpcenv->check_any($authuser, "/cluster/sdn/vnets/$id", $privs, 1);
+ my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+ next if !$rpcenv->check_any($authuser, "/sdn/vnets/$id", $privs, 1);
my $scfg = &$api_sdn_vnets_config($cfg, $id);
push @$res, $scfg;
@@ -74,9 +74,9 @@ __PACKAGE__->register_method ({
path => '{vnet}',
method => 'GET',
description => "Read sdn vnet configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/vnets/{vnet}', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/vnets/{vnet}', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
@@ -101,9 +101,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'POST',
description => "Create a new sdn vnet object.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::VnetPlugin->createSchema(),
returns => { type => 'null' },
code => sub {
@@ -139,9 +139,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'DELETE',
description => "Revert sdn vnet changes.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
},
@@ -161,9 +161,9 @@ __PACKAGE__->register_method ({
path => '{vnet}',
method => 'PUT',
description => "Update sdn vnet object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::VnetPlugin->updateSchema(),
returns => { type => 'null' },
code => sub {
@@ -201,9 +201,9 @@ __PACKAGE__->register_method ({
path => '{vnet}',
method => 'DELETE',
description => "Delete sdn vnet object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/vnets', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/vnets', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
properties => {
diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm
index 00380dc..d149290 100644
--- a/PVE/API2/Network/SDN/Zones.pm
+++ b/PVE/API2/Network/SDN/Zones.pm
@@ -45,7 +45,7 @@ __PACKAGE__->register_method ({
method => 'GET',
description => "SDN zones index.",
permissions => {
- description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/cluster/sdn/zones/<zone>'",
+ description => "Only list entries where you have 'SDN.Audit' or 'SDN.Allocate' permissions on '/sdn/zones/<zone>'",
user => 'all',
},
parameters => {
@@ -81,8 +81,8 @@ __PACKAGE__->register_method ({
my @sids = PVE::Network::SDN::Zones::sdn_zones_ids($cfg);
my $res = [];
foreach my $id (@sids) {
-# my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
-# next if !$rpcenv->check_any($authuser, "/cluster/sdn/zones/$id", $privs, 1);
+ my $privs = [ 'SDN.Audit', 'SDN.Allocate' ];
+ next if !$rpcenv->check_any($authuser, "/sdn/zones/$id", $privs, 1);
my $scfg = &$api_sdn_zones_config($cfg, $id);
next if $param->{type} && $param->{type} ne $scfg->{type};
@@ -100,9 +100,9 @@ __PACKAGE__->register_method ({
path => '{zone}',
method => 'GET',
description => "Read sdn zone configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/zones/{zone}', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones/{zone}', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
@@ -125,9 +125,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'POST',
description => "Create a new sdn zone object.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::Zones::Plugin->createSchema(),
returns => { type => 'null' },
code => sub {
@@ -166,9 +166,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'DELETE',
description => "Revert sdn zone changes.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
},
@@ -188,9 +188,9 @@ __PACKAGE__->register_method ({
path => '{zone}',
method => 'PUT',
description => "Update sdn zone object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+ },
parameters => PVE::Network::SDN::Zones::Plugin->updateSchema(),
returns => { type => 'null' },
code => sub {
@@ -231,9 +231,9 @@ __PACKAGE__->register_method ({
path => '{zone}',
method => 'DELETE',
description => "Delete sdn zone object configuration.",
-# permissions => {
-# check => ['perm', '/cluster/sdn/zones', ['SDN.Allocate']],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones', ['SDN.Allocate']],
+ },
parameters => {
additionalProperties => 0,
properties => {
diff --git a/PVE/API2/Network/SDN/Zones/Content.pm b/PVE/API2/Network/SDN/Zones/Content.pm
index 94536fb..f391201 100644
--- a/PVE/API2/Network/SDN/Zones/Content.pm
+++ b/PVE/API2/Network/SDN/Zones/Content.pm
@@ -21,9 +21,9 @@ __PACKAGE__->register_method ({
path => '',
method => 'GET',
description => "List zone content.",
-# permissions => {
-# check => ['perm', '/sdn/{sdn}', ['SDN.Audit'], any => 1],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones/{zone}', ['SDN.Audit'], any => 1],
+ },
protected => 1,
proxyto => 'node',
parameters => {
diff --git a/PVE/API2/Network/SDN/Zones/Status.pm b/PVE/API2/Network/SDN/Zones/Status.pm
index ee44f18..b543a17 100644
--- a/PVE/API2/Network/SDN/Zones/Status.pm
+++ b/PVE/API2/Network/SDN/Zones/Status.pm
@@ -78,9 +78,9 @@ __PACKAGE__->register_method ({
path => '{zone}',
method => 'GET',
description => "",
-# permissions => {
-# check => ['perm', '/sdn/{sdn}', ['SDN.Audit'], any => 1],
-# },
+ permissions => {
+ check => ['perm', '/sdn/zones/{zone}', ['SDN.Audit'], any => 1],
+ },
parameters => {
additionalProperties => 0,
properties => {
--
2.20.1
More information about the pve-devel
mailing list