[pve-devel] applied: [PATCH v3 access-control 09/20] API: add group and token info to user index

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jan 29 21:41:39 CET 2020


On 1/21/20 1:54 PM, Fabian Grünbichler wrote:
> otherwise we need 1+N API calls to retrieve the full user+token picture
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> 
> Notes:
>     new in v2
> 
>  PVE/API2/User.pm | 21 +++++++++++++++++++--
>  1 file changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
> index fb985dd..0fc88ad 100644
> --- a/PVE/API2/User.pm
> +++ b/PVE/API2/User.pm
> @@ -119,6 +119,12 @@ __PACKAGE__->register_method ({
>  		type => 'boolean',
>  		description => "Optional filter for enable property.",
>  		optional => 1,
> +	    },
> +	    full => {
> +		type => 'boolean',
> +		description => "Include group and token information.",
> +		optional => 1,
> +		default => 0,
>  	    }
>  	},
>      },
> @@ -135,6 +141,14 @@ __PACKAGE__->register_method ({
>  	        email => get_standard_option('user-email'),
>  	        comment => get_standard_option('user-comment'),
>  	        keys => get_standard_option('user-keys'),
> +	        groups => get_standard_option('group-list'),
> +		tokens => {
> +		    type => 'array',
> +		    optional => 1,
> +		    items => $token_info_extend->({
> +			tokenid => get_standard_option('token-subid'),
> +		    }),
> +		}
>  	    },
>  	},
>  	links => [ { rel => 'child', href => "{userid}" } ],
> @@ -154,18 +168,21 @@ __PACKAGE__->register_method ({
>  	my $allowed_users = $rpcenv->group_member_join([keys %$groups]);
>  
>  	foreach my $user (keys %{$usercfg->{users}}) {
> -
>  	    if (!($canUserMod || $user eq $authuser)) {
>  		next if !$allowed_users->{$user};
>  	    }
>  
> -	    my $entry = &$extract_user_data($usercfg->{users}->{$user});
> +	    my $entry = &$extract_user_data($usercfg->{users}->{$user}, $param->{full});
>  
>  	    if (defined($param->{enabled})) {
>  		next if $entry->{enable} && !$param->{enabled};
>  		next if !$entry->{enable} && $param->{enabled};
>  	    }
>  
> +	    $entry->{groups} = join(',', @{$entry->{groups}}) if $entry->{groups};
> +	    $entry->{tokens} = [ map { { tokenid => $_, %{$entry->{tokens}->{$_}} } } sort keys %{$entry->{tokens}} ]
> +		if defined($entry->{tokens});
> +
>  	    $entry->{userid} = $user;
>  	    push @$res, $entry;
>  	}
> 

applied




More information about the pve-devel mailing list