proxmox-backup/src/api2/access/user.rs

use anyhow::{bail, Error};
use serde_json::Value;

use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
use proxmox::api::schema::{Schema, StringSchema};
use proxmox::tools::fs::open_file_locked;

use crate::api2::types::*;
use crate::config::user;
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
use crate::config::cached_user_info::CachedUserInfo;

pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
    .format(&PASSWORD_FORMAT)
    .min_length(5)
    .max_length(64)
    .schema();

#[api(
    input: {
        properties: {},
    },
    returns: {
        description: "List users (with config digest).",
        type: Array,
        items: { type: user::User },
    },
    access: {
        permission: &Permission::Anybody,
        description: "Returns all or just the logged-in user, depending on privileges.",
    },
)]
/// List users
pub fn list_users(
    _param: Value,
    _info: &ApiMethod,
    mut rpcenv: &mut dyn RpcEnvironment,
) -> Result<Vec<user::User>, Error> {

    let (config, digest) = user::config()?;

    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;

    let top_level_privs = user_info.lookup_privs(&userid, &["access", "users"]);
    let top_level_allowed = (top_level_privs & PRIV_SYS_AUDIT) != 0;

    let filter_by_privs = |user: &user::User| {
        top_level_allowed || user.userid == userid
    };

    let list:Vec<user::User> = config.convert_to_typed_array("user")?;

    rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();

    Ok(list.into_iter().filter(filter_by_privs).collect())
}

#[api(
    protected: true,
    input: {
        properties: {
            userid: {
                type: Userid,
            },
            comment: {
                schema: SINGLE_LINE_COMMENT_SCHEMA,
                optional: true,
            },
            password: {
                schema: PBS_PASSWORD_SCHEMA,
                optional: true,
            },
            enable: {
                schema: user::ENABLE_USER_SCHEMA,
                optional: true,
            },
            expire: {
                schema: user::EXPIRE_USER_SCHEMA,
                optional: true,
            },
            firstname: {
                schema: user::FIRST_NAME_SCHEMA,
                optional: true,
            },
            lastname: {
                schema: user::LAST_NAME_SCHEMA,
                optional: true,
            },
            email: {
                schema: user::EMAIL_SCHEMA,
                optional: true,
            },
        },
    },
    access: {
        permission: &Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),
    },
)]
/// Create new user.
pub fn create_user(password: Option<String>, param: Value) -> Result<(), Error> {

    let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;

    let user: user::User = serde_json::from_value(param)?;

    let (mut config, _digest) = user::config()?;

    if let Some(_) = config.sections.get(user.userid.as_str()) {
        bail!("user '{}' already exists.", user.userid);
    }

    let authenticator = crate::auth::lookup_authenticator(&user.userid.realm())?;

    config.set_data(user.userid.as_str(), "user", &user)?;

    user::save_config(&config)?;

    if let Some(password) = password {
        authenticator.store_password(user.userid.name(), &password)?;
    }

    Ok(())
}

#[api(
   input: {
        properties: {
            userid: {
                type: Userid,
            },
         },
    },
    returns: {
        description: "The user configuration (with config digest).",
        type: user::User,
    },
    access: {
        permission: &Permission::Or(&[
            &Permission::Privilege(&["access", "users"], PRIV_SYS_AUDIT, false),
            &Permission::UserParam("userid"),
        ]),
    },
)]
/// Read user configuration data.
pub fn read_user(userid: Userid, mut rpcenv: &mut dyn RpcEnvironment) -> Result<user::User, Error> {
    let (config, digest) = user::config()?;
    let user = config.lookup("user", userid.as_str())?;
    rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
    Ok(user)
}

#[api(
    protected: true,
    input: {
        properties: {
            userid: {
                type: Userid,
            },
            comment: {
                optional: true,
                schema: SINGLE_LINE_COMMENT_SCHEMA,
            },
            password: {
                schema: PBS_PASSWORD_SCHEMA,
                optional: true,
            },
            enable: {
                schema: user::ENABLE_USER_SCHEMA,
                optional: true,
            },
            expire: {
                schema: user::EXPIRE_USER_SCHEMA,
                optional: true,
            },
            firstname: {
                schema: user::FIRST_NAME_SCHEMA,
                optional: true,
            },
            lastname: {
                schema: user::LAST_NAME_SCHEMA,
                optional: true,
            },
            email: {
                schema: user::EMAIL_SCHEMA,
                optional: true,
            },
            digest: {
                optional: true,
                schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
            },
        },
    },
    access: {
        permission: &Permission::Or(&[
            &Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),
            &Permission::UserParam("userid"),
        ]),
    },
)]
/// Update user configuration.
pub fn update_user(
    userid: Userid,
    comment: Option<String>,
    enable: Option<bool>,
    expire: Option<i64>,
    password: Option<String>,
    firstname: Option<String>,
    lastname: Option<String>,
    email: Option<String>,
    digest: Option<String>,
) -> Result<(), Error> {

    let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;

    let (mut config, expected_digest) = user::config()?;

    if let Some(ref digest) = digest {
        let digest = proxmox::tools::hex_to_digest(digest)?;
        crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
    }

    let mut data: user::User = config.lookup("user", userid.as_str())?;

    if let Some(comment) = comment {
        let comment = comment.trim().to_string();
        if comment.is_empty() {
            data.comment = None;
        } else {
            data.comment = Some(comment);
        }
    }

    if let Some(enable) = enable {
        data.enable = if enable { None } else { Some(false) };
    }

    if let Some(expire) = expire {
        data.expire = if expire > 0 { Some(expire) } else { None };
    }

    if let Some(password) = password {
        let authenticator = crate::auth::lookup_authenticator(userid.realm())?;
        authenticator.store_password(userid.name(), &password)?;
    }

    if let Some(firstname) = firstname {
        data.firstname = if firstname.is_empty() { None } else { Some(firstname) };
    }

    if let Some(lastname) = lastname {
        data.lastname = if lastname.is_empty() { None } else { Some(lastname) };
    }
    if let Some(email) = email {
        data.email = if email.is_empty() { None } else { Some(email) };
    }

    config.set_data(userid.as_str(), "user", &data)?;

    user::save_config(&config)?;

    Ok(())
}

#[api(
    protected: true,
    input: {
        properties: {
            userid: {
                type: Userid,
            },
            digest: {
                optional: true,
                schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
            },
        },
    },
    access: {
        permission: &Permission::Or(&[
            &Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),
            &Permission::UserParam("userid"),
        ]),
    },
)]
/// Remove a user from the configuration file.
pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {

    let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;

    let (mut config, expected_digest) = user::config()?;

    if let Some(ref digest) = digest {
        let digest = proxmox::tools::hex_to_digest(digest)?;
        crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
    }

    match config.sections.get(userid.as_str()) {
        Some(_) => { config.sections.remove(userid.as_str()); },
        None => bail!("user '{}' does not exist.", userid),
    }

    user::save_config(&config)?;

    Ok(())
}

const ITEM_ROUTER: Router = Router::new()
    .get(&API_METHOD_READ_USER)
    .put(&API_METHOD_UPDATE_USER)
    .delete(&API_METHOD_DELETE_USER);

pub const ROUTER: Router = Router::new()
    .get(&API_METHOD_LIST_USERS)
    .post(&API_METHOD_CREATE_USER)
    .match_all("userid", &ITEM_ROUTER);
switch from failure to anyhow Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-04-17 12:11:25 +00:00			`use anyhow::{bail, Error};`
add user configiguration 2020-04-06 10:09:27 +00:00			`use serde_json::Value;`

src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};`
add user configiguration 2020-04-06 10:09:27 +00:00			`use proxmox::api::schema::{Schema, StringSchema};`
remove timer and lock functions, fix building with proxmox 0.3.2 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-04 09:33:02 +00:00			`use proxmox::tools::fs::open_file_locked;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`use crate::api2::types::*;`
			`use crate::config::user;`
src/api2/access/user.rs: add access permissions 2020-04-17 09:04:36 +00:00			`use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`use crate::config::cached_user_info::CachedUserInfo;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")`
			`.format(&PASSWORD_FORMAT)`
			`.min_length(5)`
			`.max_length(64)`
			`.schema();`

			`#[api(`
			`input: {`
			`properties: {},`
			`},`
			`returns: {`
			`description: "List users (with config digest).",`
			`type: Array,`
src/api2/access/user.rs: remove useless description The description is not used at all if we refer to a type. 2020-05-20 09:27:58 +00:00			`items: { type: user::User },`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`access: {`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`permission: &Permission::Anybody,`
			`description: "Returns all or just the logged-in user, depending on privileges.",`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`)]`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`/// List users`
add user configiguration 2020-04-06 10:09:27 +00:00			`pub fn list_users(`
			`_param: Value,`
			`_info: &ApiMethod,`
use new 'id_property' for user::User and use it in api calls this allows us to return a user::User (or Vec<> of it) instead of a generic serde value Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-18 12:18:36 +00:00			`mut rpcenv: &mut dyn RpcEnvironment,`
			`) -> Result<Vec<user::User>, Error> {`
add user configiguration 2020-04-06 10:09:27 +00:00
			`let (config, digest) = user::config()?;`

fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`let userid: Userid = rpcenv.get_user().unwrap().parse()?;`
			`let user_info = CachedUserInfo::new()?;`

			`let top_level_privs = user_info.lookup_privs(&userid, &["access", "users"]);`
			`let top_level_allowed = (top_level_privs & PRIV_SYS_AUDIT) != 0;`

			`let filter_by_privs = \|user: &user::User\| {`
			`top_level_allowed \|\| user.userid == userid`
			`};`

			`let list:Vec<user::User> = config.convert_to_typed_array("user")?;`
use new 'id_property' for user::User and use it in api calls this allows us to return a user::User (or Vec<> of it) instead of a generic serde value Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-18 12:18:36 +00:00
			`rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();`
add user configiguration 2020-04-06 10:09:27 +00:00
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`Ok(list.into_iter().filter(filter_by_privs).collect())`
add user configiguration 2020-04-06 10:09:27 +00:00			`}`

			`#[api(`
			`protected: true,`
			`input: {`
			`properties: {`
			`userid: {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`type: Userid,`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
			`comment: {`
			`schema: SINGLE_LINE_COMMENT_SCHEMA,`
			`optional: true,`
			`},`
			`password: {`
			`schema: PBS_PASSWORD_SCHEMA,`
			`optional: true,`
			`},`
			`enable: {`
			`schema: user::ENABLE_USER_SCHEMA,`
			`optional: true,`
			`},`
			`expire: {`
			`schema: user::EXPIRE_USER_SCHEMA,`
			`optional: true,`
			`},`
			`firstname: {`
			`schema: user::FIRST_NAME_SCHEMA,`
			`optional: true,`
			`},`
			`lastname: {`
			`schema: user::LAST_NAME_SCHEMA,`
			`optional: true,`
			`},`
			`email: {`
			`schema: user::EMAIL_SCHEMA,`
			`optional: true,`
			`},`
			`},`
			`},`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`access: {`
use reasonable acl paths 2020-04-30 07:30:00 +00:00			`permission: &Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`)]`
			`/// Create new user.`
depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code 2020-05-19 07:49:39 +00:00			`pub fn create_user(password: Option<String>, param: Value) -> Result<(), Error> {`
add user configiguration 2020-04-06 10:09:27 +00:00
depend on proxmox 0.4.2 2020-09-28 08:50:44 +00:00			`let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code 2020-05-19 07:49:39 +00:00			`let user: user::User = serde_json::from_value(param)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`let (mut config, _digest) = user::config()?;`

introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`if let Some(_) = config.sections.get(user.userid.as_str()) {`
depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code 2020-05-19 07:49:39 +00:00			`bail!("user '{}' already exists.", user.userid);`
add user configiguration 2020-04-06 10:09:27 +00:00			`}`

introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`let authenticator = crate::auth::lookup_authenticator(&user.userid.realm())?;`
add user configiguration 2020-04-06 10:09:27 +00:00
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`config.set_data(user.userid.as_str(), "user", &user)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`user::save_config(&config)?;`

implement auth framework 2020-04-08 09:57:14 +00:00			`if let Some(password) = password {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`authenticator.store_password(user.userid.name(), &password)?;`
implement auth framework 2020-04-08 09:57:14 +00:00			`}`

add user configiguration 2020-04-06 10:09:27 +00:00			`Ok(())`
			`}`

			`#[api(`
			`input: {`
			`properties: {`
			`userid: {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`type: Userid,`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
api: move config/user to access/users, implement change_password To make it similar to the pve api 2020-04-09 08:19:38 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
			`returns: {`
			`description: "The user configuration (with config digest).",`
			`type: user::User,`
			`},`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`access: {`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`permission: &Permission::Or(&[`
			`&Permission::Privilege(&["access", "users"], PRIV_SYS_AUDIT, false),`
			`&Permission::UserParam("userid"),`
			`]),`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`)]`
			`/// Read user configuration data.`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`pub fn read_user(userid: Userid, mut rpcenv: &mut dyn RpcEnvironment) -> Result<user::User, Error> {`
add user configiguration 2020-04-06 10:09:27 +00:00			`let (config, digest) = user::config()?;`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`let user = config.lookup("user", userid.as_str())?;`
use new 'id_property' for user::User and use it in api calls this allows us to return a user::User (or Vec<> of it) instead of a generic serde value Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-18 12:18:36 +00:00			`rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();`
			`Ok(user)`
add user configiguration 2020-04-06 10:09:27 +00:00			`}`

			`#[api(`
			`protected: true,`
			`input: {`
			`properties: {`
			`userid: {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`type: Userid,`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
			`comment: {`
			`optional: true,`
			`schema: SINGLE_LINE_COMMENT_SCHEMA,`
			`},`
			`password: {`
			`schema: PBS_PASSWORD_SCHEMA,`
			`optional: true,`
			`},`
			`enable: {`
			`schema: user::ENABLE_USER_SCHEMA,`
			`optional: true,`
			`},`
			`expire: {`
			`schema: user::EXPIRE_USER_SCHEMA,`
			`optional: true,`
			`},`
			`firstname: {`
			`schema: user::FIRST_NAME_SCHEMA,`
			`optional: true,`
			`},`
			`lastname: {`
			`schema: user::LAST_NAME_SCHEMA,`
			`optional: true,`
			`},`
			`email: {`
			`schema: user::EMAIL_SCHEMA,`
			`optional: true,`
			`},`
			`digest: {`
			`optional: true,`
			`schema: PROXMOX_CONFIG_DIGEST_SCHEMA,`
			`},`
			`},`
			`},`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`access: {`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`permission: &Permission::Or(&[`
			`&Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),`
			`&Permission::UserParam("userid"),`
			`]),`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`)]`
			`/// Update user configuration.`
			`pub fn update_user(`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`userid: Userid,`
add user configiguration 2020-04-06 10:09:27 +00:00			`comment: Option<String>,`
			`enable: Option<bool>,`
			`expire: Option<i64>,`
			`password: Option<String>,`
			`firstname: Option<String>,`
			`lastname: Option<String>,`
			`email: Option<String>,`
			`digest: Option<String>,`
			`) -> Result<(), Error> {`

depend on proxmox 0.4.2 2020-09-28 08:50:44 +00:00			`let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`let (mut config, expected_digest) = user::config()?;`

			`if let Some(ref digest) = digest {`
			`let digest = proxmox::tools::hex_to_digest(digest)?;`
			`crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;`
			`}`

introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`let mut data: user::User = config.lookup("user", userid.as_str())?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`if let Some(comment) = comment {`
			`let comment = comment.trim().to_string();`
			`if comment.is_empty() {`
			`data.comment = None;`
			`} else {`
			`data.comment = Some(comment);`
			`}`
			`}`

			`if let Some(enable) = enable {`
			`data.enable = if enable { None } else { Some(false) };`
			`}`

			`if let Some(expire) = expire {`
			`data.expire = if expire > 0 { Some(expire) } else { None };`
			`}`

			`if let Some(password) = password {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`let authenticator = crate::auth::lookup_authenticator(userid.realm())?;`
			`authenticator.store_password(userid.name(), &password)?;`
add user configiguration 2020-04-06 10:09:27 +00:00			`}`

			`if let Some(firstname) = firstname {`
			`data.firstname = if firstname.is_empty() { None } else { Some(firstname) };`
			`}`

			`if let Some(lastname) = lastname {`
			`data.lastname = if lastname.is_empty() { None } else { Some(lastname) };`
			`}`
			`if let Some(email) = email {`
			`data.email = if email.is_empty() { None } else { Some(email) };`
			`}`

introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`config.set_data(userid.as_str(), "user", &data)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`user::save_config(&config)?;`

			`Ok(())`
			`}`

			`#[api(`
			`protected: true,`
			`input: {`
			`properties: {`
			`userid: {`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`type: Userid,`
add user configiguration 2020-04-06 10:09:27 +00:00			`},`
			`digest: {`
			`optional: true,`
			`schema: PROXMOX_CONFIG_DIGEST_SCHEMA,`
			`},`
			`},`
			`},`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`access: {`
fix #3015: allow user self-service listing, updating or deleting a user is now possible for the user itself, in addition to higher-privileged users that have appropriate privileges on '/access/users'. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-09-18 13:01:06 +00:00			`permission: &Permission::Or(&[`
			`&Permission::Privilege(&["access", "users"], PRIV_PERMISSIONS_MODIFY, false),`
			`&Permission::UserParam("userid"),`
			`]),`
src/api2/access/user.rs: add access permissions 2020-04-17 08:08:45 +00:00			`},`
add user configiguration 2020-04-06 10:09:27 +00:00			`)]`
			`/// Remove a user from the configuration file.`
introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {`
add user configiguration 2020-04-06 10:09:27 +00:00
depend on proxmox 0.4.2 2020-09-28 08:50:44 +00:00			`let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0), true)?;`
add user configiguration 2020-04-06 10:09:27 +00:00
			`let (mut config, expected_digest) = user::config()?;`

			`if let Some(ref digest) = digest {`
			`let digest = proxmox::tools::hex_to_digest(digest)?;`
			`crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;`
			`}`

introduce Username, Realm and Userid api types and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-08-06 13:46:01 +00:00			`match config.sections.get(userid.as_str()) {`
			`Some(_) => { config.sections.remove(userid.as_str()); },`
add user configiguration 2020-04-06 10:09:27 +00:00			`None => bail!("user '{}' does not exist.", userid),`
			`}`

			`user::save_config(&config)?;`

			`Ok(())`
			`}`

			`const ITEM_ROUTER: Router = Router::new()`
			`.get(&API_METHOD_READ_USER)`
			`.put(&API_METHOD_UPDATE_USER)`
			`.delete(&API_METHOD_DELETE_USER);`

			`pub const ROUTER: Router = Router::new()`
			`.get(&API_METHOD_LIST_USERS)`
			`.post(&API_METHOD_CREATE_USER)`
			`.match_all("userid", &ITEM_ROUTER);`