diff --git a/src/api2/access.rs b/src/api2/access.rs index 4b148494..8a483b5d 100644 --- a/src/api2/access.rs +++ b/src/api2/access.rs @@ -18,6 +18,7 @@ use crate::config::acl::PRIV_PERMISSIONS_MODIFY; pub mod user; pub mod domain; pub mod acl; +pub mod role; fn authenticate_user(username: &str, password: &str) -> Result<(), Error> { @@ -166,6 +167,7 @@ const SUBDIRS: SubdirMap = &sorted!([ .post(&API_METHOD_CREATE_TICKET) ), ("domains", &domain::ROUTER), + ("roles", &role::ROUTER), ("users", &user::ROUTER), ]); diff --git a/src/api2/access/role.rs b/src/api2/access/role.rs new file mode 100644 index 00000000..cd30e0c9 --- /dev/null +++ b/src/api2/access/role.rs @@ -0,0 +1,45 @@ +use failure::*; + +use serde_json::{json, Value}; + +use proxmox::api::{api, Permission}; +use proxmox::api::router::Router; + +use crate::api2::types::*; +use crate::config::acl::ROLE_NAMES; + +#[api( + returns: { + description: "List of roles.", + type: Array, + items: { + type: Object, + description: "User name with description.", + properties: { + role: { + description: "Role name.", + type: String, + }, + comment: { + schema: SINGLE_LINE_COMMENT_SCHEMA, + optional: true, + }, + }, + } + }, + access: { + permission: &Permission::Anybody, + } +)] +/// Role list +fn list_roles() -> Result { + let mut list = Vec::new(); + + for (role, comment) in ROLE_NAMES.iter() { + list.push(json!({ "role": role, "comment": comment })); + } + Ok(list.into()) +} + +pub const ROUTER: Router = Router::new() + .get(&API_METHOD_LIST_ROLES); diff --git a/src/config/acl.rs b/src/config/acl.rs index 4028362b..adf1b9a6 100644 --- a/src/config/acl.rs +++ b/src/config/acl.rs @@ -41,16 +41,34 @@ pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT; pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess"; lazy_static! { - pub static ref ROLE_NAMES: HashMap<&'static str, u64> = { + pub static ref ROLE_NAMES: HashMap<&'static str, (u64, &'static str)> = { let mut map = HashMap::new(); - map.insert("Admin", ROLE_ADMIN); - map.insert("Audit", ROLE_AUDIT); - map.insert(ROLE_NAME_NO_ACCESS, ROLE_NO_ACCESS); + map.insert("Admin", ( + ROLE_ADMIN, + "Administrator", + )); + map.insert("Audit", ( + ROLE_AUDIT, + "Auditor", + )); + map.insert(ROLE_NAME_NO_ACCESS, ( + ROLE_NO_ACCESS, + "Disable access", + )); - map.insert("Datastore.Admin", ROLE_DATASTORE_ADMIN); - map.insert("Datastore.User", ROLE_DATASTORE_USER); - map.insert("Datastore.Audit", ROLE_DATASTORE_AUDIT); + map.insert("Datastore.Admin", ( + ROLE_DATASTORE_ADMIN, + "Datastore Administrator", + )); + map.insert("Datastore.User", ( + ROLE_DATASTORE_USER, + "Datastore User", + )); + map.insert("Datastore.Audit", ( + ROLE_DATASTORE_AUDIT, + "Datastore Auditor", + )); map }; diff --git a/src/config/cached_user_info.rs b/src/config/cached_user_info.rs index 65378b44..15520f78 100644 --- a/src/config/cached_user_info.rs +++ b/src/config/cached_user_info.rs @@ -60,7 +60,7 @@ impl UserInformation for CachedUserInfo { let roles = self.acl_tree.roles(userid, path); let mut privs: u64 = 0; for role in roles { - if let Some(role_privs) = ROLE_NAMES.get(role.as_str()) { + if let Some((role_privs, _)) = ROLE_NAMES.get(role.as_str()) { privs |= role_privs; } }