src/api2/access/role.rs: new api to list roles

2020-04-17 14:03:24 +02:00 · 2020-04-17 14:03:24 +02:00 · 3fff55b293
commit 3fff55b293
parent 4f66423fcc
4 changed files with 73 additions and 8 deletions
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@ -18,6 +18,7 @@ use crate::config::acl::PRIV_PERMISSIONS_MODIFY;
 pub mod user;
 pub mod domain;
 pub mod acl;
 pub mod role;
 fn authenticate_user(username: &str, password: &str) -> Result<(), Error> {
@ -166,6 +167,7 @@ const SUBDIRS: SubdirMap = &sorted!([
            .post(&API_METHOD_CREATE_TICKET)
    ),
    ("domains", &domain::ROUTER),
    ("roles", &role::ROUTER),
    ("users", &user::ROUTER),
 ]);
--- a/src/api2/access/role.rs
+++ b/src/api2/access/role.rs
@ -0,0 +1,45 @@
 use failure::*;
 use serde_json::{json, Value};
 use proxmox::api::{api, Permission};
 use proxmox::api::router::Router;
 use crate::api2::types::*;
 use crate::config::acl::ROLE_NAMES;
 #[api(
    returns: {
        description: "List of roles.",
        type: Array,
        items: {
            type: Object,
            description: "User name with description.",
            properties: {
                role: {
                    description: "Role name.",
                    type: String,
                },
                comment: {
                    schema: SINGLE_LINE_COMMENT_SCHEMA,
                    optional: true,
                },
            },
        }
    },
    access: {
        permission: &Permission::Anybody,
    }
 )]
 /// Role list
 fn list_roles() -> Result<Value, Error> {
    let mut list = Vec::new();
    for (role, comment) in ROLE_NAMES.iter() {
        list.push(json!({ "role": role, "comment": comment }));
    }
    Ok(list.into())
 }
 pub const ROUTER: Router = Router::new()
    .get(&API_METHOD_LIST_ROLES);
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@ -41,16 +41,34 @@ pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT;
 pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess";
 lazy_static! {
-    pub static ref ROLE_NAMES: HashMap<&'static str, u64> = {
+    pub static ref ROLE_NAMES: HashMap<&'static str, (u64, &'static str)> = {
        let mut map = HashMap::new();
-        map.insert("Admin", ROLE_ADMIN);
+        map.insert("Admin", (
-        map.insert("Audit", ROLE_AUDIT);
+            ROLE_ADMIN,
-        map.insert(ROLE_NAME_NO_ACCESS, ROLE_NO_ACCESS);
+            "Administrator",
        ));
        map.insert("Audit", (
            ROLE_AUDIT,
            "Auditor",
        ));
        map.insert(ROLE_NAME_NO_ACCESS, (
            ROLE_NO_ACCESS,
            "Disable access",
        ));
-        map.insert("Datastore.Admin", ROLE_DATASTORE_ADMIN);
+        map.insert("Datastore.Admin", (
-        map.insert("Datastore.User", ROLE_DATASTORE_USER);
+            ROLE_DATASTORE_ADMIN,
-        map.insert("Datastore.Audit", ROLE_DATASTORE_AUDIT);
+            "Datastore Administrator",
        ));
        map.insert("Datastore.User", (
            ROLE_DATASTORE_USER,
            "Datastore User",
        ));
        map.insert("Datastore.Audit", (
            ROLE_DATASTORE_AUDIT,
            "Datastore Auditor",
        ));
        map
    };
--- a/src/config/cached_user_info.rs
+++ b/src/config/cached_user_info.rs
@ -60,7 +60,7 @@ impl UserInformation for CachedUserInfo {
        let roles = self.acl_tree.roles(userid, path);
        let mut privs: u64 = 0;
        for role in roles {
-            if let Some(role_privs) = ROLE_NAMES.get(role.as_str()) {
+            if let Some((role_privs, _)) = ROLE_NAMES.get(role.as_str()) {
                privs |= role_privs;
            }
        }