src/api2/access/role.rs: new api to list roles

src/api2/access.rs

@@ -18,6 +18,7 @@ use crate::config::acl::PRIV_PERMISSIONS_MODIFY;
 pub mod user;
 pub mod domain;
 pub mod acl;
+pub mod role;
 
 fn authenticate_user(username: &str, password: &str) -> Result<(), Error> {
 
@@ -166,6 +167,7 @@ const SUBDIRS: SubdirMap = &sorted!([
             .post(&API_METHOD_CREATE_TICKET)
     ),
     ("domains", &domain::ROUTER),
+    ("roles", &role::ROUTER),
     ("users", &user::ROUTER),
 ]);
 

src/api2/access/role.rs

@@ -0,0 +1,45 @@
+use failure::*;
+
+use serde_json::{json, Value};
+
+use proxmox::api::{api, Permission};
+use proxmox::api::router::Router;
+
+use crate::api2::types::*;
+use crate::config::acl::ROLE_NAMES;
+
+#[api(
+    returns: {
+        description: "List of roles.",
+        type: Array,
+        items: {
+            type: Object,
+            description: "User name with description.",
+            properties: {
+                role: {
+                    description: "Role name.",
+                    type: String,
+                },
+                comment: {
+                    schema: SINGLE_LINE_COMMENT_SCHEMA,
+                    optional: true,
+                },
+            },
+        }
+    },
+    access: {
+        permission: &Permission::Anybody,
+    }
+)]
+/// Role list
+fn list_roles() -> Result<Value, Error> {
+    let mut list = Vec::new();
+
+    for (role, comment) in ROLE_NAMES.iter() {
+        list.push(json!({ "role": role, "comment": comment }));
+    }
+    Ok(list.into())
+}
+
+pub const ROUTER: Router = Router::new()
+    .get(&API_METHOD_LIST_ROLES);

src/config/acl.rs

@@ -41,16 +41,34 @@ pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT;
 pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess";
 
 lazy_static! {
-    pub static ref ROLE_NAMES: HashMap<&'static str, u64> = {
+    pub static ref ROLE_NAMES: HashMap<&'static str, (u64, &'static str)> = {
         let mut map = HashMap::new();
 
-        map.insert("Admin", ROLE_ADMIN);
-        map.insert("Audit", ROLE_AUDIT);
-        map.insert(ROLE_NAME_NO_ACCESS, ROLE_NO_ACCESS);
+        map.insert("Admin", (
+            ROLE_ADMIN,
+            "Administrator",
+        ));
+        map.insert("Audit", (
+            ROLE_AUDIT,
+            "Auditor",
+        ));
+        map.insert(ROLE_NAME_NO_ACCESS, (
+            ROLE_NO_ACCESS,
+            "Disable access",
+        ));
 
-        map.insert("Datastore.Admin", ROLE_DATASTORE_ADMIN);
-        map.insert("Datastore.User", ROLE_DATASTORE_USER);
-        map.insert("Datastore.Audit", ROLE_DATASTORE_AUDIT);
+        map.insert("Datastore.Admin", (
+            ROLE_DATASTORE_ADMIN,
+            "Datastore Administrator",
+        ));
+        map.insert("Datastore.User", (
+            ROLE_DATASTORE_USER,
+            "Datastore User",
+        ));
+        map.insert("Datastore.Audit", (
+            ROLE_DATASTORE_AUDIT,
+            "Datastore Auditor",
+        ));
 
         map
     };

src/config/cached_user_info.rs

@@ -60,7 +60,7 @@ impl UserInformation for CachedUserInfo {
         let roles = self.acl_tree.roles(userid, path);
         let mut privs: u64 = 0;
         for role in roles {
-            if let Some(role_privs) = ROLE_NAMES.get(role.as_str()) {
+            if let Some((role_privs, _)) = ROLE_NAMES.get(role.as_str()) {
                 privs |= role_privs;
             }
         }