api2/acl: add privs array to roles

so that an admin can see which roles have which privileges

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-05-20 12:15:31 +02:00 committed by Dietmar Maurer
parent 1ad9dd08f4
commit 5160c0e986

View File

@ -6,7 +6,7 @@ use proxmox::api::{api, Permission};
use proxmox::api::router::Router; use proxmox::api::router::Router;
use crate::api2::types::*; use crate::api2::types::*;
use crate::config::acl::{Role, ROLE_NAMES}; use crate::config::acl::{Role, ROLE_NAMES, PRIVILEGES};
#[api( #[api(
returns: { returns: {
@ -19,6 +19,14 @@ use crate::config::acl::{Role, ROLE_NAMES};
role: { role: {
type: Role, type: Role,
}, },
privs: {
type: Array,
description: "List of Privileges",
items: {
type: String,
description: "A Privilege",
},
},
comment: { comment: {
schema: SINGLE_LINE_COMMENT_SCHEMA, schema: SINGLE_LINE_COMMENT_SCHEMA,
optional: true, optional: true,
@ -34,8 +42,14 @@ use crate::config::acl::{Role, ROLE_NAMES};
fn list_roles() -> Result<Value, Error> { fn list_roles() -> Result<Value, Error> {
let mut list = Vec::new(); let mut list = Vec::new();
for (role, comment) in ROLE_NAMES.iter() { for (role, (privs, comment)) in ROLE_NAMES.iter() {
list.push(json!({ "role": role, "comment": comment })); let mut priv_list = Vec::new();
for (name, privilege) in PRIVILEGES.iter() {
if privs & privilege > 0 {
priv_list.push(name.clone());
}
}
list.push(json!({ "role": role, "privs": priv_list, "comment": comment }));
} }
Ok(list.into()) Ok(list.into())
} }