diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs index 6a4bc57c..9354ae42 100644 --- a/src/api2/access/user.rs +++ b/src/api2/access/user.rs @@ -1,11 +1,12 @@ use failure::*; use serde_json::Value; -use proxmox::api::{api, ApiMethod, Router, RpcEnvironment}; +use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission}; use proxmox::api::schema::{Schema, StringSchema}; use crate::api2::types::*; use crate::config::user; +use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY}; pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.") .format(&PASSWORD_FORMAT) @@ -54,6 +55,9 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.") }, }, }, + access: { + permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false), + }, )] /// List all users pub fn list_users( @@ -106,6 +110,9 @@ pub fn list_users( }, }, }, + access: { + permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false), + }, )] /// Create new user. pub fn create_user(userid: String, password: Option, param: Value) -> Result<(), Error> { @@ -146,6 +153,9 @@ pub fn create_user(userid: String, password: Option, param: Value) -> Re description: "The user configuration (with config digest).", type: user::User, }, + access: { + permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false), + }, )] /// Read user configuration data. pub fn read_user(userid: String) -> Result { @@ -197,6 +207,9 @@ pub fn read_user(userid: String) -> Result { }, }, }, + access: { + permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false), + }, )] /// Update user configuration. pub fn update_user( @@ -276,6 +289,9 @@ pub fn update_user( }, }, }, + access: { + permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false), + }, )] /// Remove a user from the configuration file. pub fn delete_user(userid: String, digest: Option) -> Result<(), Error> {