From d4f020f4c523a926dcf1d8087932e7a829bf0bb3 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 17 Apr 2020 10:08:45 +0200
Subject: [PATCH] src/api2/access/user.rs: add access permissions

---
 src/api2/access/user.rs | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs
index 6a4bc57c..9354ae42 100644
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@@ -1,11 +1,12 @@
 use failure::*;
 use serde_json::Value;
 
-use proxmox::api::{api, ApiMethod, Router, RpcEnvironment};
+use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
 use proxmox::api::schema::{Schema, StringSchema};
 
 use crate::api2::types::*;
 use crate::config::user;
+use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
 
 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
     .format(&PASSWORD_FORMAT)
@@ -54,6 +55,9 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
             },
         },
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// List all users
 pub fn list_users(
@@ -106,6 +110,9 @@ pub fn list_users(
             },
         },
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Create new user.
 pub fn create_user(userid: String, password: Option<String>, param: Value) -> Result<(), Error> {
@@ -146,6 +153,9 @@ pub fn create_user(userid: String, password: Option<String>, param: Value) -> Re
         description: "The user configuration (with config digest).",
         type: user::User,
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// Read user configuration data.
 pub fn read_user(userid: String) -> Result<Value, Error> {
@@ -197,6 +207,9 @@ pub fn read_user(userid: String) -> Result<Value, Error> {
             },
         },
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Update user configuration.
 pub fn update_user(
@@ -276,6 +289,9 @@ pub fn update_user(
             },
         },
     },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Remove a user from the configuration file.
 pub fn delete_user(userid: String, digest: Option<String>) -> Result<(), Error> {