src/api2/access/user.rs: add access permissions

2020-04-17 10:08:45 +02:00 · 2020-04-17 10:08:45 +02:00 · d4f020f4c5
parent d28ddb8e04
commit d4f020f4c5
1 changed files with 17 additions and 1 deletions
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@ -1,11 +1,12 @@
 use failure::*;
 use serde_json::Value;

-use proxmox::api::{api, ApiMethod, Router, RpcEnvironment};
+use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
 use proxmox::api::schema::{Schema, StringSchema};

 use crate::api2::types::*;
 use crate::config::user;
+use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};

 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
    .format(&PASSWORD_FORMAT)
@ -54,6 +55,9 @@ pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// List all users
 pub fn list_users(
@ -106,6 +110,9 @@ pub fn list_users(
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Create new user.
 pub fn create_user(userid: String, password: Option<String>, param: Value) -> Result<(), Error> {
@ -146,6 +153,9 @@ pub fn create_user(userid: String, password: Option<String>, param: Value) -> Re
        description: "The user configuration (with config digest).",
        type: user::User,
    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_AUDIT, false),
+    },
 )]
 /// Read user configuration data.
 pub fn read_user(userid: String) -> Result<Value, Error> {
@ -197,6 +207,9 @@ pub fn read_user(userid: String) -> Result<Value, Error> {
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Update user configuration.
 pub fn update_user(
@ -276,6 +289,9 @@ pub fn update_user(
            },
        },
    },
+    access: {
+        permission: &Permission::Privilege(&[], PRIV_SYS_MODIFY, false),
+    },
 )]
 /// Remove a user from the configuration file.
 pub fn delete_user(userid: String, digest: Option<String>) -> Result<(), Error> {