Wolfgang Bumiller
ea1853a17b
api2/access/user: drop Option, treat empty Vec as None
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-10-29 15:17:54 +01:00
Fabian Grünbichler
b2da7fbd1c
acls: allow viewing/editing user's token ACLs
...
even for otherwise unprivileged users.
since effective privileges of an API token are always intersected with
those of their owning user, this does not allow an unprivileged user to
elevate their privileges in practice, but avoids the need to involve a
privileged user to deploy API tokens.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
6746bbb1a2
api: allow listing users + tokens
...
since it's not possible to extend existing structs, UserWithTokens
duplicates most of user::User.. to avoid duplicating user::ApiToken as
well, this returns full API token IDs, not just the token name part.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
942078c40b
api: add API token endpoints
...
beneath the user endpoint.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
e6dc35acb8
replace Userid with Authid
...
in most generic places. this is accompanied by a change in
RpcEnvironment to purposefully break existing call sites.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:11:39 +01:00
Dietmar Maurer
b56c111e93
depend on proxmox 0.4.2
2020-09-28 10:50:44 +02:00
Fabian Grünbichler
be3bd0f90b
fix #3015 : allow user self-service
...
listing, updating or deleting a user is now possible for the user
itself, in addition to higher-privileged users that have appropriate
privileges on '/access/users'.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-09-18 15:45:11 +02:00
Fabian Grünbichler
3c053adbb5
role api: fix description
...
wrongly copy-pasted at some point
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-09-18 14:55:00 +02:00
Wolfgang Bumiller
e7cb4dc50d
introduce Username, Realm and Userid api types
...
and begin splitting up types.rs as it has grown quite large
already
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-10 12:05:01 +02:00
Wolfgang Bumiller
98c259b4c1
remove timer and lock functions, fix building with proxmox 0.3.2
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-04 11:33:02 +02:00
Dominik Csapak
2882c881e9
api2/access/acl: add path and exact parameter to list_acl
...
so that we can get only a subset of the acls, filtered by the backed
also return the digest here
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:44:36 +02:00
Dominik Csapak
12e3895399
api2/access/acl: make update_acl a protected api call
...
since we want to set the owner of the acl config to 'root'
which is only possible when using a protected api call
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:22:41 +02:00
Dominik Csapak
11b6391c83
add 'exact' parameter to extract_acl_node_data
...
so that we can return acls for a single path
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:22:10 +02:00
Dominik Csapak
b05672579e
api2/roles: change return field of role to roleid
...
to be compatible with the pve api
with this, we can reuse the ui parts (RoleSelector)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:21:47 +02:00
Dominik Csapak
5160c0e986
api2/acl: add privs array to roles
...
so that an admin can see which roles have which privileges
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:21:37 +02:00
Dietmar Maurer
0fafac2492
src/api2/access/user.rs: remove useless description
...
The description is not used at all if we refer to a type.
2020-05-20 11:27:58 +02:00
Dietmar Maurer
7d4e362993
depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code
2020-05-19 12:58:46 +02:00
Dominik Csapak
522c0da0a0
use new 'id_property' for user::User and use it in api calls
...
this allows us to return a user::User (or Vec<> of it)
instead of a generic serde value
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-19 09:33:56 +02:00
Dietmar Maurer
74c08a5782
use reasonable acl paths
2020-04-30 09:30:00 +02:00
Dietmar Maurer
bc0d03885c
use proxmox 0.1.25, use new EnumEntry feature
2020-04-29 13:01:24 +02:00
Wolfgang Bumiller
f7d4e4b506
switch from failure to anyhow
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-17 18:43:30 +02:00
Dietmar Maurer
5972def5ec
acl: change path "storage" to "datastore"
2020-04-17 14:15:44 +02:00
Dietmar Maurer
aa90ced3bf
src/api2/access/role.rs: use schema ACL_ROLE_SCHEMA
2020-04-17 14:14:06 +02:00
Dietmar Maurer
ca257c8097
move type defs from src/api2/access/acl.rs to src/api2/types.rs
2020-04-17 14:13:15 +02:00
Dietmar Maurer
3fff55b293
src/api2/access/role.rs: new api to list roles
2020-04-17 14:03:24 +02:00
Dietmar Maurer
4f66423fcc
src/api2/access/user.rs: add access permissions
2020-04-17 11:04:36 +02:00
Dietmar Maurer
d4f020f4c5
src/api2/access/user.rs: add access permissions
2020-04-17 10:08:45 +02:00
Dietmar Maurer
d28ddb8e04
src/api2/access/acl.rs: add access permissions
2020-04-17 10:03:09 +02:00
Dietmar Maurer
4b40148caa
start impl. access permissions
2020-04-16 12:47:16 +02:00
Dietmar Maurer
109d7817cd
src/config/user.rs - cached_config: do not store/return digest
2020-04-15 11:35:57 +02:00
Dietmar Maurer
9c06f6c292
fix previous commit - use result.
2020-04-14 17:48:10 +02:00
Dietmar Maurer
9f4e47dd93
acl update: check path
2020-04-14 17:23:48 +02:00
Dietmar Maurer
d83175dd69
acl update: check if user exist.
2020-04-14 13:46:27 +02:00
Dietmar Maurer
9765092ede
acl api: implement update
2020-04-14 10:16:49 +02:00
Dietmar Maurer
ed3e60ae69
start ACL api
2020-04-13 11:09:44 +02:00
Dietmar Maurer
879546aff6
api: add default property to domain list
2020-04-09 13:35:08 +02:00
Dietmar Maurer
708db4b3ae
api: add list_domains
2020-04-09 11:36:45 +02:00
Dietmar Maurer
685e13347e
api: move config/user to access/users, implement change_password
...
To make it similar to the pve api
2020-04-09 10:21:24 +02:00