906ef6c5bd
api2/access/user: fix return type schema
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2020-10-29 15:20:10 +01:00
ea1853a17b
api2/access/user: drop Option, treat empty Vec as None
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2020-10-29 15:17:54 +01:00
b2da7fbd1c
acls: allow viewing/editing user's token ACLs
...
even for otherwise unprivileged users.
since effective privileges of an API token are always intersected with
those of their owning user, this does not allow an unprivileged user to
elevate their privileges in practice, but avoids the need to involve a
privileged user to deploy API tokens.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-10-29 15:14:27 +01:00
6746bbb1a2
api: allow listing users + tokens
...
since it's not possible to extend existing structs, UserWithTokens
duplicates most of user::User.. to avoid duplicating user::ApiToken as
well, this returns full API token IDs, not just the token name part.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-10-29 15:14:27 +01:00
942078c40b
api: add API token endpoints
...
beneath the user endpoint.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-10-29 15:14:27 +01:00
e6dc35acb8
replace Userid with Authid
...
in most generic places. this is accompanied by a change in
RpcEnvironment to purposefully break existing call sites.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-10-29 15:11:39 +01:00
b56c111e93
depend on proxmox 0.4.2
2020-09-28 10:50:44 +02:00
be3bd0f90b
fix #3015 : allow user self-service
...
listing, updating or deleting a user is now possible for the user
itself, in addition to higher-privileged users that have appropriate
privileges on '/access/users'.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-09-18 15:45:11 +02:00
3c053adbb5
role api: fix description
...
wrongly copy-pasted at some point
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2020-09-18 14:55:00 +02:00
e7cb4dc50d
introduce Username, Realm and Userid api types
...
and begin splitting up types.rs as it has grown quite large
already
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2020-08-10 12:05:01 +02:00
98c259b4c1
remove timer and lock functions, fix building with proxmox 0.3.2
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2020-08-04 11:33:02 +02:00
2882c881e9
api2/access/acl: add path and exact parameter to list_acl
...
so that we can get only a subset of the acls, filtered by the backed
also return the digest here
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-20 13:44:36 +02:00
12e3895399
api2/access/acl: make update_acl a protected api call
...
since we want to set the owner of the acl config to 'root'
which is only possible when using a protected api call
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-20 13:22:41 +02:00
11b6391c83
add 'exact' parameter to extract_acl_node_data
...
so that we can return acls for a single path
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-20 13:22:10 +02:00
b05672579e
api2/roles: change return field of role to roleid
...
to be compatible with the pve api
with this, we can reuse the ui parts (RoleSelector)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-20 13:21:47 +02:00
5160c0e986
api2/acl: add privs array to roles
...
so that an admin can see which roles have which privileges
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-20 13:21:37 +02:00
0fafac2492
src/api2/access/user.rs: remove useless description
...
The description is not used at all if we refer to a type.
2020-05-20 11:27:58 +02:00
7d4e362993
depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code
2020-05-19 12:58:46 +02:00
522c0da0a0
use new 'id_property' for user::User and use it in api calls
...
this allows us to return a user::User (or Vec<> of it)
instead of a generic serde value
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com >
2020-05-19 09:33:56 +02:00
74c08a5782
use reasonable acl paths
2020-04-30 09:30:00 +02:00
bc0d03885c
use proxmox 0.1.25, use new EnumEntry feature
2020-04-29 13:01:24 +02:00
f7d4e4b506
switch from failure to anyhow
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2020-04-17 18:43:30 +02:00
5972def5ec
acl: change path "storage" to "datastore"
2020-04-17 14:15:44 +02:00
aa90ced3bf
src/api2/access/role.rs: use schema ACL_ROLE_SCHEMA
2020-04-17 14:14:06 +02:00
ca257c8097
move type defs from src/api2/access/acl.rs to src/api2/types.rs
2020-04-17 14:13:15 +02:00
3fff55b293
src/api2/access/role.rs: new api to list roles
2020-04-17 14:03:24 +02:00
4f66423fcc
src/api2/access/user.rs: add access permissions
2020-04-17 11:04:36 +02:00
d4f020f4c5
src/api2/access/user.rs: add access permissions
2020-04-17 10:08:45 +02:00
d28ddb8e04
src/api2/access/acl.rs: add access permissions
2020-04-17 10:03:09 +02:00
4b40148caa
start impl. access permissions
2020-04-16 12:47:16 +02:00
109d7817cd
src/config/user.rs - cached_config: do not store/return digest
2020-04-15 11:35:57 +02:00
9c06f6c292
fix previous commit - use result.
2020-04-14 17:48:10 +02:00
9f4e47dd93
acl update: check path
2020-04-14 17:23:48 +02:00
d83175dd69
acl update: check if user exist.
2020-04-14 13:46:27 +02:00
9765092ede
acl api: implement update
2020-04-14 10:16:49 +02:00
ed3e60ae69
start ACL api
2020-04-13 11:09:44 +02:00
879546aff6
api: add default property to domain list
2020-04-09 13:35:08 +02:00
708db4b3ae
api: add list_domains
2020-04-09 11:36:45 +02:00
685e13347e
api: move config/user to access/users, implement change_password
...
To make it similar to the pve api
2020-04-09 10:21:24 +02:00
