proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 14:18:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api: user: add realmtype to user list

Browse Source 
this makes it much easier to determine if a user can e.g.
change a password or tfa, based on realm

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2021-07-01 14:25:00 +02:00 committed by Thomas Lamprecht
parent fbf4594aaf
commit 8bb59c2612
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/PVE/API2/User.pm
View File

@ -149,7 +149,11 @@ __PACKAGE__->register_method ({
items => $token_info_extend->({
tokenid => get_standard_option('token-subid'),
}),
}
},
realmtype => {
type => 'string',
description => 'The type of the users realm',
},
},
},
links => [ { rel => 'child', href => "{userid}" } ],
@ -161,6 +165,9 @@ __PACKAGE__->register_method ({
my $usercfg = $rpcenv->{user_cfg};
my $authuser = $rpcenv->get_user();
my $domainscfg = cfs_read_file('domains.cfg');
my $domainids = $domainscfg->{ids};
my $res = [];
my $privs = [ 'User.Modify', 'Sys.Audit' ];
@ -184,6 +191,12 @@ __PACKAGE__->register_method ({
$entry->{tokens} = [ map { { tokenid => $_, %{$entry->{tokens}->{$_}} } } sort keys %{$entry->{tokens}} ]
if defined($entry->{tokens});
my (undef, undef, $realm) = PVE::AccessControl::verify_username($user, 1);
if (defined($realm) && $domainids->{$realm}) {
$entry->{realmtype} = $domainids->{$realm}->{type};
}
$entry->{userid} = $user;
push @$res, $entry;
}