proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-08-16 23:29:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add permission checks on openvz API

Browse Source
This commit is contained in:
Dietmar Maurer 2012-02-06 11:51:06 +01:00
parent 4412265f02
commit 85dc4bf710
1 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
PVE/API2/OpenVZ.pm
View File

@ -64,6 +64,10 @@ __PACKAGE__->register_method({
path => '', path => '',
method => 'GET', method => 'GET',
description => "OpenVZ container index (per node).", description => "OpenVZ container index (per node).",
permissions => {
description => "Only list VMs where you have VM.Audit permissons on /vms/<vmid>.",
user => 'all',
},
proxyto => 'node', proxyto => 'node',
protected => 1, # openvz proc files are only readable by root protected => 1, # openvz proc files are only readable by root
parameters => { parameters => {
@ -83,10 +87,22 @@ __PACKAGE__->register_method({
code => sub { code => sub {
my ($param) = @_; my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $vmstatus = PVE::OpenVZ::vmstatus(); my $vmstatus = PVE::OpenVZ::vmstatus();
return PVE::RESTHandler::hash_to_array($vmstatus, 'vmid'); my $res = [];
foreach my $vmid (keys %$vmstatus) {
next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Audit' ], 1);
my $data = $vmstatus->{$vmid};
$data->{vmid} = $vmid;
push @$res, $data;
}
return $res;
}}); }});
my $restore_openvz = sub { my $restore_openvz = sub {
@ -404,6 +420,9 @@ __PACKAGE__->register_method({
method => 'GET', method => 'GET',
proxyto => 'node', proxyto => 'node',
description => "Directory index", description => "Directory index",
permissions => {
user => 'all',
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -597,6 +616,9 @@ __PACKAGE__->register_method({
method => 'GET', method => 'GET',
proxyto => 'node', proxyto => 'node',
description => "Get container configuration.", description => "Get container configuration.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -672,6 +694,9 @@ __PACKAGE__->register_method({
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
description => "Destroy the container (also delete all uses files).", description => "Destroy the container (also delete all uses files).",
permissions => {
check => [ 'perm', '/vms/{vmid}', ['VM.Allocate']],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -796,6 +821,9 @@ __PACKAGE__->register_method({
method => 'GET', method => 'GET',
proxyto => 'node', proxyto => 'node',
description => "Directory index", description => "Directory index",
permissions => {
user => 'all',
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -836,6 +864,9 @@ __PACKAGE__->register_method({
proxyto => 'node', proxyto => 'node',
protected => 1, # openvz /proc entries are only readable by root protected => 1, # openvz /proc entries are only readable by root
description => "Get virtual machine status.", description => "Get virtual machine status.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -870,6 +901,9 @@ __PACKAGE__->register_method({
proxyto => 'node', proxyto => 'node',
protected => 1, # openvz /proc entries are only readable by root protected => 1, # openvz /proc entries are only readable by root
description => "Get container user_beancounters.", description => "Get container user_beancounters.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -911,6 +945,9 @@ __PACKAGE__->register_method({
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
description => "Start the container.", description => "Start the container.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -956,6 +993,9 @@ __PACKAGE__->register_method({
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
description => "Stop the container.", description => "Stop the container.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -1002,6 +1042,9 @@ __PACKAGE__->register_method({
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
description => "Shutdown the container.", description => "Shutdown the container.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.PowerMgmt' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {
@ -1075,6 +1118,9 @@ __PACKAGE__->register_method({
protected => 1, protected => 1,
proxyto => 'node', proxyto => 'node',
description => "Migrate the container to another node. Creates a new migration task.", description => "Migrate the container to another node. Creates a new migration task.",
permissions => {
check => ['perm', '/vms/{vmid}', [ 'VM.Migrate' ]],
},
parameters => { parameters => {
additionalProperties => 0, additionalProperties => 0,
properties => { properties => {