From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <f.gruenbichler@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 0635B60A6F
for <pbs-devel@lists.proxmox.com>; Mon, 19 Oct 2020 09:40:45 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id F16D129BC2
for <pbs-devel@lists.proxmox.com>; Mon, 19 Oct 2020 09:40:14 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[212.186.127.180])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id 33DC929B13
for <pbs-devel@lists.proxmox.com>; Mon, 19 Oct 2020 09:40:14 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id F2BD345E01
for <pbs-devel@lists.proxmox.com>; Mon, 19 Oct 2020 09:40:13 +0200 (CEST)
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Mon, 19 Oct 2020 09:39:19 +0200
Message-Id: <20201019073919.588521-16-f.gruenbichler@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20201019073919.588521-1-f.gruenbichler@proxmox.com>
References: <20201019073919.588521-1-f.gruenbichler@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.030 Adjusted score from AWL reputation of From: address
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/,
medium trust
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [RFC proxmox-backup 15/15] manager: add user
permissions command
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 07:40:45 -0000
useful for debugging complex ACL setups.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
src/bin/proxmox_backup_manager/user.rs | 69 +++++++++++++++++++++++++-
1 file changed, 68 insertions(+), 1 deletion(-)
diff --git a/src/bin/proxmox_backup_manager/user.rs b/src/bin/proxmox_backup_manager/user.rs
index 31f74396..f4aa4220 100644
--- a/src/bin/proxmox_backup_manager/user.rs
+++ b/src/bin/proxmox_backup_manager/user.rs
@@ -1,12 +1,14 @@
use anyhow::Error;
use serde_json::Value;
+use std::collections::HashMap;
+
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
use proxmox_backup::config;
use proxmox_backup::tools;
use proxmox_backup::api2;
-use proxmox_backup::api2::types::PROXMOX_USER_ID_SCHEMA;
+use proxmox_backup::api2::types::{ACL_PATH_SCHEMA, PROXMOX_USER_OR_TOKEN_ID_SCHEMA, PROXMOX_USER_ID_SCHEMA};
#[api(
input: {
@@ -91,6 +93,64 @@ fn list_tokens(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, E
}
+#[api(
+ input: {
+ properties: {
+ "output-format": {
+ schema: OUTPUT_FORMAT,
+ optional: true,
+ },
+ userid: {
+ schema: PROXMOX_USER_OR_TOKEN_ID_SCHEMA,
+ },
+ path: {
+ schema: ACL_PATH_SCHEMA,
+ optional: true,
+ },
+ }
+ }
+)]
+/// List permissions of user/token.
+fn list_permissions(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {
+
+ let output_format = get_output_format(¶m);
+
+ let info = &api2::access::API_METHOD_LIST_PERMISSIONS;
+ let mut data = match info.handler {
+ ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,
+ _ => unreachable!(),
+ };
+
+ if output_format == "text" {
+ println!("Privileges with (*) have the propagate flag set\n");
+ let data:HashMap<String, HashMap<String, bool>> = serde_json::from_value(data)?;
+ let mut paths:Vec<String> = data.keys().cloned().collect();
+ paths.sort_unstable();
+ for path in paths {
+ println!("Path: {}", path);
+ let priv_map = data.get(&path).unwrap();
+ let mut privs:Vec<String> = priv_map.keys().cloned().collect();
+ if privs.is_empty() {
+ println!("- NoAccess");
+ } else {
+ privs.sort_unstable();
+ for privilege in privs {
+ if *priv_map.get(&privilege).unwrap() {
+ println!("- {} (*)", privilege);
+ } else {
+ println!("- {}", privilege);
+ }
+ }
+ }
+ }
+ } else {
+ format_and_print_result(&mut data, &output_format);
+ }
+
+ Ok(Value::Null)
+}
+
+
pub fn user_commands() -> CommandLineInterface {
let cmd_def = CliCommandMap::new()
@@ -131,6 +191,13 @@ pub fn user_commands() -> CommandLineInterface {
.arg_param(&["userid", "tokenname"])
.completion_cb("userid", config::user::complete_user_name)
.completion_cb("tokenname", config::user::complete_token_name)
+ )
+ .insert(
+ "permissions",
+ CliCommand::new(&&API_METHOD_LIST_PERMISSIONS)
+ .arg_param(&["userid"])
+ .completion_cb("userid", config::user::complete_userid)
+ .completion_cb("path", config::datastore::complete_acl_path)
);
cmd_def.into()
--
2.20.1