From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 55FE662E0B for ; Wed, 28 Oct 2020 12:37:21 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 53D1D1ED23 for ; Wed, 28 Oct 2020 12:37:21 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id CA1031ED19 for ; Wed, 28 Oct 2020 12:37:20 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9761545E51 for ; Wed, 28 Oct 2020 12:37:20 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Wed, 28 Oct 2020 12:37:13 +0100 Message-Id: <20201028113717.827644-3-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201028113717.827644-1-f.gruenbichler@proxmox.com> References: <20201028113632.814586-1-f.gruenbichler@proxmox.com> <20201028113717.827644-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.028 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [user.rs] Subject: [pbs-devel] [PATCH proxmox-backup 12/16] manager: add user permissions command X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2020 11:37:21 -0000 useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler --- src/bin/proxmox_backup_manager/user.rs | 69 +++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/src/bin/proxmox_backup_manager/user.rs b/src/bin/proxmox_backup_manager/user.rs index 00749cee..b1887f4e 100644 --- a/src/bin/proxmox_backup_manager/user.rs +++ b/src/bin/proxmox_backup_manager/user.rs @@ -1,12 +1,14 @@ use anyhow::Error; use serde_json::Value; +use std::collections::HashMap; + use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler}; use proxmox_backup::config; use proxmox_backup::tools; use proxmox_backup::api2; -use proxmox_backup::api2::types::Userid; +use proxmox_backup::api2::types::{ACL_PATH_SCHEMA, Authid, Userid}; #[api( input: { @@ -91,6 +93,64 @@ fn list_tokens(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result Result { + + let output_format = get_output_format(¶m); + + let info = &api2::access::API_METHOD_LIST_PERMISSIONS; + let mut data = match info.handler { + ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?, + _ => unreachable!(), + }; + + if output_format == "text" { + println!("Privileges with (*) have the propagate flag set\n"); + let data:HashMap> = serde_json::from_value(data)?; + let mut paths:Vec = data.keys().cloned().collect(); + paths.sort_unstable(); + for path in paths { + println!("Path: {}", path); + let priv_map = data.get(&path).unwrap(); + let mut privs:Vec = priv_map.keys().cloned().collect(); + if privs.is_empty() { + println!("- NoAccess"); + } else { + privs.sort_unstable(); + for privilege in privs { + if *priv_map.get(&privilege).unwrap() { + println!("- {} (*)", privilege); + } else { + println!("- {}", privilege); + } + } + } + } + } else { + format_and_print_result(&mut data, &output_format); + } + + Ok(Value::Null) +} + + pub fn user_commands() -> CommandLineInterface { let cmd_def = CliCommandMap::new() @@ -131,6 +191,13 @@ pub fn user_commands() -> CommandLineInterface { .arg_param(&["userid", "tokenname"]) .completion_cb("userid", config::user::complete_userid) .completion_cb("tokenname", config::user::complete_token_name) + ) + .insert( + "permissions", + CliCommand::new(&&API_METHOD_LIST_PERMISSIONS) + .arg_param(&["auth_id"]) + .completion_cb("auth_id", config::user::complete_authid) + .completion_cb("path", config::datastore::complete_acl_path) ); cmd_def.into() -- 2.20.1