public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Dominik Csapak" <d.csapak@proxmox.com>
Cc: Proxmox Datacenter Manager development discussion
	<pdm-devel@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager v3 03/18] server: api: implement CRUD api for views
Date: Mon, 17 Nov 2025 15:58:57 +0100	[thread overview]
Message-ID: <DEB24OWBCAHW.2MNGDIHSRITEM@proxmox.com> (raw)
In-Reply-To: <20251117125041.1931382-4-d.csapak@proxmox.com>

comments in-line.

On Mon Nov 17, 2025 at 1:44 PM CET, Dominik Csapak wrote:
> namely list/read/update/delete api calls in `/config/views` api
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
>  server/src/api/config/mod.rs   |   2 +
>  server/src/api/config/views.rs | 254 +++++++++++++++++++++++++++++++++
>  2 files changed, 256 insertions(+)
>  create mode 100644 server/src/api/config/views.rs
>
> diff --git a/server/src/api/config/mod.rs b/server/src/api/config/mod.rs
> index 7b58c756..8f646c15 100644
> --- a/server/src/api/config/mod.rs
> +++ b/server/src/api/config/mod.rs
> @@ -6,6 +6,7 @@ pub mod access;
>  pub mod acme;
>  pub mod certificate;
>  pub mod notes;
> +pub mod views;
>
>  #[sortable]
>  const SUBDIRS: SubdirMap = &sorted!([
> @@ -13,6 +14,7 @@ const SUBDIRS: SubdirMap = &sorted!([
>      ("acme", &acme::ROUTER),
>      ("certificate", &certificate::ROUTER),
>      ("notes", &notes::ROUTER),
> +    ("views", &views::ROUTER)
>  ]);
>
>  pub const ROUTER: Router = Router::new()
> diff --git a/server/src/api/config/views.rs b/server/src/api/config/views.rs
> new file mode 100644
> index 00000000..8c5a1d29
> --- /dev/null
> +++ b/server/src/api/config/views.rs
> @@ -0,0 +1,254 @@
> +use anyhow::Error;
> +
> +use proxmox_access_control::CachedUserInfo;
> +use proxmox_config_digest::ConfigDigest;
> +use proxmox_router::{http_bail, http_err, Permission, Router, RpcEnvironment};
> +use proxmox_schema::{api, param_bail};
> +
> +use pdm_api_types::{
> +    views::{ViewConfig, ViewConfigEntry, ViewConfigUpdater},
> +    PRIV_RESOURCE_AUDIT, PRIV_RESOURCE_MODIFY,
> +};
> +use serde::{Deserialize, Serialize};

tiny nit: this should be sorted with anyhow in a block and the imports
from pdm_api_types::views should get their own `use` statement.

> +
> +const VIEW_ROUTER: Router = Router::new()
> +    .put(&API_METHOD_UPDATE_VIEW)
> +    .delete(&API_METHOD_REMOVE_VIEW)
> +    .get(&API_METHOD_READ_VIEW);
> +
> +pub const ROUTER: Router = Router::new()
> +    .get(&API_METHOD_GET_VIEWS)
> +    .post(&API_METHOD_ADD_VIEW)
> +    .match_all("id", &VIEW_ROUTER);
> +
> +#[api(
> +    protected: true,
> +    access: {
> +        permission: &Permission::Anybody,
> +        description: "Returns the views the user has access to.",
> +    },
> +    returns: {
> +        description: "List of views.",
> +        type: Array,
> +        items: {
> +            type: String,
> +            description: "The name of a view."
> +        },
> +    },
> +)]
> +/// List views.
> +pub fn get_views(rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<ViewConfig>, Error> {
> +    let (config, _) = pdm_config::views::config()?;
> +
> +    let user_info = CachedUserInfo::new()?;
> +    let auth_id = rpcenv.get_auth_id().unwrap().parse()?;
> +    let top_level_allowed = 0 != user_info.lookup_privs(&auth_id, &["view"]);

hm this is a little weird. you check if the user has *any* privileges on
the top level. so this would be true even if the privilege in question
is `SYS_AUDIT` or similar. currently the roles that we have, bundle all
auditing privileges in all roles, but that might change. so i think this
should be:

let top_level_allowed = user_info
    .check_privs(&auth_id, &["view"], PRIV_RESOURCE_AUDIT, false)
    .is_ok()

correct me if im wrong, though.

> +
> +    let views: Vec<ViewConfig> = config
> +        .into_iter()
> +        .filter_map(|(view, value)| {
> +            if !top_level_allowed
> +                && user_info
> +                    .check_privs(&auth_id, &["view", &view], PRIV_RESOURCE_AUDIT, false)
> +                    .is_err()
> +            {
> +                return None;
> +            };
> +            match value {
> +                ViewConfigEntry::View(conf) => Some(conf),
> +            }
> +        })
> +        .collect();
> +
> +    Ok(views)
> +}
> +
> +#[api(
> +    protected: true,
> +    input: {
> +        properties: {
> +            view: {
> +                flatten: true,
> +                type: ViewConfig,
> +            },
> +            digest: {
> +                type: ConfigDigest,
> +                optional: true,
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["view"], PRIV_RESOURCE_MODIFY, false),
> +    },
> +)]
> +/// Add new view

nit: should probably end in a period.

> +pub fn add_view(view: ViewConfig, digest: Option<ConfigDigest>) -> Result<(), Error> {
> +    let _lock = pdm_config::views::lock_config()?;
> +
> +    let (mut config, config_digest) = pdm_config::views::config()?;
> +
> +    config_digest.detect_modification(digest.as_ref())?;
> +
> +    let id = view.id.clone();
> +
> +    if let Some(ViewConfigEntry::View(_)) = config.insert(id.clone(), ViewConfigEntry::View(view)) {
> +        param_bail!("id", "view '{}' already exists.", id)
> +    }
> +
> +    pdm_config::views::save_config(&config)?;
> +
> +    Ok(())
> +}
> +
> +#[api()]
> +#[derive(Serialize, Deserialize)]
> +#[serde(rename_all = "kebab-case")]
> +/// Deletable property name
> +pub enum DeletableProperty {
> +    /// Delete the include filters.
> +    Include,
> +    /// Delete the exclude filters.
> +    Exclude,
> +    /// Delete the layout.
> +    Layout,
> +}
> +
> +#[api(
> +    protected: true,
> +    input: {
> +        properties: {
> +            id: {
> +                type: String,
> +                description: "",
> +            },
> +            view: {
> +                flatten: true,
> +                type: ViewConfigUpdater,
> +            },
> +            delete: {
> +                description: "List of properties to delete.",
> +                type: Array,
> +                optional: true,
> +                items: {
> +                    type: DeletableProperty,
> +                }
> +            },
> +            digest: {
> +                type: ConfigDigest,
> +                optional: true,
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["view", "{id}"], PRIV_RESOURCE_MODIFY, false),
> +    },
> +)]
> +/// Update View

nit: same here

> +pub fn update_view(
> +    id: String,
> +    view: ViewConfigUpdater,
> +    delete: Option<Vec<DeletableProperty>>,
> +    digest: Option<ConfigDigest>,
> +) -> Result<(), Error> {
> +    let _lock = pdm_config::views::lock_config()?;
> +
> +    let (mut config, config_digest) = pdm_config::views::config()?;
> +
> +    config_digest.detect_modification(digest.as_ref())?;
> +
> +    let entry = config
> +        .get_mut(&id)
> +        .ok_or_else(|| http_err!(NOT_FOUND, "no such remote {id}"))?;
> +
> +    let ViewConfigEntry::View(conf) = entry;
> +
> +    if let Some(delete) = delete {
> +        for delete_prop in delete {
> +            match delete_prop {
> +                DeletableProperty::Include => conf.include = Vec::new(),
> +                DeletableProperty::Exclude => conf.exclude = Vec::new(),
> +                DeletableProperty::Layout => conf.layout = String::new(),
> +            }
> +        }
> +    }
> +
> +    if let Some(include) = view.include {
> +        conf.include = include;
> +    }
> +
> +    if let Some(exclude) = view.exclude {
> +        conf.exclude = exclude;
> +    }
> +
> +    if let Some(layout) = view.layout {
> +        conf.layout = layout;
> +    }
> +
> +    pdm_config::views::save_config(&config)?;
> +
> +    Ok(())
> +}
> +
> +#[api(
> +    protected: true,
> +    input: {
> +        properties: {
> +            id: {
> +                type: String,
> +                description: "",
> +            },
> +            digest: {
> +                type: ConfigDigest,
> +                optional: true,
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["view"], PRIV_RESOURCE_MODIFY, false),
> +    },
> +)]
> +/// Delete the view with the given id.
> +pub fn remove_view(id: String, digest: Option<ConfigDigest>) -> Result<(), Error> {
> +    let _lock = pdm_config::views::lock_config()?;
> +
> +    let (mut config, config_digest) = pdm_config::views::config()?;
> +
> +    config_digest.detect_modification(digest.as_ref())?;
> +
> +    match config.remove(&id) {
> +        Some(ViewConfigEntry::View(_)) => {}
> +        None => http_bail!(NOT_FOUND, "view '{id}' does not exist."),
> +    }
> +
> +    pdm_config::views::save_config(&config)?;
> +
> +    Ok(())
> +}
> +
> +#[api(
> +    input: {
> +        properties: {
> +            id: {
> +                type: String,
> +                description: "",
> +            },
> +        },
> +    },
> +    access: {
> +        permission: &Permission::Privilege(&["view", "{id}"], PRIV_RESOURCE_AUDIT, false),
> +    },
> +)]
> +/// Get the config of a single view.
> +pub fn read_view(id: String) -> Result<ViewConfig, Error> {
> +    let (config, _) = pdm_config::views::config()?;
> +
> +    let view = config
> +        .get(&id)
> +        .ok_or_else(|| http_err!(NOT_FOUND, "no such view '{id}'"))?;
> +
> +    let view = match view {
> +        ViewConfigEntry::View(view) => view.clone(),
> +    };
> +
> +    Ok(view)
> +}



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel


  reply	other threads:[~2025-11-17 14:59 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-17 12:44 [pdm-devel] [PATCH datacenter-manager v3 00/18] enable custom views on the UI Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 01/18] lib: pdm-config: views: add locking/saving methods Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 02/18] lib: api-types: add 'layout' property to ViewConfig Dominik Csapak
2025-11-17 14:58   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 03/18] server: api: implement CRUD api for views Dominik Csapak
2025-11-17 14:58   ` Shannon Sterz [this message]
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 04/18] server: api: resources: add 'view' category to search syntax Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 05/18] ui: remote selector: allow forcing of value Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 06/18] ui: dashboard types: add missing 'default' to de-serialization Dominik Csapak
2025-11-17 14:59   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 07/18] ui: dashboard: status row: add optional 'editing state' Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 08/18] ui: dashboard: prepare view for editing custom views Dominik Csapak
2025-11-17 14:59   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 09/18] ui: views: implement view loading from api Dominik Csapak
2025-11-17 14:59   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 10/18] ui: views: make 'view' name property optional Dominik Csapak
2025-11-17 14:59   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 11/18] ui: views: add 'view' parameter to api calls Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 12/18] ui: views: save updated layout to backend Dominik Csapak
2025-11-17 15:00   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 13/18] ui: add view list context Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 14/18] ui: configuration: add view CRUD panels Dominik Csapak
2025-11-17 15:00   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 15/18] ui: main menu: add optional view_list property Dominik Csapak
2025-11-17 15:01   ` Shannon Sterz
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 16/18] ui: load view list on page init Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 17/18] lib/ui: move views types to pdm-api-types Dominik Csapak
2025-11-17 12:44 ` [pdm-devel] [PATCH datacenter-manager v3 18/18] server: api: views: check layout string for validity Dominik Csapak
2025-11-17 15:03 ` [pdm-devel] [PATCH datacenter-manager v3 00/18] enable custom views on the UI Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DEB24OWBCAHW.2MNGDIHSRITEM@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=d.csapak@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal