From: Lukas Wagner <l.wagner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v5 pve-manager 08/30] api: notification: add api routes for groups
Date: Wed, 26 Jul 2023 11:49:40 +0200 [thread overview]
Message-ID: <20230726095002.325276-9-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230726095002.325276-1-l.wagner@proxmox.com>
The Perl part of the API methods primarily defines the API schema,
checks for any needed priviledges and then calls the actual Rust
implementation exposed via perlmod. Any errors returned by the Rust code
are translated into PVE::Exception, so that the API call fails with the
correct HTTP error code.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
Notes:
Changes since v4:
- Explain the changes a bit more in the commit message
- Factor out permission checks into a common helper
- Minor code style improvements
PVE/API2/Cluster/Notifications.pm | 263 ++++++++++++++++++++++++++++++
1 file changed, 263 insertions(+)
diff --git a/PVE/API2/Cluster/Notifications.pm b/PVE/API2/Cluster/Notifications.pm
index 1efebbc1..55dd650d 100644
--- a/PVE/API2/Cluster/Notifications.pm
+++ b/PVE/API2/Cluster/Notifications.pm
@@ -42,6 +42,24 @@ sub raise_api_error {
die $exc;
}
+sub filter_entities_by_privs {
+ my ($rpcenv, $entities) = @_;
+ my $authuser = $rpcenv->get_user();
+
+ my $can_see_mapping_privs = ['Mapping.Modify', 'Mapping.Use', 'Mapping.Audit'];
+
+ my $filtered = [grep {
+ $rpcenv->check_any(
+ $authuser,
+ "/mapping/notification/$_->{name}",
+ $can_see_mapping_privs,
+ 1
+ )
+ } @$entities];
+
+ return $filtered;
+}
+
__PACKAGE__->register_method ({
name => 'index',
path => '',
@@ -62,10 +80,255 @@ __PACKAGE__->register_method ({
},
code => sub {
my $result = [
+ { name => 'groups' },
];
return $result;
}
});
+my $group_properties = {
+ name => {
+ description => 'Name of the group.',
+ type => 'string',
+ format => 'pve-configid',
+ },
+ 'endpoint' => {
+ type => 'array',
+ items => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ description => 'List of included endpoints',
+ },
+ 'comment' => {
+ description => 'Comment',
+ type => 'string',
+ optional => 1,
+ },
+ filter => {
+ description => 'Name of the filter that should be applied.',
+ type => 'string',
+ format => 'pve-configid',
+ optional => 1,
+ },
+};
+
+__PACKAGE__->register_method ({
+ name => 'get_groups',
+ path => 'groups',
+ method => 'GET',
+ description => 'Returns a list of all groups',
+ protected => 1,
+ permissions => {
+ description => "Only lists entries where you have 'Mapping.Modify', 'Mapping.Use' or"
+ . " 'Mapping.Audit' permissions on '/mapping/notification/<name>'.",
+ user => 'all',
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => 'object',
+ properties => $group_properties,
+ },
+ links => [ { rel => 'child', href => '{name}' } ],
+ },
+ code => sub {
+ my $config = PVE::Notify::read_config();
+ my $rpcenv = PVE::RPCEnvironment::get();
+
+ my $entities = eval {
+ $config->get_groups();
+ };
+ raise_api_error($@) if $@;
+
+ return filter_entities_by_privs($rpcenv, $entities);
+ }
+});
+
+__PACKAGE__->register_method ({
+ name => 'get_group',
+ path => 'groups/{name}',
+ method => 'GET',
+ description => 'Return a specific group',
+ protected => 1,
+ permissions => {
+ check => ['or',
+ ['perm', '/mapping/notification/{name}', ['Mapping.Modify']],
+ ['perm', '/mapping/notification/{name}', ['Mapping.Audit']],
+ ],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ name => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ }
+ },
+ returns => {
+ type => 'object',
+ properties => {
+ %$group_properties,
+ digest => get_standard_option('pve-config-digest'),
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+ my $name = extract_param($param, 'name');
+
+ my $config = PVE::Notify::read_config();
+
+ my $group = eval {
+ $config->get_group($name)
+ };
+
+ raise_api_error($@) if $@;
+ $group->{digest} = $config->digest();
+
+ return $group;
+ }
+});
+
+__PACKAGE__->register_method ({
+ name => 'create_group',
+ path => 'groups',
+ protected => 1,
+ method => 'POST',
+ description => 'Create a new group',
+ permissions => {
+ check => ['perm', '/mapping/notification', ['Mapping.Modify']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => $group_properties,
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $name = extract_param($param, 'name');
+ my $endpoint = extract_param($param, 'endpoint');
+ my $comment = extract_param($param, 'comment');
+ my $filter = extract_param($param, 'filter');
+
+ eval {
+ PVE::Notify::lock_config(sub {
+ my $config = PVE::Notify::read_config();
+
+ $config->add_group(
+ $name,
+ $endpoint,
+ $comment,
+ $filter,
+ );
+
+ PVE::Notify::write_config($config);
+ });
+ };
+
+ raise_api_error($@) if $@;
+ return;
+ }
+});
+
+__PACKAGE__->register_method ({
+ name => 'update_group',
+ path => 'groups/{name}',
+ protected => 1,
+ method => 'PUT',
+ description => 'Update existing group',
+ permissions => {
+ check => ['perm', '/mapping/notification/{name}', ['Mapping.Modify']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ %{ make_properties_optional($group_properties) },
+ delete => {
+ type => 'array',
+ items => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ optional => 1,
+ description => 'A list of settings you want to delete.',
+ },
+ digest => get_standard_option('pve-config-digest'),
+ },
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ my $name = extract_param($param, 'name');
+ my $endpoint = extract_param($param, 'endpoint');
+ my $comment = extract_param($param, 'comment');
+ my $filter = extract_param($param, 'filter');
+ my $digest = extract_param($param, 'digest');
+ my $delete = extract_param($param, 'delete');
+
+ eval {
+ PVE::Notify::lock_config(sub {
+ my $config = PVE::Notify::read_config();
+
+ $config->update_group(
+ $name,
+ $endpoint,
+ $comment,
+ $filter,
+ $delete,
+ $digest,
+ );
+
+ PVE::Notify::write_config($config);
+ });
+ };
+
+ raise_api_error($@) if $@;
+ return;
+ }
+});
+
+__PACKAGE__->register_method ({
+ name => 'delete_group',
+ protected => 1,
+ path => 'groups/{name}',
+ method => 'DELETE',
+ description => 'Remove group',
+ permissions => {
+ check => ['perm', '/mapping/notification/{name}', ['Mapping.Modify']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ name => {
+ type => 'string',
+ format => 'pve-configid',
+ },
+ }
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+ my $name = extract_param($param, 'name');
+
+ eval {
+ PVE::Notify::lock_config(sub {
+ my $config = PVE::Notify::read_config();
+ $config->delete_group($name);
+ PVE::Notify::write_config($config);
+ });
+ };
+
+ raise_api_error($@) if $@;
+ return;
+ }
+});
+
1;
--
2.39.2
next prev parent reply other threads:[~2023-07-26 9:50 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-26 9:49 [pve-devel] [PATCH v5 many 00/30] fix #4156: introduce new notification system Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-ha-manager 01/30] manager: send notifications via new notification module Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 02/30] d/control: add dependency to `libpve-notify-perl` Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 03/30] vzdump: send notifications via new notification module Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 04/30] test: rename mail_test.pl to vzdump_notification_test.pl Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 05/30] api: apt: send notification via new notification module Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 06/30] api: replication: send notifications " Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 07/30] api: prepare api handler module for notification config Lukas Wagner
2023-07-26 9:49 ` Lukas Wagner [this message]
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 09/30] api: notification: add api routes for sendmail endpoints Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 10/30] api: notification: add api routes for gotify endpoints Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 11/30] api: notification: add api routes for filters Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 12/30] api: notification: allow fetching notification targets Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 13/30] api: notification: allow to test targets Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 14/30] api: notification: disallow removing targets if they are used Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 15/30] ui: backup: allow to select notification target for jobs Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 16/30] ui: backup: adapt backup job details to new notification params Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 17/30] ui: backup: allow to set notification-target for one-off backups Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 18/30] ui: allow to configure notification event -> target mapping Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 19/30] ui: add notification target configuration panel Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 20/30] ui: perm path: add ACL paths for notifications, usb and pci mappings Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 21/30] ui: perm path: increase width of the perm path selector combobox Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 22/30] ui: dc: remove notify key from datacenter option view Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 23/30] vzdump: use <name> as a convention for virtual endpoints/groups Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 pve-manager 24/30] api: notification: make the 'mail-to-root' target visible to any user Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 proxmox-widget-toolkit 25/30] notification: add gui for sendmail notification endpoints Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 proxmox-widget-toolkit 26/30] notification: add gui for gotify " Lukas Wagner
2023-07-26 9:49 ` [pve-devel] [PATCH v5 proxmox-widget-toolkit 27/30] notification: add gui for notification groups Lukas Wagner
2023-07-26 9:50 ` [pve-devel] [PATCH v5 proxmox-widget-toolkit 28/30] notification: allow to select filter for notification targets Lukas Wagner
2023-07-26 9:50 ` [pve-devel] [PATCH v5 proxmox-widget-toolkit 29/30] notification: add ui for managing notification filters Lukas Wagner
2023-07-26 9:50 ` [pve-devel] [PATCH v5 pve-docs 30/30] add documentation for the new notification system Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230726095002.325276-9-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox