@xen-orchestra/rest-api 0.28.2 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/README.md +108 -1
  2. package/dist/abstract-classes/base-controller.mjs +28 -3
  3. package/dist/abstract-classes/listener.mjs +124 -15
  4. package/dist/acl-privileges/acl-privilege.controller.mjs +172 -0
  5. package/dist/acl-roles/acl-role.controller.mjs +384 -0
  6. package/dist/alarms/alarm.controller.mjs +25 -11
  7. package/dist/alarms/alarm.service.mjs +8 -0
  8. package/dist/backup-archives/backup-archive.controller.mjs +33 -23
  9. package/dist/backup-archives/backup-archive.service.mjs +21 -0
  10. package/dist/backup-jobs/backup-job.controller.mjs +74 -25
  11. package/dist/backup-jobs/backup-job.service.mjs +7 -0
  12. package/dist/backup-logs/backup-log.controller.mjs +28 -13
  13. package/dist/backup-logs/backup-log.service.mjs +19 -0
  14. package/dist/backup-repositories/backup-repositories.controller.mjs +24 -5
  15. package/dist/events/event.class.mjs +36 -18
  16. package/dist/events/event.controller.mjs +3 -0
  17. package/dist/events/event.service.mjs +4 -4
  18. package/dist/groups/group.controller.mjs +99 -12
  19. package/dist/helpers/markdown.helper.mjs +20 -0
  20. package/dist/helpers/object-wrapper.helper.mjs +3 -3
  21. package/dist/hosts/host.controller.mjs +90 -15
  22. package/dist/ioc/ioc.mjs +13 -4
  23. package/dist/messages/message.controller.mjs +32 -10
  24. package/dist/middlewares/acl.middleware.mjs +202 -0
  25. package/dist/middlewares/authentication.middleware.mjs +15 -6
  26. package/dist/middlewares/tsoa-to-xo-error.middleware.mjs +19 -1
  27. package/dist/networks/network.controller.mjs +72 -17
  28. package/dist/open-api/oa-examples/acl-privilege.oa-example.mjs +25 -0
  29. package/dist/open-api/oa-examples/acl-role.oa-example.mjs +22 -0
  30. package/dist/open-api/oa-examples/backup-archive.oa-example.mjs +6 -6
  31. package/dist/open-api/oa-examples/common.oa-example.mjs +3 -0
  32. package/dist/open-api/routes/routes.js +856 -172
  33. package/dist/pbds/pbd.controller.mjs +20 -5
  34. package/dist/pcis/pci.controller.mjs +19 -5
  35. package/dist/pgpus/pgpu.controller.mjs +19 -5
  36. package/dist/pifs/pif.controller.mjs +56 -16
  37. package/dist/pools/pool.controller.mjs +166 -17
  38. package/dist/proxies/proxy.controller.mjs +25 -6
  39. package/dist/restore-logs/restore-log.controller.mjs +42 -23
  40. package/dist/schedules/schedule.controller.mjs +36 -5
  41. package/dist/servers/server.controller.mjs +71 -9
  42. package/dist/sms/sm.controller.mjs +17 -4
  43. package/dist/srs/sr.controller.mjs +74 -18
  44. package/dist/tasks/task.controller.mjs +74 -13
  45. package/dist/users/user.controller.mjs +124 -22
  46. package/dist/vbds/vbd.controller.mjs +76 -38
  47. package/dist/vdi-snapshots/vdi-snapshot.controller.mjs +48 -14
  48. package/dist/vdis/vdi.controller.mjs +81 -16
  49. package/dist/vifs/vif.controller.mjs +118 -16
  50. package/dist/vm-controller/vm-controller.controller.mjs +77 -19
  51. package/dist/vm-snapshots/vm-snapshot.controller.mjs +85 -18
  52. package/dist/vm-templates/vm-template.controller.mjs +86 -18
  53. package/dist/vms/vm.controller.mjs +182 -24
  54. package/open-api/spec/swagger.json +12112 -3537
  55. package/package.json +12 -11
@@ -7,10 +7,11 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Example, Get, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags } from 'tsoa';
10
+ import { Example, Get, Middlewares, Path, Post, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
- import { asynchronousActionResp, badRequestResp, featureUnauthorized, internalServerErrorResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
13
+ import { acl } from '../middlewares/acl.middleware.mjs';
14
+ import { asynchronousActionResp, badRequestResp, featureUnauthorized, forbiddenOperationResp, internalServerErrorResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
14
15
  import { partialSchedules, schedule, scheduleIds } from '../open-api/oa-examples/schedule.oa-example.mjs';
15
16
  import { taskLocation } from '../open-api/oa-examples/task.oa-example.mjs';
16
17
  import { XoController } from '../abstract-classes/xo-controller.mjs';
@@ -27,20 +28,34 @@ let ScheduleController = class ScheduleController extends XoController {
27
28
  return this.restApi.xoApp.getSchedule(id);
28
29
  }
29
30
  /**
31
+ * Returns all schedules that match the following privilege:
32
+ * - resource: schedule, action: read
33
+ *
30
34
  * @example fields "enabled,jobId,cron,id"
31
35
  * @example filter "enabled?"
32
36
  * @example limit 42
33
37
  */
34
- async getSchedules(req, fields, ndjson, filter, limit) {
35
- return this.sendObjects(Object.values(await this.getObjects({ filter, limit })), req);
38
+ async getSchedules(req, fields, ndjson, markdown, filter, limit) {
39
+ return this.sendObjects(Object.values(await this.getObjects({ filter })), req, {
40
+ limit,
41
+ privilege: { action: 'read', resource: 'schedule' },
42
+ });
36
43
  }
37
44
  /**
45
+ *
46
+ * Required privilege:
47
+ * - resource: schedule, action: read
48
+ *
38
49
  * @example id "cf7249f8-d20b-494f-97f4-b1f32f94e780"
39
50
  */
40
51
  async getSchedule(id) {
41
52
  return this.getObject(id);
42
53
  }
43
54
  /**
55
+ *
56
+ * Required privilege:
57
+ * - resource: schedule, action: run
58
+ *
44
59
  * @example id "cf7249f8-d20b-494f-97f4-b1f32f94e780"
45
60
  */
46
61
  async runSchedule(id, sync) {
@@ -62,24 +77,40 @@ __decorate([
62
77
  Example(scheduleIds),
63
78
  Example(partialSchedules),
64
79
  Get(''),
80
+ Security('*', ['acl']),
65
81
  __param(0, Request()),
66
82
  __param(1, Query()),
67
83
  __param(2, Query()),
68
84
  __param(3, Query()),
69
- __param(4, Query())
85
+ __param(4, Query()),
86
+ __param(5, Query())
70
87
  ], ScheduleController.prototype, "getSchedules", null);
71
88
  __decorate([
72
89
  Example(schedule),
73
90
  Get('{id}'),
91
+ Middlewares(acl({
92
+ resource: 'schedule',
93
+ action: 'read',
94
+ objectId: 'params.id',
95
+ getObject: ({ restApi }) => id => restApi.xoApp.getSchedule(id),
96
+ })),
97
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
74
98
  Response(notFoundResp.status, notFoundResp.description),
75
99
  __param(0, Path())
76
100
  ], ScheduleController.prototype, "getSchedule", null);
77
101
  __decorate([
78
102
  Example(taskLocation),
79
103
  Post('{id}/actions/run'),
104
+ Middlewares(acl({
105
+ resource: 'schedule',
106
+ action: 'run',
107
+ objectId: 'params.id',
108
+ getObject: ({ restApi }) => id => restApi.xoApp.getSchedule(id),
109
+ })),
80
110
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
81
111
  Response(noContentResp.status, noContentResp.description),
82
112
  Response(featureUnauthorized.status, featureUnauthorized.description),
113
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
83
114
  Response(notFoundResp.status, notFoundResp.description),
84
115
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
85
116
  __param(0, Path()),
@@ -11,7 +11,8 @@ import { Body, Delete, Example, Get, Middlewares, Path, Post, Query, Request, Re
11
11
  import { json } from 'express';
12
12
  import { inject } from 'inversify';
13
13
  import { provide } from 'inversify-binding-decorators';
14
- import { asynchronousActionResp, badRequestResp, createdResp, invalidParameters, noContentResp, notFoundResp, resourceAlreadyExists, unauthorizedResp, } from '../open-api/common/response.common.mjs';
14
+ import { acl } from '../middlewares/acl.middleware.mjs';
15
+ import { asynchronousActionResp, badRequestResp, createdResp, forbiddenOperationResp, invalidParameters, noContentResp, notFoundResp, resourceAlreadyExists, unauthorizedResp, } from '../open-api/common/response.common.mjs';
15
16
  import { partialServers, server, serverId, serverIds } from '../open-api/oa-examples/server.oa-example.mjs';
16
17
  import { partialTasks, taskIds, taskLocation } from '../open-api/oa-examples/task.oa-example.mjs';
17
18
  import { XoController } from '../abstract-classes/xo-controller.mjs';
@@ -28,26 +29,41 @@ let ServerController = class ServerController extends XoController {
28
29
  return this.restApi.xoApp.getXenServer(id);
29
30
  }
30
31
  /**
32
+ * Returns all servers that match the following privilege:
33
+ * - resource: server, action: read
34
+ *
31
35
  * @example fields "status,id"
32
36
  * @example filter "status:/^connected$/"
33
37
  * @example limit 42
34
38
  */
35
- async getServers(req, fields, ndjson, filter, limit) {
36
- return this.sendObjects(Object.values(await this.getObjects({ filter, limit })), req);
39
+ async getServers(req, fields, ndjson, markdown, filter, limit) {
40
+ return this.sendObjects(Object.values(await this.getObjects({ filter })), req, {
41
+ limit,
42
+ privilege: { action: 'read', resource: 'server' },
43
+ });
37
44
  }
38
45
  /**
46
+ * Required privilege:
47
+ * - resource: server, action: read
48
+ *
39
49
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
40
50
  */
41
51
  getServer(id) {
42
52
  return this.getObject(id);
43
53
  }
44
54
  /**
55
+ * Required privilege:
56
+ * - resource: server, action: delete
57
+ *
45
58
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
46
59
  */
47
60
  async deleteServer(id) {
48
61
  await this.restApi.xoApp.unregisterXenServer(id);
49
62
  }
50
63
  /**
64
+ * Required privilege:
65
+ * - resource: server, action: create
66
+ *
51
67
  * @example body {
52
68
  * "allowUnauthorized": true,
53
69
  * "host": "192.168.1.10",
@@ -61,6 +77,9 @@ let ServerController = class ServerController extends XoController {
61
77
  return { id: server.id };
62
78
  }
63
79
  /**
80
+ * Required privilege:
81
+ * - resource: server, action: connect
82
+ *
64
83
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
65
84
  */
66
85
  connectServer(id, sync) {
@@ -75,6 +94,9 @@ let ServerController = class ServerController extends XoController {
75
94
  });
76
95
  }
77
96
  /**
97
+ * Required privilege:
98
+ * - resource: server, action: disconnect
99
+ *
78
100
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
79
101
  */
80
102
  disconnectServer(id, sync) {
@@ -89,43 +111,67 @@ let ServerController = class ServerController extends XoController {
89
111
  });
90
112
  }
91
113
  /**
114
+ * Returns all tasks that match the following privilege:
115
+ * - resource: task, action: read
116
+ *
92
117
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
93
118
  * @example fields "id,status,properties"
94
119
  * @example filter "status:failure"
95
120
  * @example limit 42
96
121
  */
97
- async getServerTasks(req, id, fields, ndjson, filter, limit) {
98
- const tasks = await this.getTasksForObject(id, { filter, limit });
99
- return this.sendObjects(Object.values(tasks), req, 'tasks');
122
+ async getServerTasks(req, id, fields, ndjson, markdown, filter, limit) {
123
+ const tasks = await this.getTasksForObject(id, { filter });
124
+ return this.sendObjects(Object.values(tasks), req, {
125
+ path: 'tasks',
126
+ limit,
127
+ privilege: { action: 'read', resource: 'task' },
128
+ });
100
129
  }
101
130
  };
102
131
  __decorate([
103
132
  Example(serverIds),
104
133
  Example(partialServers),
105
134
  Get(''),
135
+ Security('*', ['acl']),
106
136
  __param(0, Request()),
107
137
  __param(1, Query()),
108
138
  __param(2, Query()),
109
139
  __param(3, Query()),
110
- __param(4, Query())
140
+ __param(4, Query()),
141
+ __param(5, Query())
111
142
  ], ServerController.prototype, "getServers", null);
112
143
  __decorate([
113
144
  Example(server),
114
145
  Get('{id}'),
146
+ Middlewares(acl({
147
+ resource: 'server',
148
+ action: 'read',
149
+ objectId: 'params.id',
150
+ getObject: ({ restApi }) => restApi.xoApp.getXenServer,
151
+ })),
152
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
115
153
  Response(notFoundResp.status, notFoundResp.description),
116
154
  __param(0, Path())
117
155
  ], ServerController.prototype, "getServer", null);
118
156
  __decorate([
119
157
  Delete('{id}'),
158
+ Middlewares(acl({
159
+ resource: 'server',
160
+ action: 'delete',
161
+ objectId: 'params.id',
162
+ getObject: ({ restApi }) => restApi.xoApp.getXenServer,
163
+ })),
120
164
  SuccessResponse(noContentResp.status, noContentResp.description),
165
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
121
166
  Response(notFoundResp.status, notFoundResp.description),
122
167
  __param(0, Path())
123
168
  ], ServerController.prototype, "deleteServer", null);
124
169
  __decorate([
125
170
  Example(serverId),
126
171
  Post(''),
127
- Middlewares(json()),
172
+ Middlewares([json(), acl({ resource: 'server', action: 'create', object: ({ req }) => req.body })]),
128
173
  SuccessResponse(createdResp.status, createdResp.description),
174
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
129
175
  Response(resourceAlreadyExists.status, resourceAlreadyExists.description),
130
176
  Response(invalidParameters.status, invalidParameters.description),
131
177
  __param(0, Body())
@@ -133,8 +179,15 @@ __decorate([
133
179
  __decorate([
134
180
  Example(taskLocation),
135
181
  Post('{id}/actions/connect'),
182
+ Middlewares(acl({
183
+ resource: 'server',
184
+ action: 'connect',
185
+ objectId: 'params.id',
186
+ getObject: ({ restApi }) => restApi.xoApp.getXenServer,
187
+ })),
136
188
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
137
189
  Response(noContentResp.status, noContentResp.description),
190
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
138
191
  Response(notFoundResp.status, notFoundResp.description),
139
192
  Response(409, 'The server is already connected'),
140
193
  __param(0, Path()),
@@ -143,8 +196,15 @@ __decorate([
143
196
  __decorate([
144
197
  Example(taskLocation),
145
198
  Post('{id}/actions/disconnect'),
199
+ Middlewares(acl({
200
+ resource: 'server',
201
+ action: 'disconnect',
202
+ objectId: 'params.id',
203
+ getObject: ({ restApi }) => restApi.xoApp.getXenServer,
204
+ })),
146
205
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
147
206
  Response(noContentResp.status, noContentResp.description),
207
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
148
208
  Response(notFoundResp.status, notFoundResp.description),
149
209
  Response(409, 'The server is already disconnected'),
150
210
  __param(0, Path()),
@@ -154,6 +214,7 @@ __decorate([
154
214
  Example(taskIds),
155
215
  Example(partialTasks),
156
216
  Get('{id}/tasks'),
217
+ Security('*', ['acl']),
157
218
  Tags('tasks'),
158
219
  Response(notFoundResp.status, notFoundResp.description),
159
220
  __param(0, Request()),
@@ -161,7 +222,8 @@ __decorate([
161
222
  __param(2, Query()),
162
223
  __param(3, Query()),
163
224
  __param(4, Query()),
164
- __param(5, Query())
225
+ __param(5, Query()),
226
+ __param(6, Query())
165
227
  ], ServerController.prototype, "getServerTasks", null);
166
228
  ServerController = __decorate([
167
229
  Route('servers'),
@@ -7,9 +7,10 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Example, Get, Path, Query, Request, Response, Route, Security, Tags } from 'tsoa';
10
+ import { Example, Get, Middlewares, Path, Query, Request, Response, Route, Security, Tags } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
+ import { acl } from '../middlewares/acl.middleware.mjs';
13
14
  import { badRequestResp, notFoundResp, unauthorizedResp } from '../open-api/common/response.common.mjs';
14
15
  import { partialSms, sm, smIds } from '../open-api/oa-examples/sm.oa-example.mjs';
15
16
  import { RestApi } from '../rest-api/rest-api.mjs';
@@ -19,14 +20,23 @@ let SmController = class SmController extends XapiXoController {
19
20
  super('SM', restApi);
20
21
  }
21
22
  /**
23
+ * Returns all SMs that match the following privilege:
24
+ * - resource: sm, action: read
25
+ *
22
26
  * @example fields "uuid,name_label,SM_type"
23
27
  * @example filter "SM_type:ext"
24
28
  * @example limit 42
25
29
  */
26
- getSrs(req, fields, ndjson, filter, limit) {
27
- return this.sendObjects(Object.values(this.getObjects({ filter, limit })), req);
30
+ getSrs(req, fields, ndjson, markdown, filter, limit) {
31
+ return this.sendObjects(Object.values(this.getObjects({ filter })), req, {
32
+ limit,
33
+ privilege: { action: 'read', resource: 'sm' },
34
+ });
28
35
  }
29
36
  /**
37
+ * Required privilege:
38
+ * - resource: sm, action: read
39
+ *
30
40
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
31
41
  */
32
42
  getSr(id) {
@@ -37,15 +47,18 @@ __decorate([
37
47
  Example(smIds),
38
48
  Example(partialSms),
39
49
  Get(''),
50
+ Security('*', ['acl']),
40
51
  __param(0, Request()),
41
52
  __param(1, Query()),
42
53
  __param(2, Query()),
43
54
  __param(3, Query()),
44
- __param(4, Query())
55
+ __param(4, Query()),
56
+ __param(5, Query())
45
57
  ], SmController.prototype, "getSrs", null);
46
58
  __decorate([
47
59
  Example(sm),
48
60
  Get('{id}'),
61
+ Middlewares(acl({ resource: 'sm', action: 'read', objectId: 'params.id' })),
49
62
  Response(notFoundResp.status, notFoundResp.description),
50
63
  __param(0, Path())
51
64
  ], SmController.prototype, "getSr", null);
@@ -7,15 +7,16 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
7
7
  var __param = (this && this.__param) || function (paramIndex, decorator) {
8
8
  return function (target, key) { decorator(target, key, paramIndex); }
9
9
  };
10
- import { Delete, Example, Get, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
10
+ import { Delete, Example, Get, Middlewares, Path, Post, Put, Query, Request, Response, Route, Security, SuccessResponse, Tags, } from 'tsoa';
11
11
  import { inject } from 'inversify';
12
12
  import { provide } from 'inversify-binding-decorators';
13
13
  import { SUPPORTED_VDI_FORMAT } from '@vates/types';
14
+ import { acl } from '../middlewares/acl.middleware.mjs';
14
15
  import { AlarmService } from '../alarms/alarm.service.mjs';
15
16
  import { BASE_URL } from '../index.mjs';
16
17
  import { escapeUnsafeComplexMatcher } from '../helpers/utils.helper.mjs';
17
18
  import { genericAlarmsExample } from '../open-api/oa-examples/alarm.oa-example.mjs';
18
- import { asynchronousActionResp, badRequestResp, createdResp, internalServerErrorResp, invalidParameters as invalidParametersResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
19
+ import { asynchronousActionResp, badRequestResp, createdResp, internalServerErrorResp, invalidParameters as invalidParametersResp, forbiddenOperationResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
19
20
  import { partialSrs, sr, srIds } from '../open-api/oa-examples/sr.oa-example.mjs';
20
21
  import { vdiId } from '../open-api/oa-examples/vdi.oa-example.mjs';
21
22
  import { RestApi } from '../rest-api/rest-api.mjs';
@@ -29,35 +30,54 @@ let SrController = class SrController extends XapiXoController {
29
30
  this.#alarmService = alarmService;
30
31
  }
31
32
  /**
33
+ * Returns all SRs that match the following privilege:
34
+ * - resource: sr, action: read
35
+ *
32
36
  * @example fields "uuid,name_label,allocationStrategy"
33
37
  * @example filter "allocationStrategy:thin"
34
38
  * @example limit 42
35
39
  */
36
- getSrs(req, fields, ndjson, filter, limit) {
37
- return this.sendObjects(Object.values(this.getObjects({ filter, limit })), req);
40
+ getSrs(req, fields, ndjson, markdown, filter, limit) {
41
+ return this.sendObjects(Object.values(this.getObjects({ filter })), req, {
42
+ limit,
43
+ privilege: { action: 'read', resource: 'sr' },
44
+ });
38
45
  }
39
46
  /**
47
+ * Required privilege:
48
+ * - resource: sr, action: read
49
+ *
40
50
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
41
51
  */
42
52
  getSr(id) {
43
53
  return this.getObject(id);
44
54
  }
45
55
  /**
56
+ * Returns all alarms that match the following privilege:
57
+ * - resource: alarm, action: read
58
+ *
46
59
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
47
60
  * @example fields "id,time"
48
61
  * @example filter "time:>1747053793"
49
62
  * @example limit 42
50
63
  */
51
- getSrAlarms(req, id, fields, ndjson, filter, limit) {
64
+ getSrAlarms(req, id, fields, ndjson, markdown, filter, limit) {
52
65
  const sr = this.getObject(id);
53
66
  const alarms = this.#alarmService.getAlarms({
54
67
  filter: `${escapeUnsafeComplexMatcher(filter) ?? ''} object:uuid:${sr.uuid}`,
68
+ });
69
+ return this.sendObjects(Object.values(alarms), req, {
70
+ path: 'alarms',
55
71
  limit,
72
+ privilege: { action: 'read', resource: 'alarm' },
56
73
  });
57
- return this.sendObjects(Object.values(alarms), req, 'alarms');
58
74
  }
59
75
  /**
60
76
  * Import an exported VDI
77
+ *
78
+ * Required privilege:
79
+ * - resource: sr, action: import:vdi
80
+ *
61
81
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
62
82
  * @example name_label "VDI_foo_import"
63
83
  * @example name_description "VDI imported by the REST API"
@@ -79,26 +99,43 @@ let SrController = class SrController extends XapiXoController {
79
99
  return { id: vdiId };
80
100
  }
81
101
  /**
102
+ * Returns all messages that match the following privilege:
103
+ * - resource: message, action: read
104
+ *
82
105
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
83
106
  * @example fields "name,id,$object"
84
107
  * @example filter "name:VM_STARTED"
85
108
  * @example limit 42
86
109
  */
87
- getSrMessages(req, id, fields, ndjson, filter, limit) {
88
- const messages = this.getMessagesForObject(id, { filter, limit });
89
- return this.sendObjects(Object.values(messages), req, 'messages');
110
+ getSrMessages(req, id, fields, ndjson, markdown, filter, limit) {
111
+ const messages = this.getMessagesForObject(id, { filter });
112
+ return this.sendObjects(Object.values(messages), req, {
113
+ path: 'messages',
114
+ limit,
115
+ privilege: { action: 'read', resource: 'message' },
116
+ });
90
117
  }
91
118
  /**
119
+ * Returns all tasks that match the following privilege:
120
+ * - resource: task, action: read
121
+ *
92
122
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
93
123
  * @example fields "id,status,properties"
94
124
  * @example filter "status:failure"
95
125
  * @example limit 42
96
126
  */
97
- async getSrTasks(req, id, fields, ndjson, filter, limit) {
98
- const tasks = await this.getTasksForObject(id, { filter, limit });
99
- return this.sendObjects(Object.values(tasks), req, 'tasks');
127
+ async getSrTasks(req, id, fields, ndjson, markdown, filter, limit) {
128
+ const tasks = await this.getTasksForObject(id, { filter });
129
+ return this.sendObjects(Object.values(tasks), req, {
130
+ path: 'tasks',
131
+ limit,
132
+ privilege: { action: 'read', resource: 'task' },
133
+ });
100
134
  }
101
135
  /**
136
+ * Required privilege:
137
+ * - resource: sr, action: update:tags
138
+ *
102
139
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
103
140
  * @example tag "from-rest-api"
104
141
  */
@@ -107,6 +144,9 @@ let SrController = class SrController extends XapiXoController {
107
144
  await sr.$call('add_tags', tag);
108
145
  }
109
146
  /**
147
+ * Required privilege:
148
+ * - resource: sr, action: update:tags
149
+ *
110
150
  * @example id "c4284e12-37c9-7967-b9e8-83ef229c3e03"
111
151
  * @example tag "from-rest-api"
112
152
  */
@@ -173,21 +213,26 @@ __decorate([
173
213
  Example(srIds),
174
214
  Example(partialSrs),
175
215
  Get(''),
216
+ Security('*', ['acl']),
176
217
  __param(0, Request()),
177
218
  __param(1, Query()),
178
219
  __param(2, Query()),
179
220
  __param(3, Query()),
180
- __param(4, Query())
221
+ __param(4, Query()),
222
+ __param(5, Query())
181
223
  ], SrController.prototype, "getSrs", null);
182
224
  __decorate([
183
225
  Example(sr),
184
226
  Get('{id}'),
227
+ Middlewares(acl({ resource: 'sr', action: 'read', objectId: 'params.id' })),
228
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
185
229
  Response(notFoundResp.status, notFoundResp.description),
186
230
  __param(0, Path())
187
231
  ], SrController.prototype, "getSr", null);
188
232
  __decorate([
189
233
  Example(genericAlarmsExample),
190
234
  Get('{id}/alarms'),
235
+ Security('*', ['acl']),
191
236
  Tags('alarms'),
192
237
  Response(notFoundResp.status, notFoundResp.description),
193
238
  __param(0, Request()),
@@ -195,13 +240,16 @@ __decorate([
195
240
  __param(2, Query()),
196
241
  __param(3, Query()),
197
242
  __param(4, Query()),
198
- __param(5, Query())
243
+ __param(5, Query()),
244
+ __param(6, Query())
199
245
  ], SrController.prototype, "getSrAlarms", null);
200
246
  __decorate([
201
247
  Example(vdiId),
202
248
  Post('{id}/vdis'),
249
+ Middlewares(acl({ resource: 'sr', action: 'import:vdi', objectId: 'params.id' })),
203
250
  Tags('vdis'),
204
251
  SuccessResponse(createdResp.status, 'VDI imported'),
252
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
205
253
  Response(notFoundResp.status, notFoundResp.description),
206
254
  __param(0, Request()),
207
255
  __param(1, Path()),
@@ -213,6 +261,7 @@ __decorate([
213
261
  Example(messageIds),
214
262
  Example(partialMessages),
215
263
  Get('{id}/messages'),
264
+ Security('*', ['acl']),
216
265
  Tags('messages'),
217
266
  Response(notFoundResp.status, notFoundResp.description),
218
267
  __param(0, Request()),
@@ -220,12 +269,14 @@ __decorate([
220
269
  __param(2, Query()),
221
270
  __param(3, Query()),
222
271
  __param(4, Query()),
223
- __param(5, Query())
272
+ __param(5, Query()),
273
+ __param(6, Query())
224
274
  ], SrController.prototype, "getSrMessages", null);
225
275
  __decorate([
226
276
  Example(taskIds),
227
277
  Example(partialTasks),
228
278
  Get('{id}/tasks'),
279
+ Security('*', ['acl']),
229
280
  Tags('tasks'),
230
281
  Response(notFoundResp.status, notFoundResp.description),
231
282
  __param(0, Request()),
@@ -233,19 +284,24 @@ __decorate([
233
284
  __param(2, Query()),
234
285
  __param(3, Query()),
235
286
  __param(4, Query()),
236
- __param(5, Query())
287
+ __param(5, Query()),
288
+ __param(6, Query())
237
289
  ], SrController.prototype, "getSrTasks", null);
238
290
  __decorate([
291
+ Put('{id}/tags/{tag}'),
292
+ Middlewares(acl({ resource: 'sr', action: 'update:tags', objectId: 'params.id' })),
239
293
  SuccessResponse(noContentResp.status, noContentResp.description),
294
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
240
295
  Response(notFoundResp.status, notFoundResp.description),
241
- Put('{id}/tags/{tag}'),
242
296
  __param(0, Path()),
243
297
  __param(1, Path())
244
298
  ], SrController.prototype, "putSrTag", null);
245
299
  __decorate([
300
+ Delete('{id}/tags/{tag}'),
301
+ Middlewares(acl({ resource: 'sr', action: 'update:tags', objectId: 'params.id' })),
246
302
  SuccessResponse(noContentResp.status, noContentResp.description),
303
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
247
304
  Response(notFoundResp.status, notFoundResp.description),
248
- Delete('{id}/tags/{tag}'),
249
305
  __param(0, Path()),
250
306
  __param(1, Path())
251
307
  ], SrController.prototype, "deleteSrTag", null);