@xen-orchestra/rest-api 0.28.2 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/README.md +108 -1
  2. package/dist/abstract-classes/base-controller.mjs +28 -3
  3. package/dist/abstract-classes/listener.mjs +124 -15
  4. package/dist/acl-privileges/acl-privilege.controller.mjs +172 -0
  5. package/dist/acl-roles/acl-role.controller.mjs +384 -0
  6. package/dist/alarms/alarm.controller.mjs +25 -11
  7. package/dist/alarms/alarm.service.mjs +8 -0
  8. package/dist/backup-archives/backup-archive.controller.mjs +33 -23
  9. package/dist/backup-archives/backup-archive.service.mjs +21 -0
  10. package/dist/backup-jobs/backup-job.controller.mjs +74 -25
  11. package/dist/backup-jobs/backup-job.service.mjs +7 -0
  12. package/dist/backup-logs/backup-log.controller.mjs +28 -13
  13. package/dist/backup-logs/backup-log.service.mjs +19 -0
  14. package/dist/backup-repositories/backup-repositories.controller.mjs +24 -5
  15. package/dist/events/event.class.mjs +36 -18
  16. package/dist/events/event.controller.mjs +3 -0
  17. package/dist/events/event.service.mjs +4 -4
  18. package/dist/groups/group.controller.mjs +99 -12
  19. package/dist/helpers/markdown.helper.mjs +20 -0
  20. package/dist/helpers/object-wrapper.helper.mjs +3 -3
  21. package/dist/hosts/host.controller.mjs +90 -15
  22. package/dist/ioc/ioc.mjs +13 -4
  23. package/dist/messages/message.controller.mjs +32 -10
  24. package/dist/middlewares/acl.middleware.mjs +202 -0
  25. package/dist/middlewares/authentication.middleware.mjs +15 -6
  26. package/dist/middlewares/tsoa-to-xo-error.middleware.mjs +19 -1
  27. package/dist/networks/network.controller.mjs +72 -17
  28. package/dist/open-api/oa-examples/acl-privilege.oa-example.mjs +25 -0
  29. package/dist/open-api/oa-examples/acl-role.oa-example.mjs +22 -0
  30. package/dist/open-api/oa-examples/backup-archive.oa-example.mjs +6 -6
  31. package/dist/open-api/oa-examples/common.oa-example.mjs +3 -0
  32. package/dist/open-api/routes/routes.js +856 -172
  33. package/dist/pbds/pbd.controller.mjs +20 -5
  34. package/dist/pcis/pci.controller.mjs +19 -5
  35. package/dist/pgpus/pgpu.controller.mjs +19 -5
  36. package/dist/pifs/pif.controller.mjs +56 -16
  37. package/dist/pools/pool.controller.mjs +166 -17
  38. package/dist/proxies/proxy.controller.mjs +25 -6
  39. package/dist/restore-logs/restore-log.controller.mjs +42 -23
  40. package/dist/schedules/schedule.controller.mjs +36 -5
  41. package/dist/servers/server.controller.mjs +71 -9
  42. package/dist/sms/sm.controller.mjs +17 -4
  43. package/dist/srs/sr.controller.mjs +74 -18
  44. package/dist/tasks/task.controller.mjs +74 -13
  45. package/dist/users/user.controller.mjs +124 -22
  46. package/dist/vbds/vbd.controller.mjs +76 -38
  47. package/dist/vdi-snapshots/vdi-snapshot.controller.mjs +48 -14
  48. package/dist/vdis/vdi.controller.mjs +81 -16
  49. package/dist/vifs/vif.controller.mjs +118 -16
  50. package/dist/vm-controller/vm-controller.controller.mjs +77 -19
  51. package/dist/vm-snapshots/vm-snapshot.controller.mjs +85 -18
  52. package/dist/vm-templates/vm-template.controller.mjs +86 -18
  53. package/dist/vms/vm.controller.mjs +182 -24
  54. package/open-api/spec/swagger.json +12112 -3537
  55. package/package.json +12 -11
@@ -13,6 +13,7 @@ import { inject } from 'inversify';
13
13
  import { incorrectState, invalidParameters } from 'xo-common/api-errors.js';
14
14
  import { provide } from 'inversify-binding-decorators';
15
15
  import { PassThrough } from 'node:stream';
16
+ import { acl } from '../middlewares/acl.middleware.mjs';
16
17
  import { asynchronousActionResp, badRequestResp, createdResp, forbiddenOperationResp, incorrectStateResp, internalServerErrorResp, invalidParameters as invalidParametersResp, noContentResp, notFoundResp, unauthorizedResp, } from '../open-api/common/response.common.mjs';
17
18
  import { BASE_URL } from '../index.mjs';
18
19
  import { limitAndFilterArray, NDJSON_CONTENT_TYPE } from '../helpers/utils.helper.mjs';
@@ -35,18 +36,26 @@ let VmController = class VmController extends XapiXoController {
35
36
  this.#backupJobService = backupJobService;
36
37
  }
37
38
  /**
39
+ * Returns all VMs that match the following privilege:
40
+ * - resource: vm, action: read
38
41
  *
39
42
  * @example fields "name_label,power_state,uuid"
40
43
  * @example filter "power_state:Running"
41
44
  * @example limit 42
42
45
  */
43
- getVms(req, fields, ndjson, filter, limit) {
44
- return this.sendObjects(Object.values(this.getObjects({ filter, limit })), req);
46
+ getVms(req, fields, ndjson, markdown, filter, limit) {
47
+ return this.sendObjects(Object.values(this.getObjects({ filter })), req, {
48
+ limit,
49
+ privilege: { action: 'read', resource: 'vm' },
50
+ });
45
51
  }
46
52
  /**
47
53
  *
48
54
  * Export VM. Compress is only used for XVA format
49
55
  *
56
+ * Required privilege:
57
+ * - resource: vm, action: export
58
+ *
50
59
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
51
60
  */
52
61
  async exportVm(req, id, format, compress) {
@@ -56,6 +65,8 @@ let VmController = class VmController extends XapiXoController {
56
65
  return stream;
57
66
  }
58
67
  /**
68
+ * Required privilege:
69
+ * - resource: vm, action: read
59
70
  *
60
71
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
61
72
  */
@@ -63,6 +74,9 @@ let VmController = class VmController extends XapiXoController {
63
74
  return this.getObject(id);
64
75
  }
65
76
  /**
77
+ * Required privilege:
78
+ * - resource: vm, action: delete
79
+ *
66
80
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
67
81
  */
68
82
  async deleteVm(id) {
@@ -73,6 +87,9 @@ let VmController = class VmController extends XapiXoController {
73
87
  *
74
88
  * VM must be running
75
89
  *
90
+ * Required privilege:
91
+ * - resource: vm, action: read
92
+ *
76
93
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
77
94
  */
78
95
  async getVmStats(id, granularity) {
@@ -117,6 +134,10 @@ let VmController = class VmController extends XapiXoController {
117
134
  * - **vif_#_tx** : Bytes per second transmitted on virtual interface vif. Enabled by default. *Condition*: VIF vif exists.
118
135
  * - **vif_#_rx_errors** : Receive errors per second on virtual interface vif. Enabled by default. *Condition*: VIF vif exists.
119
136
  * - **vif_#_tx_errors** : Transmit errors per second on virtual interface vif. Enabled by default. *Condition*: VIF vif exists.
137
+ *
138
+ * Required privilege:
139
+ * - resource: vm, action: update:datasources
140
+ *
120
141
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
121
142
  * @example dataSource "cpu0"
122
143
  */
@@ -128,6 +149,9 @@ let VmController = class VmController extends XapiXoController {
128
149
  *
129
150
  * For a list of possible data sources, see the endpoint documentation: `GET {id}/stats/data_source/{data_source}`
130
151
  *
152
+ * Required privilege:
153
+ * - resource: vm, action: update:datasources
154
+ *
131
155
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
132
156
  * @example dataSource "cpu0"
133
157
  */
@@ -137,6 +161,10 @@ let VmController = class VmController extends XapiXoController {
137
161
  /**
138
162
  * The VM must be halted
139
163
  *
164
+ * Required privileges:
165
+ * - resource: vm, action: start
166
+ * - resource: host, action: allow-vm (if an hostId is specified)
167
+ *
140
168
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
141
169
  * @example body { "hostId": "b61a5c92-700e-4966-a13b-00633f03eea8" }
142
170
  */
@@ -157,6 +185,10 @@ let VmController = class VmController extends XapiXoController {
157
185
  }
158
186
  /**
159
187
  * Requires guest tools to be installed
188
+ *
189
+ * Required privilege:
190
+ * - resource: vm, action: shutdown:clean
191
+ *
160
192
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
161
193
  */
162
194
  async cleanShutdownVm(id, sync) {
@@ -175,6 +207,10 @@ let VmController = class VmController extends XapiXoController {
175
207
  }
176
208
  /**
177
209
  * Requires guest tools to be installed
210
+ *
211
+ * Required privilege:
212
+ * - resource: vm, action: reboot:clean
213
+ *
178
214
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
179
215
  */
180
216
  async cleanRebootVm(id, sync) {
@@ -192,6 +228,9 @@ let VmController = class VmController extends XapiXoController {
192
228
  });
193
229
  }
194
230
  /**
231
+ * Required privilege:
232
+ * - resource: vm, action: shutdown:hard
233
+ *
195
234
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
196
235
  */
197
236
  async hardShutdownVm(id, sync) {
@@ -209,6 +248,9 @@ let VmController = class VmController extends XapiXoController {
209
248
  });
210
249
  }
211
250
  /**
251
+ * Required privilege:
252
+ * - resource: vm, action: reboot:hard
253
+ *
212
254
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
213
255
  */
214
256
  async hardRebootVm(id, sync) {
@@ -228,6 +270,9 @@ let VmController = class VmController extends XapiXoController {
228
270
  /**
229
271
  * The VM must be running
230
272
  *
273
+ * Required privilege:
274
+ * - resource: vm, action: pause
275
+ *
231
276
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
232
277
  */
233
278
  async pauseVm(id, sync) {
@@ -247,6 +292,9 @@ let VmController = class VmController extends XapiXoController {
247
292
  /**
248
293
  * The VM must be running
249
294
  *
295
+ * Required privilege:
296
+ * - resource: vm, action: suspend
297
+ *
250
298
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
251
299
  */
252
300
  async suspendVm(id, sync) {
@@ -266,6 +314,9 @@ let VmController = class VmController extends XapiXoController {
266
314
  /**
267
315
  * The VM must be suspended
268
316
  *
317
+ * Required privilege:
318
+ * - resource: vm, action: resume
319
+ *
269
320
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
270
321
  */
271
322
  async resumeVm(id, sync) {
@@ -285,6 +336,9 @@ let VmController = class VmController extends XapiXoController {
285
336
  /**
286
337
  * The VM must be paused
287
338
  *
339
+ * Required privilege:
340
+ * - resource: vm, action: unpause
341
+ *
288
342
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
289
343
  */
290
344
  async unpauseVm(id, sync) {
@@ -302,6 +356,9 @@ let VmController = class VmController extends XapiXoController {
302
356
  });
303
357
  }
304
358
  /**
359
+ * Required privilege:
360
+ * - resource: vm, action: snapshot
361
+ *
305
362
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
306
363
  * @example body { "name_label": "my_awesome_snapshot" }
307
364
  */
@@ -371,32 +428,49 @@ let VmController = class VmController extends XapiXoController {
371
428
  });
372
429
  }
373
430
  /**
431
+ * Returns all alarms that match the following privilege:
432
+ * - resource: alarm, action: read
433
+ *
374
434
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
375
435
  * @example fields "id,time"
376
436
  * @example filter "time:>1747053793"
377
437
  * @example limit 42
378
438
  */
379
- getVmAlarms(req, id, fields, ndjson, filter, limit) {
380
- const alarms = this.#vmService.getVmAlarms(id, { filter, limit });
381
- return this.sendObjects(Object.values(alarms), req, 'alarms');
439
+ getVmAlarms(req, id, fields, ndjson, markdown, filter, limit) {
440
+ const alarms = this.#vmService.getVmAlarms(id, { filter });
441
+ return this.sendObjects(Object.values(alarms), req, {
442
+ path: 'alarms',
443
+ limit,
444
+ privilege: { action: 'read', resource: 'alarm' },
445
+ });
382
446
  }
383
447
  /**
448
+ * Returns all VDIs that match the following privilege:
449
+ * - resource: vdi, action: read
450
+ *
384
451
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
385
452
  * @example fields "VDI_type,id,name_label"
386
453
  * @example filter "VDI_type:user"
387
454
  * @example limit 42
388
455
  */
389
- getVmVdis(req, id, fields, ndjson, filter, limit) {
456
+ getVmVdis(req, id, fields, ndjson, markdown, filter, limit) {
390
457
  const vdis = this.#vmService.getVmVdis(id, 'VM');
391
- return this.sendObjects(limitAndFilterArray(vdis, { filter, limit }), req, obj => obj.type.toLowerCase() + 's');
458
+ return this.sendObjects(limitAndFilterArray(vdis, { filter }), req, {
459
+ path: obj => obj.type.toLowerCase() + 's',
460
+ limit,
461
+ privilege: { action: 'read', resource: 'vdi' },
462
+ });
392
463
  }
393
464
  /**
465
+ * Returns all backup jobs that match the following privilege:
466
+ * - resource: backup-job, action: read
467
+ *
394
468
  * @example id "f07ab729-c0e8-721c-45ec-f11276377030"
395
469
  * @example fields "mode,name,type,id"
396
470
  * @example filter "mode:full"
397
471
  * @example limit 42
398
472
  */
399
- async vmGetVmBackupJobs(req, id, fields, ndjson, filter, limit) {
473
+ async vmGetVmBackupJobs(req, id, fields, ndjson, markdown, filter, limit) {
400
474
  const backupJobs = await this.restApi.xoApp.getAllJobs('backup');
401
475
  const vmBackupJobs = [];
402
476
  for (const backupJob of backupJobs) {
@@ -404,29 +478,50 @@ let VmController = class VmController extends XapiXoController {
404
478
  vmBackupJobs.push(backupJob);
405
479
  }
406
480
  }
407
- return this.sendObjects(limitAndFilterArray(vmBackupJobs, { filter, limit }), req, '/backup-jobs');
481
+ return this.sendObjects(limitAndFilterArray(vmBackupJobs, { filter }), req, {
482
+ path: '/backup-jobs',
483
+ limit,
484
+ privilege: { action: 'read', resource: 'backup-job' },
485
+ });
408
486
  }
409
487
  /**
488
+ * Returns all messages that match the following privilege:
489
+ * - resource: message, action: read
490
+ *
410
491
  * @example id "cef5f68c-61ae-3831-d2e6-1590d4934acf"
411
492
  * @example fields "name,id,$object"
412
493
  * @example filter "name:VM_STARTED"
413
494
  * @example limit 42
414
495
  */
415
- getVmMessages(req, id, fields, ndjson, filter, limit) {
416
- const messages = this.getMessagesForObject(id, { filter, limit });
417
- return this.sendObjects(Object.values(messages), req, 'messages');
496
+ getVmMessages(req, id, fields, ndjson, markdown, filter, limit) {
497
+ const messages = this.getMessagesForObject(id, { filter });
498
+ return this.sendObjects(Object.values(messages), req, {
499
+ path: 'messages',
500
+ limit,
501
+ privilege: { action: 'read', resource: 'message' },
502
+ });
418
503
  }
419
504
  /**
505
+ * Returns all tasks that match the following privilege:
506
+ * - resource: task, action: read
507
+ *
420
508
  * @example id "613f541c-4bed-fc77-7ca8-2db6b68f079c"
421
509
  * @example fields "id,status,properties"
422
510
  * @example filter "status:failure"
423
511
  * @example limit 42
424
512
  */
425
- async getVmTasks(req, id, fields, ndjson, filter, limit) {
426
- const tasks = await this.getTasksForObject(id, { filter, limit });
427
- return this.sendObjects(Object.values(tasks), req, 'tasks');
513
+ async getVmTasks(req, id, fields, ndjson, markdown, filter, limit) {
514
+ const tasks = await this.getTasksForObject(id, { filter });
515
+ return this.sendObjects(Object.values(tasks), req, {
516
+ path: 'tasks',
517
+ limit,
518
+ privilege: { action: 'read', resource: 'task' },
519
+ });
428
520
  }
429
521
  /**
522
+ * Required privilege:
523
+ * - resource: vm, action: update:tags
524
+ *
430
525
  * @example id "613f541c-4bed-fc77-7ca8-2db6b68f079c"
431
526
  * @example tag "from-rest-api"
432
527
  */
@@ -435,6 +530,9 @@ let VmController = class VmController extends XapiXoController {
435
530
  await vm.$call('add_tags', tag);
436
531
  }
437
532
  /**
533
+ * Required privilege:
534
+ * - resource: vm, action: update:tags
535
+ *
438
536
  * @example id "613f541c-4bed-fc77-7ca8-2db6b68f079c"
439
537
  * @example tag "from-rest-api"
440
538
  */
@@ -443,6 +541,9 @@ let VmController = class VmController extends XapiXoController {
443
541
  await vm.$call('remove_tags', tag);
444
542
  }
445
543
  /**
544
+ * Required privilege:
545
+ * - resource: vm, action: read
546
+ *
446
547
  * @example id "613f541c-4bed-fc77-7ca8-2db6b68f079c"
447
548
  */
448
549
  async getVmDashboard(req, id, ndjson) {
@@ -496,15 +597,19 @@ __decorate([
496
597
  Example(vmIds),
497
598
  Example(partialVms),
498
599
  Get(''),
600
+ Security('*', ['acl']),
499
601
  __param(0, Request()),
500
602
  __param(1, Query()),
501
603
  __param(2, Query()),
502
604
  __param(3, Query()),
503
- __param(4, Query())
605
+ __param(4, Query()),
606
+ __param(5, Query())
504
607
  ], VmController.prototype, "getVms", null);
505
608
  __decorate([
506
609
  Get('{id}.{format}'),
610
+ Middlewares(acl({ resource: 'vm', action: 'export', objectId: 'params.id' })),
507
611
  SuccessResponse(200, 'Download started', 'application/octet-stream'),
612
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
508
613
  Response(notFoundResp.status, notFoundResp.description),
509
614
  Response(422, 'Invalid format, Invalid compress'),
510
615
  __param(0, Request()),
@@ -515,11 +620,14 @@ __decorate([
515
620
  __decorate([
516
621
  Example(vm),
517
622
  Get('{id}'),
623
+ Middlewares(acl({ resource: 'vm', action: 'read', objectId: 'params.id' })),
624
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
518
625
  Response(notFoundResp.status, notFoundResp.description),
519
626
  __param(0, Path())
520
627
  ], VmController.prototype, "getVm", null);
521
628
  __decorate([
522
629
  Delete('{id}'),
630
+ Middlewares(acl({ resource: 'vm', action: 'delete', objectId: 'params.id' })),
523
631
  SuccessResponse(noContentResp.status, noContentResp.description),
524
632
  Response(notFoundResp.status, notFoundResp.description),
525
633
  Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
@@ -529,32 +637,45 @@ __decorate([
529
637
  __decorate([
530
638
  Example(vmStatsExample),
531
639
  Get('{id}/stats'),
640
+ Middlewares(acl({ resource: 'vm', action: 'read', objectId: 'params.id' })),
641
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
532
642
  Response(notFoundResp.status, notFoundResp.description),
533
643
  Response(422, 'Invalid granularity, VM is halted or host could not be found'),
534
644
  __param(0, Path()),
535
645
  __param(1, Query())
536
646
  ], VmController.prototype, "getVmStats", null);
537
647
  __decorate([
648
+ Put('{id}/stats/data_source/{data_source}'),
649
+ Middlewares(acl({ resource: 'vm', action: 'update:datasources', objectId: 'params.id' })),
538
650
  SuccessResponse(noContentResp.status, noContentResp.description),
651
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
539
652
  Response(notFoundResp.status, notFoundResp.description),
540
653
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
541
- Put('{id}/stats/data_source/{data_source}'),
542
654
  __param(0, Path()),
543
655
  __param(1, Path('data_source'))
544
656
  ], VmController.prototype, "addDataSource", null);
545
657
  __decorate([
658
+ Delete('{id}/stats/data_source/{data_source}'),
659
+ Middlewares(acl({ resource: 'vm', action: 'update:datasources', objectId: 'params.id' })),
546
660
  SuccessResponse(noContentResp.status, noContentResp.description),
661
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
547
662
  Response(notFoundResp.status, notFoundResp.description),
548
663
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
549
- Delete('{id}/stats/data_source/{data_source}'),
550
664
  __param(0, Path()),
551
665
  __param(1, Path('data_source'))
552
666
  ], VmController.prototype, "deleteDataSource", null);
553
667
  __decorate([
554
668
  Example(taskLocation),
555
669
  Post('{id}/actions/start'),
556
- Middlewares(json()),
670
+ Middlewares([
671
+ json(),
672
+ acl([
673
+ { resource: 'vm', action: 'start', objectId: 'params.id' },
674
+ { resource: 'host', action: 'allow-vm', objectId: 'body.hostId' },
675
+ ]),
676
+ ]),
557
677
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
678
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
558
679
  Response(noContentResp.status, noContentResp.description),
559
680
  Response(notFoundResp.status, notFoundResp.description),
560
681
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -565,8 +686,10 @@ __decorate([
565
686
  __decorate([
566
687
  Example(taskLocation),
567
688
  Post('{id}/actions/clean_shutdown'),
689
+ Middlewares(acl({ resource: 'vm', action: 'shutdown:clean', objectId: 'params.id' })),
568
690
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
569
691
  Response(noContentResp.status, noContentResp.description),
692
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
570
693
  Response(notFoundResp.status, notFoundResp.description),
571
694
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
572
695
  __param(0, Path()),
@@ -575,13 +698,20 @@ __decorate([
575
698
  __decorate([
576
699
  Example(taskLocation),
577
700
  Post('{id}/actions/clean_reboot'),
701
+ Middlewares(acl({ resource: 'vm', action: 'reboot:clean', objectId: 'params.id' })),
702
+ SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
703
+ Response(noContentResp.status, noContentResp.description),
704
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
705
+ Response(notFoundResp.status, notFoundResp.description),
578
706
  __param(0, Path()),
579
707
  __param(1, Query())
580
708
  ], VmController.prototype, "cleanRebootVm", null);
581
709
  __decorate([
582
710
  Example(taskLocation),
583
711
  Post('{id}/actions/hard_shutdown'),
712
+ Middlewares(acl({ resource: 'vm', action: 'shutdown:hard', objectId: 'params.id' })),
584
713
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
714
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
585
715
  Response(noContentResp.status, noContentResp.description),
586
716
  Response(notFoundResp.status, notFoundResp.description),
587
717
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -591,7 +721,9 @@ __decorate([
591
721
  __decorate([
592
722
  Example(taskLocation),
593
723
  Post('{id}/actions/hard_reboot'),
724
+ Middlewares(acl({ resource: 'vm', action: 'reboot:hard', objectId: 'params.id' })),
594
725
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
726
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
595
727
  Response(noContentResp.status, noContentResp.description),
596
728
  Response(notFoundResp.status, notFoundResp.description),
597
729
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -601,7 +733,9 @@ __decorate([
601
733
  __decorate([
602
734
  Example(taskLocation),
603
735
  Post('{id}/actions/pause'),
736
+ Middlewares(acl({ resource: 'vm', action: 'pause', objectId: 'params.id' })),
604
737
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
738
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
605
739
  Response(noContentResp.status, noContentResp.description),
606
740
  Response(notFoundResp.status, notFoundResp.description),
607
741
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -611,7 +745,9 @@ __decorate([
611
745
  __decorate([
612
746
  Example(taskLocation),
613
747
  Post('{id}/actions/suspend'),
748
+ Middlewares(acl({ resource: 'vm', action: 'suspend', objectId: 'params.id' })),
614
749
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
750
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
615
751
  Response(noContentResp.status, noContentResp.description),
616
752
  Response(notFoundResp.status, notFoundResp.description),
617
753
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -621,7 +757,9 @@ __decorate([
621
757
  __decorate([
622
758
  Example(taskLocation),
623
759
  Post('{id}/actions/resume'),
760
+ Middlewares(acl({ resource: 'vm', action: 'resume', objectId: 'params.id' })),
624
761
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
762
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
625
763
  Response(noContentResp.status, noContentResp.description),
626
764
  Response(notFoundResp.status, notFoundResp.description),
627
765
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -631,7 +769,9 @@ __decorate([
631
769
  __decorate([
632
770
  Example(taskLocation),
633
771
  Post('{id}/actions/unpause'),
772
+ Middlewares(acl({ resource: 'vm', action: 'unpause', objectId: 'params.id' })),
634
773
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
774
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
635
775
  Response(noContentResp.status, noContentResp.description),
636
776
  Response(notFoundResp.status, notFoundResp.description),
637
777
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -641,7 +781,9 @@ __decorate([
641
781
  __decorate([
642
782
  Example(taskLocation),
643
783
  Post('{id}/actions/snapshot'),
784
+ Middlewares([json(), acl({ resource: 'vm', action: 'snapshot', objectId: 'params.id' })]),
644
785
  SuccessResponse(asynchronousActionResp.status, asynchronousActionResp.description),
786
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
645
787
  Response(createdResp.status, 'Snapshot created'),
646
788
  Response(notFoundResp.status, notFoundResp.description),
647
789
  Response(internalServerErrorResp.status, internalServerErrorResp.description),
@@ -665,6 +807,7 @@ __decorate([
665
807
  __decorate([
666
808
  Example(genericAlarmsExample),
667
809
  Get('{id}/alarms'),
810
+ Security('*', ['acl']),
668
811
  Tags('alarms'),
669
812
  Response(notFoundResp.status, notFoundResp.description),
670
813
  __param(0, Request()),
@@ -672,11 +815,13 @@ __decorate([
672
815
  __param(2, Query()),
673
816
  __param(3, Query()),
674
817
  __param(4, Query()),
675
- __param(5, Query())
818
+ __param(5, Query()),
819
+ __param(6, Query())
676
820
  ], VmController.prototype, "getVmAlarms", null);
677
821
  __decorate([
678
822
  Example(vmVdis),
679
823
  Get('{id}/vdis'),
824
+ Security('*', ['acl']),
680
825
  Tags('vdis'),
681
826
  Response(notFoundResp.status, notFoundResp.description),
682
827
  __param(0, Request()),
@@ -684,12 +829,14 @@ __decorate([
684
829
  __param(2, Query()),
685
830
  __param(3, Query()),
686
831
  __param(4, Query()),
687
- __param(5, Query())
832
+ __param(5, Query()),
833
+ __param(6, Query())
688
834
  ], VmController.prototype, "getVmVdis", null);
689
835
  __decorate([
690
836
  Example(vmBackupJobIds),
691
837
  Example(partialVmBackupJobs),
692
838
  Get('{id}/backup-jobs'),
839
+ Security('*', ['acl']),
693
840
  Tags('backup-jobs'),
694
841
  Response(notFoundResp.status, notFoundResp.description),
695
842
  __param(0, Request()),
@@ -697,12 +844,14 @@ __decorate([
697
844
  __param(2, Query()),
698
845
  __param(3, Query()),
699
846
  __param(4, Query()),
700
- __param(5, Query())
847
+ __param(5, Query()),
848
+ __param(6, Query())
701
849
  ], VmController.prototype, "vmGetVmBackupJobs", null);
702
850
  __decorate([
703
851
  Example(messageIds),
704
852
  Example(partialMessages),
705
853
  Get('{id}/messages'),
854
+ Security('*', ['acl']),
706
855
  Tags('messages'),
707
856
  Response(notFoundResp.status, notFoundResp.description),
708
857
  __param(0, Request()),
@@ -710,12 +859,14 @@ __decorate([
710
859
  __param(2, Query()),
711
860
  __param(3, Query()),
712
861
  __param(4, Query()),
713
- __param(5, Query())
862
+ __param(5, Query()),
863
+ __param(6, Query())
714
864
  ], VmController.prototype, "getVmMessages", null);
715
865
  __decorate([
716
866
  Example(taskIds),
717
867
  Example(partialTasks),
718
868
  Get('{id}/tasks'),
869
+ Security('*', ['acl']),
719
870
  Tags('tasks'),
720
871
  Response(notFoundResp.status, notFoundResp.description),
721
872
  __param(0, Request()),
@@ -723,18 +874,23 @@ __decorate([
723
874
  __param(2, Query()),
724
875
  __param(3, Query()),
725
876
  __param(4, Query()),
726
- __param(5, Query())
877
+ __param(5, Query()),
878
+ __param(6, Query())
727
879
  ], VmController.prototype, "getVmTasks", null);
728
880
  __decorate([
729
881
  Put('{id}/tags/{tag}'),
882
+ Middlewares(acl({ resource: 'vm', action: 'update:tags', objectId: 'params.id' })),
730
883
  SuccessResponse(noContentResp.status, noContentResp.description),
884
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
731
885
  Response(notFoundResp.status, notFoundResp.description),
732
886
  __param(0, Path()),
733
887
  __param(1, Path())
734
888
  ], VmController.prototype, "putVmTag", null);
735
889
  __decorate([
736
890
  Delete('{id}/tags/{tag}'),
891
+ Middlewares(acl({ resource: 'vm', action: 'update:tags', objectId: 'params.id' })),
737
892
  SuccessResponse(noContentResp.status, noContentResp.description),
893
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
738
894
  Response(notFoundResp.status, notFoundResp.description),
739
895
  __param(0, Path()),
740
896
  __param(1, Path())
@@ -742,6 +898,8 @@ __decorate([
742
898
  __decorate([
743
899
  Example(vmDashboard),
744
900
  Get('{id}/dashboard'),
901
+ Middlewares(acl({ resource: 'vm', action: 'read', objectId: 'params.id' })),
902
+ Response(forbiddenOperationResp.status, forbiddenOperationResp.description),
745
903
  __param(0, Request()),
746
904
  __param(1, Path()),
747
905
  __param(2, Query())