@xen-orchestra/rest-api 0.30.0 → 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -102,8 +102,6 @@ It is sometimes necessary to check ACLs based on the body of the request sent by
|
|
|
102
102
|
|
|
103
103
|
##### Example: Resource creation
|
|
104
104
|
|
|
105
|
-
When creating a resource (which doesn't exist yet), pass the object being created as the target:
|
|
106
|
-
|
|
107
105
|
```ts
|
|
108
106
|
/**
|
|
109
107
|
* Create a new VDI
|
|
@@ -112,10 +110,7 @@ When creating a resource (which doesn't exist yet), pass the object being create
|
|
|
112
110
|
* - resource: vdi, action: create
|
|
113
111
|
*/
|
|
114
112
|
@Post('/')
|
|
115
|
-
@Middlewares(acl({resource: 'vdi', action: 'create', object: ({req}) =>
|
|
116
|
-
const {srId,...rest} = req.body
|
|
117
|
-
return {$SR: srId, ...rest}
|
|
118
|
-
}}))
|
|
113
|
+
@Middlewares(acl({resource: 'vdi', action: 'create', object: ({req}) => req.body }))
|
|
119
114
|
@Response(403)
|
|
120
115
|
createVdi(@Body() body: VdiConfig) {
|
|
121
116
|
const {srId, ...rest}
|
|
@@ -127,8 +122,6 @@ When creating a resource (which doesn't exist yet), pass the object being create
|
|
|
127
122
|
|
|
128
123
|
##### Example: Resource update
|
|
129
124
|
|
|
130
|
-
When creating a resource (which doesn't exist yet), pass the object being created as the target:
|
|
131
|
-
|
|
132
125
|
```ts
|
|
133
126
|
/**
|
|
134
127
|
* Update a VM
|
|
@@ -22,7 +22,9 @@ export class BaseController extends Controller {
|
|
|
22
22
|
const mapper = makeObjectMapper(req, opts?.path);
|
|
23
23
|
const mappedObjects = [];
|
|
24
24
|
const user = this.restApi.getCurrentUser();
|
|
25
|
-
const userPrivileges = (opts?.privilege !== undefined
|
|
25
|
+
const userPrivileges = (opts?.privilege !== undefined && user.permission !== 'admin'
|
|
26
|
+
? await this.restApi.xoApp.getAclV2UserPrivileges(user.id)
|
|
27
|
+
: []);
|
|
26
28
|
let limit = opts?.limit ?? Infinity;
|
|
27
29
|
for (const object of objects) {
|
|
28
30
|
if (limit === 0) {
|
|
@@ -180,6 +180,10 @@ export function acl(acls) {
|
|
|
180
180
|
if (Object.keys(invalidFields).length > 0) {
|
|
181
181
|
return next(new ValidateError(invalidFields, 'invalid parameters'));
|
|
182
182
|
}
|
|
183
|
+
if (user.permission === 'admin') {
|
|
184
|
+
// Administrator users do not need to go further
|
|
185
|
+
return next();
|
|
186
|
+
}
|
|
183
187
|
let userPrivileges;
|
|
184
188
|
try {
|
|
185
189
|
userPrivileges = (await restApi.xoApp.getAclV2UserPrivileges(user.id));
|
|
@@ -70,7 +70,9 @@ let TaskController = class TaskController extends XoController {
|
|
|
70
70
|
const userId = this.restApi.getCurrentUser().id;
|
|
71
71
|
const update = async (task) => {
|
|
72
72
|
const user = await this.restApi.xoApp.getUser(userId);
|
|
73
|
-
const userPrivileges =
|
|
73
|
+
const userPrivileges = user.permission === 'admin'
|
|
74
|
+
? []
|
|
75
|
+
: (await this.restApi.xoApp.getAclV2UserPrivileges(user.id));
|
|
74
76
|
if (hasPrivilegeOn({ user, userPrivileges, action: 'read', resource: 'task', objects: task }) &&
|
|
75
77
|
(userFilter === undefined || userFilter(task))) {
|
|
76
78
|
stream.write(['update', task]);
|
|
@@ -78,7 +80,9 @@ let TaskController = class TaskController extends XoController {
|
|
|
78
80
|
};
|
|
79
81
|
const remove = async (task) => {
|
|
80
82
|
const user = await this.restApi.xoApp.getUser(userId);
|
|
81
|
-
const userPrivileges =
|
|
83
|
+
const userPrivileges = user.permission === 'admin'
|
|
84
|
+
? []
|
|
85
|
+
: (await this.restApi.xoApp.getAclV2UserPrivileges(user.id));
|
|
82
86
|
if (hasPrivilegeOn({ user, userPrivileges, action: 'read', resource: 'task', objects: task }) &&
|
|
83
87
|
(userFilter === undefined || userFilter(task))) {
|
|
84
88
|
stream.write(['remove', { id: task.id }]);
|
|
@@ -120,7 +124,7 @@ let TaskController = class TaskController extends XoController {
|
|
|
120
124
|
*/
|
|
121
125
|
async deleteTasks() {
|
|
122
126
|
const user = this.restApi.getCurrentUser();
|
|
123
|
-
const userPrivileges = (await this.restApi.xoApp.getAclV2UserPrivileges(user.id));
|
|
127
|
+
const userPrivileges = user.permission === 'admin' ? [] : (await this.restApi.xoApp.getAclV2UserPrivileges(user.id));
|
|
124
128
|
const deletePromises = [];
|
|
125
129
|
for await (const task of this.restApi.tasks.list()) {
|
|
126
130
|
if (hasPrivilegeOn({ user, userPrivileges, resource: 'task', action: 'delete', objects: task })) {
|
|
@@ -18395,7 +18395,7 @@
|
|
|
18395
18395
|
},
|
|
18396
18396
|
"info": {
|
|
18397
18397
|
"title": "@xen-orchestra/rest-api",
|
|
18398
|
-
"version": "0.30.
|
|
18398
|
+
"version": "0.30.1",
|
|
18399
18399
|
"description": "REST API to manage your XOA",
|
|
18400
18400
|
"license": {
|
|
18401
18401
|
"name": "AGPL-3.0-or-later"
|
package/package.json
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
"main": "./dist/index.mjs",
|
|
7
7
|
"name": "@xen-orchestra/rest-api",
|
|
8
8
|
"homepage": "https://github.com/vatesfr/xen-orchestra/tree/master/@xen-orchestra/rest-api",
|
|
9
|
-
"version": "0.30.
|
|
9
|
+
"version": "0.30.1",
|
|
10
10
|
"description": "REST API to manage your XOA",
|
|
11
11
|
"license": "AGPL-3.0-or-later",
|
|
12
12
|
"private": false,
|