@xen-orchestra/rest-api 0.32.0 → 0.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/open-api/routes/routes.js +85 -4
- package/dist/vms/vm.controller.mjs +49 -2
- package/dist/vms/vm.service.mjs +17 -0
- package/open-api/spec/swagger.json +975 -5
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -70,7 +70,7 @@ If an endpoint does not have a middleware ACL, it will be accessible **ONLY** to
|
|
|
70
70
|
|
|
71
71
|
It is sometimes necessary to check ACLs based on the body of the request sent by the user (for example, for a PATCH endpoint). For this, you can use `actions` (which allows you to pass multiple actions) and `actionsFromBody` (a function exported from `acl.middleware.mts`).
|
|
72
72
|
|
|
73
|
-
`actionsFromBody(['update:
|
|
73
|
+
`actionsFromBody(['update:nameLabel', 'update:nameDescription'])` checks if `nameLabel` is present in the request body, and then applies the ACL check. The same applies to `nameDescription`.
|
|
74
74
|
|
|
75
75
|
`actionIfNotSelfUser('read')` returns the given action only if the current user is **not** the target user. If the current user is the target (self), no action is returned and the ACL check is skipped entirely.
|
|
76
76
|
|
|
@@ -128,11 +128,11 @@ It is sometimes necessary to check ACLs based on the body of the request sent by
|
|
|
128
128
|
*
|
|
129
129
|
* Required privileges:
|
|
130
130
|
* - resource: vm, action: update (grants all fields)
|
|
131
|
-
* - resource: vm, action: update:
|
|
132
|
-
* - resource: vm, action: update:
|
|
131
|
+
* - resource: vm, action: update:nameLabel (if nameLabel is passed)
|
|
132
|
+
* - resource: vm, action: update:nameDescription (if nameDescription is passed)
|
|
133
133
|
*/
|
|
134
134
|
@Patch('{id}')
|
|
135
|
-
@Middlewares(acl({resource: 'vm', actions: actionsFromBody(['update:
|
|
135
|
+
@Middlewares(acl({resource: 'vm', actions: actionsFromBody(['update:nameLabel', 'update:nameDescription']), objectId: 'params.id'}))
|
|
136
136
|
@Response(403)
|
|
137
137
|
createVdi(@Path() id: string, @Body() body: patchBody) {
|
|
138
138
|
updateVm(id, body)
|