From c28301f2864e60a92a5ee721b5d8678e9f6654ca Mon Sep 17 00:00:00 2001
From: Luther Monson <luther.monson@gmail.com>
Date: Sat, 26 Aug 2023 23:28:44 -0700
Subject: [PATCH] adding roles

---
 access.go                   |  23 ++++++
 access_test.go              |  25 +++++++
 tests/mocks/pve7x/access.go | 141 ++++++++++++++++++++++++++++++++++++
 types.go                    |   8 ++
 4 files changed, 197 insertions(+)

diff --git a/access.go b/access.go
index 917e271..4098a2e 100644
--- a/access.go
+++ b/access.go
@@ -160,3 +160,26 @@ func (u *User) Update() error {
 func (u *User) Delete() error {
 	return u.client.Delete(fmt.Sprintf("/access/users/%s", u.UserID), nil)
 }
+
+func (c *Client) Role(roleid string) (role Permission, err error) {
+	err = c.Get(fmt.Sprintf("/access/roles/%s", roleid), &role)
+	return
+}
+
+func (c *Client) Roles() (roles Roles, err error) {
+	err = c.Get("/access/roles", &roles)
+	if nil == err {
+		for _, g := range roles {
+			g.client = c
+		}
+	}
+	return
+}
+
+func (r *Role) Update() error {
+	return r.client.Put(fmt.Sprintf("/access/roles/%s", r.RoleID), r, nil)
+}
+
+func (r *Role) Delete() error {
+	return r.client.Delete(fmt.Sprintf("/access/roles/%s", r.RoleID), nil)
+}
diff --git a/access_test.go b/access_test.go
index e3d1632..f3fafa9 100644
--- a/access_test.go
+++ b/access_test.go
@@ -130,3 +130,28 @@ func TestUsers(t *testing.T) {
 	assert.Nil(t, err)
 	assert.Len(t, users, 4)
 }
+
+func TestRole(t *testing.T) {
+	mocks.On(mockConfig)
+	defer mocks.Off()
+	client := mockClient()
+
+	u, err := client.Role("Administrator")
+	assert.Nil(t, err)
+	assert.Contains(t, u, "SDN.Allocate")
+	assert.Len(t, u, 38)
+
+	u, err = client.Role("NoAccess")
+	assert.Nil(t, err)
+	assert.Len(t, u, 0)
+}
+
+func TestRoles(t *testing.T) {
+	mocks.On(mockConfig)
+	defer mocks.Off()
+	client := mockClient()
+
+	roles, err := client.Roles()
+	assert.Nil(t, err)
+	assert.Len(t, roles, 16)
+}
diff --git a/tests/mocks/pve7x/access.go b/tests/mocks/pve7x/access.go
index 77e31a3..76bc0d8 100644
--- a/tests/mocks/pve7x/access.go
+++ b/tests/mocks/pve7x/access.go
@@ -674,4 +674,145 @@ func access() {
     }
 }`)
 
+	gock.New(config.C.URI).
+		Get("^/access/roles/Administrator$").
+		Reply(200).
+		JSON(`{
+    "data": {
+        "SDN.Allocate": 1,
+        "Datastore.AllocateSpace": 1,
+        "Permissions.Modify": 1,
+        "VM.Audit": 1,
+        "VM.Snapshot": 1,
+        "Datastore.Audit": 1,
+        "VM.Config.Network": 1,
+        "Pool.Audit": 1,
+        "SDN.Use": 1,
+        "Datastore.Allocate": 1,
+        "VM.Allocate": 1,
+        "VM.Snapshot.Rollback": 1,
+        "Sys.Syslog": 1,
+        "VM.Config.Disk": 1,
+        "VM.Console": 1,
+        "VM.Config.CDROM": 1,
+        "Realm.AllocateUser": 1,
+        "Sys.Audit": 1,
+        "Sys.PowerMgmt": 1,
+        "Sys.Modify": 1,
+        "VM.Monitor": 1,
+        "VM.Config.Memory": 1,
+        "VM.Backup": 1,
+        "Sys.Incoming": 1,
+        "VM.Migrate": 1,
+        "Realm.Allocate": 1,
+        "VM.Config.CPU": 1,
+        "User.Modify": 1,
+        "VM.Config.HWType": 1,
+        "VM.Clone": 1,
+        "SDN.Audit": 1,
+        "VM.Config.Cloudinit": 1,
+        "Group.Allocate": 1,
+        "VM.PowerMgmt": 1,
+        "Sys.Console": 1,
+        "Datastore.AllocateTemplate": 1,
+        "Pool.Allocate": 1,
+        "VM.Config.Options": 1
+    }
+}`)
+
+	gock.New(config.C.URI).
+		Get("^/access/roles/NoAccess").
+		Reply(200).
+		JSON(`{
+    "data": {}
+}`)
+
+	gock.New(config.C.URI).
+		Get("^/access/roles$").
+		Reply(200).
+		JSON(`{
+    "data": [
+        {
+            "roleid": "PVEVMAdmin",
+            "privs": "VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback",
+            "special": 1
+        },
+        {
+            "roleid": "PVEDatastoreAdmin",
+            "special": 1,
+            "privs": "Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit"
+        },
+        {
+            "roleid": "PVEPoolUser",
+            "privs": "Pool.Audit",
+            "special": 1
+        },
+        {
+            "special": 1,
+            "privs": "",
+            "roleid": "NoAccess"
+        },
+        {
+            "roleid": "PVEAuditor",
+            "privs": "Datastore.Audit,Pool.Audit,SDN.Audit,Sys.Audit,VM.Audit",
+            "special": 1
+        },
+        {
+            "privs": "Permissions.Modify,Sys.Audit,Sys.Console,Sys.Syslog",
+            "special": 1,
+            "roleid": "PVESysAdmin"
+        },
+        {
+            "special": 1,
+            "privs": "Datastore.AllocateSpace,Datastore.Audit",
+            "roleid": "PVEDatastoreUser"
+        },
+        {
+            "roleid": "Administrator",
+            "special": 1,
+            "privs": "Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.Allocate,Realm.AllocateUser,SDN.Allocate,SDN.Audit,SDN.Use,Sys.Audit,Sys.Console,Sys.Incoming,Sys.Modify,Sys.PowerMgmt,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback"
+        },
+        {
+            "roleid": "PVETemplateUser",
+            "privs": "VM.Audit,VM.Clone",
+            "special": 1
+        },
+        {
+            "privs": "SDN.Audit,SDN.Use",
+            "special": 1,
+            "roleid": "PVESDNUser"
+        },
+        {
+            "special": 1,
+            "privs": "Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.AllocateUser,SDN.Allocate,SDN.Audit,SDN.Use,Sys.Audit,Sys.Console,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback",
+            "roleid": "PVEAdmin"
+        },
+        {
+            "roleid": "test",
+            "privs": "Pool.Audit",
+            "special": 0
+        },
+        {
+            "special": 1,
+            "privs": "VM.Audit,VM.Backup,VM.Config.CDROM,VM.Config.Cloudinit,VM.Console,VM.PowerMgmt",
+            "roleid": "PVEVMUser"
+        },
+        {
+            "special": 1,
+            "privs": "SDN.Allocate,SDN.Audit,SDN.Use",
+            "roleid": "PVESDNAdmin"
+        },
+        {
+            "roleid": "PVEUserAdmin",
+            "privs": "Group.Allocate,Realm.AllocateUser,User.Modify",
+            "special": 1
+        },
+        {
+            "privs": "Pool.Allocate,Pool.Audit",
+            "special": 1,
+            "roleid": "PVEPoolAdmin"
+        }
+    ]
+}`)
+
 }
diff --git a/types.go b/types.go
index 0f7f3e9..6b70871 100644
--- a/types.go
+++ b/types.go
@@ -1021,3 +1021,11 @@ type Token struct {
 	Expire  int       `json:"expire,omitempty"`
 	Privsep IntOrBool `json:"privsep,omitempty"`
 }
+
+type Roles []*Role
+type Role struct {
+	client  *Client
+	RoleID  string    `json:"roleid,omitempty"`
+	Privs   string    `json:"privs,omitempty"`
+	Special IntOrBool `json:"special,omitempty"`
+}