we have each privilege as property of the return object,
so we generate it from $valid_privs

this has the advantage that all privileges are well documented
with that api call

Signed-off-by: Dominik Csapak <***@proxmox.com>
---
PVE/API2/Role.pm | 4 +---
PVE/AccessControl.pm | 11 +++++++++++
2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 80959b0..83e4a9d 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -163,9 +163,7 @@ __PACKAGE__->register_method ({
returns => {
type => "object",
additionalProperties => 0,
- properties => {
- privs => get_standard_option('role-privs'),
- },
+ properties => PVE::AccessControl::create_priv_properties(),
},
code => sub {
my ($param) = @_;
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 44fc0aa..bdadfd2 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -499,6 +499,17 @@ sub create_roles {

create_roles();

+sub create_priv_properties {
+ my $properties = {};
+ foreach my $priv (keys %$valid_privs) {
+ $properties->{$priv} = {
+ type => 'boolean',
+ optional => 1,
+ };
+ }
+ return $properties;
+}
+
sub role_is_special {
my ($role) = @_;
return (exists $special_roles->{$role}) ? 1 : 0;