Can determine the rights of the token over the group

remote_backend/src/controllers/server_controller.rs

@@ -2,7 +2,7 @@ use crate::app_config::AppConfig;
 use crate::controllers::HttpResult;
 use crate::extractors::auth_extractor::AuthExtractor;
 use crate::virtweb_client;
-use crate::virtweb_client::VMUuid;
+use crate::virtweb_client::{GroupID, VMInfo};
 use actix_web::HttpResponse;
 
 #[derive(serde::Serialize)]
@@ -20,18 +20,29 @@ pub async fn config(auth: AuthExtractor) -> HttpResult {
 
 #[derive(Default, Debug, serde::Serialize)]
 pub struct Rights {
+    groups: Vec<GroupInfo>,
     vms: Vec<VMInfoAndCaps>,
     sys_info: bool,
 }
 
+#[derive(Debug, serde::Serialize)]
+pub struct GroupInfo {
+    id: GroupID,
+    vms: Vec<VMInfo>,
+    can_get_state: bool,
+    can_start: bool,
+    can_shutdown: bool,
+    can_kill: bool,
+    can_reset: bool,
+    can_suspend: bool,
+    can_resume: bool,
+    can_screenshot: bool,
+}
+
 #[derive(Debug, serde::Serialize)]
 pub struct VMInfoAndCaps {
-    uiid: VMUuid,
+    #[serde(flatten)]
-    name: String,
+    info: VMInfo,
-    description: Option<String>,
-    architecture: String,
-    memory: usize,
-    number_vcpu: usize,
     can_get_state: bool,
     can_start: bool,
     can_shutdown: bool,
@@ -46,20 +57,33 @@ pub async fn rights() -> HttpResult {
     let rights = virtweb_client::get_token_info().await?;
 
     let mut res = Rights {
+        groups: vec![],
         vms: vec![],
         sys_info: rights.can_retrieve_system_info(),
     };
 
+    for g in rights.list_groups() {
+        let group_vms = virtweb_client::group_vm_info(&g).await?;
+
+        res.groups.push(GroupInfo {
+            id: g.clone(),
+            vms: group_vms,
+            can_get_state: rights.is_route_allowed("GET", &g.route_vm_state(None)),
+            can_start: rights.is_route_allowed("GET", &g.route_vm_start(None)),
+            can_shutdown: rights.is_route_allowed("GET", &g.route_vm_shutdown(None)),
+            can_kill: rights.is_route_allowed("GET", &g.route_vm_kill(None)),
+            can_reset: rights.is_route_allowed("GET", &g.route_vm_reset(None)),
+            can_suspend: rights.is_route_allowed("GET", &g.route_vm_suspend(None)),
+            can_resume: rights.is_route_allowed("GET", &g.route_vm_resume(None)),
+            can_screenshot: rights.is_route_allowed("GET", &g.route_vm_screenshot(None)),
+        })
+    }
+
     for v in rights.list_vm() {
         let vm_info = virtweb_client::vm_info(v).await?;
 
         res.vms.push(VMInfoAndCaps {
-            uiid: vm_info.uuid,
+            info: vm_info,
-            name: vm_info.name,
-            description: vm_info.description.clone(),
-            architecture: vm_info.architecture.to_string(),
-            memory: vm_info.memory,
-            number_vcpu: vm_info.number_vcpu,
             can_get_state: rights.is_route_allowed("GET", &v.route_state()),
             can_start: rights.is_route_allowed("GET", &v.route_start()),
             can_shutdown: rights.is_route_allowed("GET", &v.route_shutdown()),

remote_backend/src/virtweb_client.rs

@@ -12,6 +12,96 @@ pub enum VirtWebClientError {
     InvalidStatusCode(u16),
 }
 
+#[derive(Eq, PartialEq, Debug, Clone, serde::Serialize, serde::Deserialize)]
+pub struct GroupID(String);
+
+impl GroupID {
+    pub fn route_vm_info(&self) -> String {
+        format!("/api/group/{}/vm/info", self.0)
+    }
+
+    pub fn route_vm_state(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/state{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_start(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/start{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_shutdown(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/shutdown{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_suspend(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/suspend{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_resume(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/resume{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_kill(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/kill{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_reset(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/reset{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+    pub fn route_vm_screenshot(&self, vm: Option<VMUuid>) -> String {
+        format!(
+            "/api/group/{}/vm/screenshot{}",
+            self.0,
+            match vm {
+                None => "".to_string(),
+                Some(id) => format!("?vm_id={}", id.0),
+            }
+        )
+    }
+}
+
 #[derive(Eq, PartialEq, Debug, Copy, Clone, serde::Serialize, serde::Deserialize)]
 pub struct VMUuid(Uuid);
 
@@ -69,7 +159,7 @@ pub struct TokenClaims {
     pub nonce: String,
 }
 
-#[derive(serde::Deserialize, Debug)]
+#[derive(serde::Deserialize, serde::Serialize, Debug)]
 pub struct VMInfo {
     pub uuid: VMUuid,
     pub name: String,
@@ -147,6 +237,16 @@ impl TokenInfo {
         false
     }
 
+    /// List the groups with access
+    pub fn list_groups(&self) -> Vec<GroupID> {
+        self.rights
+            .iter()
+            .filter(|r| r.verb == "GET")
+            .filter(|r| regex!("^/api/group/[^/]+/vm/info$").is_match(&r.path))
+            .map(|r| GroupID(r.path.split("/").nth(3).unwrap().to_string()))
+            .collect::<Vec<_>>()
+    }
+
     /// List the virtual machines with access
     pub fn list_vm(&self) -> Vec<VMUuid> {
         self.rights
@@ -260,6 +360,11 @@ pub async fn vm_screenshot(id: VMUuid) -> anyhow::Result<Vec<u8>> {
         .to_vec())
 }
 
+/// Get the VM of a group
+pub async fn group_vm_info(id: &GroupID) -> anyhow::Result<Vec<VMInfo>> {
+    json_request(id.route_vm_info()).await
+}
+
 /// Get current server information
 pub async fn get_server_info() -> anyhow::Result<SystemInfo> {
     json_request("/api/server/info").await

remote_frontend/src/api/VMApi.ts

@@ -1,7 +1,7 @@
 import { APIClient } from "./ApiClient";
 
 export interface VMInfo {
-  uiid: string;
+  uuid: string;
   name: string;
   description?: string;
   architecture: string;
@@ -34,7 +34,7 @@ export class VMApi {
    */
   static async State(vm: VMInfo): Promise<VMState> {
     return (
-      await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/state` })
+      await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/state` })
     ).data.state;
   }
 
@@ -42,42 +42,42 @@ export class VMApi {
    * Request to start VM
    */
   static async StartVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/start` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/start` });
   }
 
   /**
    * Request to suspend VM
    */
   static async SuspendVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/suspend` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/suspend` });
   }
 
   /**
    * Request to resume VM
    */
   static async ResumeVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/resume` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/resume` });
   }
 
   /**
    * Request to shutdown VM
    */
   static async ShutdownVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/shutdown` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/shutdown` });
   }
 
   /**
    * Request to kill VM
    */
   static async KillVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/kill` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/kill` });
   }
 
   /**
    * Request to reset VM
    */
   static async ResetVM(vm: VMInfo): Promise<void> {
-    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uiid}/reset` });
+    await APIClient.exec({ method: "GET", uri: `/vm/${vm.uuid}/reset` });
   }
 
   /**
@@ -86,7 +86,7 @@ export class VMApi {
   static async Screenshot(vm: VMInfo): Promise<Blob> {
     return (
       await APIClient.exec({
-        uri: `/vm/${vm.uiid}/screenshot`,
+        uri: `/vm/${vm.uuid}/screenshot`,
         method: "GET",
       })
     ).data;