Untitled

[root@ns7loc10 ~]# cat /etc/e-smith/templates/etc/sudoers.d/30nethserver_cockpit_roles/10base
{

    use strict;
    use warnings;
    use JSON;
    #use esmith::ConfigDB;

    require "/usr/libexec/nethserver/api/lib/auth_functions.pl";

    my $jsonFile = '/etc/nethserver/cockpit/authorization/roles.json';
    my $data = read_json ($jsonFile);

    my %controllers = (
        "system-users-groups" => ["/usr/libexec/nethserver/api/system-roles/*",
			          "/usr/libexec/nethserver/api/system-password-policy/read",
			          "/usr/libexec/nethserver/api/system-accounts-provider/*",
                                   "/usr/libexec/nethserver/api/system-users/*"],
        'system-network'      => ["/usr/libexec/nethserver/api/system-routes/*",
                                  "/usr/libexec/nethserver/api/system-proxy/*"],
        'system-dns'          => ["/usr/libexec/nethserver/api/system-hosts/*"],
        'system-certificates' => ["/usr/libexec/nethserver/api/system-certificate/*"],
        'system-ssh'          => ["/usr/libexec/nethserver/api/system-openssh/*"],
        'system-applications' => ["/usr/libexec/nethserver/api/system-apps/*"],
    );

    foreach my $key (keys %{$data}) {

        my @systems = @{$data->{$key}->{'system'}};
        my @applications = @{$data->{$key}->{'applications'}};
        my @roles = ();

        #Here all default sudo commands
        my @commands = (
                "/usr/libexec/nethserver/api/system-*/read"
            );

        foreach my $system (@systems){
            push @roles, "system-$system";
        }

        foreach my $application (@applications){
            push @roles, $application;
        }

        # Hack when the group name gets a space
        # for example 'domain admins', visudo do not like it
        (my $Cmnd_Alias = $key) =~ s/ //;
        $key =~s/ /\\ /;

        $OUT .= "\n#\n# Role delegations for $key\n#";
        $OUT .= "\nCmnd_Alias ". uc $Cmnd_Alias .'= ';


        foreach my $role (@roles) {

            $role = '*' if ($key eq 'domain admins');

            if (! exists $controllers{$role}){
                push @commands, "/usr/libexec/nethserver/api/$role/*";
            } else {
                push @commands, @{$controllers{$role}};
            }
            # we allow all for admins
            last if ($key eq 'admins');
        }

        $OUT .= join (', ',@commands);
        $OUT .= "\n\n%".$key." ALL=NOPASSWD: ". uc $Cmnd_Alias;
        $OUT .= "\nDefaults:%".$key." !requiretty\n";
    }
}