Merge remote-tracking branch 'origin/3.0' into gh-pages

9 months ago · c3e7b97014
parent 7c70350184 6ec97a704f
commit c3e7b97014
344 changed files with 7948 additions and 2854 deletions
--- a/.github/workflows/add-new-issues-to-project.yml
+++ b/.github/workflows/add-new-issues-to-project.yml
@ -0,0 +1,16 @@
+name: Add new issues to GNS3 project
+
+on:
+  issues:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add issue to project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v0.4.0
+        with:
+          project-url: https://github.com/orgs/GNS3/projects/3
+          github-token: ${{ secrets.ADD_NEW_ISSUES_TO_PROJECT }}
--- a/.github/workflows/publish-api-documentation.yml
+++ b/.github/workflows/publish-api-documentation.yml
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@ -30,10 +30,7 @@ jobs:
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
-        python -m pip install -r dev-requirements.txt
-    - name: Install Windows dependencies
-      if: matrix.os == 'windows-latest'
-      run: python -m pip install -r win-requirements.txt
+        python -m pip install .[dev]
    - name: Lint with flake8
      run: |
        # stop the build if there are Python syntax errors or undefined names
--- a/.whitesource
+++ b/.whitesource
@ -2,7 +2,8 @@
  "scanSettings": {
    "configMode": "AUTO",
    "configExternalURL": "",
-    "projectToken" : ""
+    "projectToken" : "",
+    "baseBranches": ["master", "2.2", "3.0"]
  },
  "checkRunSettings": {
    "vulnerableCheckRunConclusionLevel": "failure"
--- a/2
+++ b/2
@ -1,2 +0,0 @@
-Jeremy Grossmann
-Julien Duponchelle
--- a/72
+++ b/72
@ -1,5 +1,77 @@
 # Change Log

+## 2.2.42 09/08/2023
+
+* Bundle web-ui v2.2.42
+* Handle API version key in VirtualBox 7. Fixes #2266
+* Enable system certificate store for SSL connections
+* Use DEFAULT_BUFFER_SIZE for md5sum
+* Fix version check when installing appliances. Ref https://github.com/GNS3/gns3-gui/issues/3486
+* Allow connection to ws console over IPv6. Fixes https://github.com/GNS3/gns3-web-ui/issues/1400
+* Support for Python 3.12
+* Remove import urllib3 and let sentry_sdk import and patch it. Fixes https://github.com/GNS3/gns3-gui/issues/3498
+
+## 2.2.41 12/07/2023
+
+* Bundle web-ui v2.2.41
+* Catch urllib3 exceptions when sending crash report. Ref https://github.com/GNS3/gns3-gui/issues/3483
+* Only fetch Qemu version once when starting Qemu + only add speed/duplex for virtio-net-pci with Qemu version >= 2.12
+* Use recent OVMF firmware (stable-202305) and use flash drives to configure Qemu command line
+* Remove the useless executable permissions to the file gns3server/disks/empty8G.qcow2
+* Backport UEFI boot mode support for Qemu VMs
+
+## 2.2.40.1 10/06/2023
+
+* Re-bundle Web-Ui v2.2.40. Fixes #2239
+
+## 2.2.40 06/06/2023
+
+* qemu : with network adapter_type equal to "virtio-net-pci", fix the speed to 10000 and duplex to full. 	The values are actually fake. 	(https://github.com/GNS3/gns3-gui/issues/3476)
+* Parse name for request to node creation from template
+* Remove Xvfb + x11vnc support
+* Require a Host-Only Network to start the VirtualBox GNS3 VM on macOS with VirtualBox 7
+* Properly catch aiohttp client exception. Ref #2228
+* Catch ConnectionResetError when waiting for the wrap console
+* Fix open IPv6 address for HTTP consoles on controller. Fixes https://github.com/GNS3/gns3-gui/issues/3448
+* Use proc.communicate() when checking for subprocess output As recommended in https://docs.python.org/3/library/asyncio-subprocess.html#asyncio.subprocess.Process.stderr
+
+## 2.2.39 08/05/2023
+
+* Install web-ui v2.2.39
+* Add generic function to install resource files
+* Install empty Qemu disks on first start
+* Check for colon in project name. Fixes #2203
+* Upgrade distro and aiohttp dependencies
+
+## 2.2.38 28/02/2023
+
+* Bundle web-ui v2.2.38
+* Fix c7200_i0_log.txt is created in the current directory. Fixes #2191
+* Check swtpm version and start swtpm before qemu
+* Fix broken websocket console with Python 3.11
+* Fix "cannot reopen console". Ref #2182
+* Fix Qemu binary not set when adding appliance from template
+
+## 2.2.37 25/01/2023
+
+* Fix link communication issues on Windows with uBridge
+* Fix StreamWriter doesn't have the wait_closed() method in Python3.6. Fixes #2170
+* Install built-in appliances when no previous version has been detected. Fixes #2168
+* Update documentation to install gns3-server. Fixes #2124
+* Give udhcpc executable right. Fixes #2159
+
+## 2.2.36 04/01/2023
+
+* Install web-ui v2.2.36
+* Add Trusted Platform Module (TPM) support for Qemu VMs
+* Require Dynamips 0.2.23 and bind Dynamips hypervisor on 127.0.0.1
+* Delete the built-in appliance directory before installing updated files
+* Use a stock BusyBox for the Docker integration
+* Overwrite built-in appliance files when starting a more recent version of the server
+* Fix reset console. Fixes #1619
+* Only use importlib_resources for Python <= 3.9. Fixes #2147
+* Support when the user field defined in Docker container is an ID. Fixes #2134
+
 ## 3.0.0a3 27/12/2022

 * Add web-ui v3.0.0a3
--- a/2
+++ b/2
@ -34,4 +34,4 @@ COPY . /gns3server
 RUN mkdir -p ~/.config/GNS3/3.0/
 RUN cp scripts/gns3_server.conf ~/.config/GNS3/3.0/

-RUN python3 setup.py install
+RUN python3 -m pip install .
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -1,11 +1,7 @@
-include README.rst
-include AUTHORS
+include README.md
 include LICENSE
-include MANIFEST.in
-include requirements.txt
-include conf/*.conf
-recursive-include tests *
-recursive-exclude docs *
+include CHANGELOG
 recursive-include gns3server *
+recursive-exclude docs *
 recursive-exclude * __pycache__
 recursive-exclude * *.py[co]
--- a/README.md
+++ b/README.md
@ -85,8 +85,8 @@ cd gns3-server
 git checkout 3.0
 python3 -m venv venv-gns3server
 source venv-gns3server/bin/activate
-python3 setup.py install
-python3 -m gns3server --local
+python3 -m pip install .
+python3 -m gns3server
 ```

 You will have to manually install other software dependencies (see above), for Dynamips, VPCS and uBridge the easiest is to install from our PPA.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -14,4 +14,4 @@ currently being supported with security updates.

 ## Reporting a Vulnerability

-Please contact us at security@gns3.net
+Please use GitHub's report a vulnerability feature. More information can be found in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@ -1,8 +1,6 @@
-r requirements.txt
-
-pytest==7.2.0
+pytest==7.4.0
 flake8==5.0.4  # v5.0.4 is the last to support Python 3.7
 pytest-timeout==2.1.0
-pytest-asyncio==0.20.3
-requests==2.28.1
-httpx==0.23.1
+pytest-asyncio==0.21.1
+requests==2.31.0
+httpx==0.24.1
--- a/gns3server/alembic.ini
+++ b/gns3server/alembic.ini
@ -0,0 +1,103 @@
+# A generic, single database configuration.
+
+[alembic]
+# path to migration scripts
+script_location = db_migrations
+
+# template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
+# Uncomment the line below if you want the files to be prepended with date and time
+# file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
+
+# sys.path path, will be prepended to sys.path if present.
+# defaults to the current working directory.
+prepend_sys_path = .
+
+# timezone to use when rendering the date within the migration file
+# as well as the filename.
+# If specified, requires the python-dateutil library that can be
+# installed by adding `alembic[tz]` to the pip requirements
+# string value is passed to dateutil.tz.gettz()
+# leave blank for localtime
+# timezone =
+
+# max length of characters to apply to the
+# "slug" field
+# truncate_slug_length = 40
+
+# set to 'true' to run the environment during
+# the 'revision' command, regardless of autogenerate
+# revision_environment = false
+
+# set to 'true' to allow .pyc and .pyo files without
+# a source .py file to be detected as revisions in the
+# versions/ directory
+# sourceless = false
+
+# version location specification; This defaults
+# to db_migrations/versions.  When using multiple version
+# directories, initial revisions must be specified with --version-path.
+# The path separator used here should be the separator specified by "version_path_separator" below.
+# version_locations = %(here)s/bar:%(here)s/bat:db_migrations/versions
+
+# version path separator; As mentioned above, this is the character used to split
+# version_locations. The default within new alembic.ini files is "os", which uses os.pathsep.
+# If this key is omitted entirely, it falls back to the legacy behavior of splitting on spaces and/or commas.
+# Valid values for version_path_separator are:
+#
+# version_path_separator = :
+# version_path_separator = ;
+# version_path_separator = space
+version_path_separator = os  # Use os.pathsep. Default configuration used for new projects.
+
+# the output encoding used when revision files
+# are written from script.py.mako
+# output_encoding = utf-8
+
+sqlalchemy.url =
+
+
+[post_write_hooks]
+# post_write_hooks defines scripts or Python functions that are run
+# on newly generated revision scripts.  See the documentation for further
+# detail and examples
+
+# format using "black" - use the console_scripts runner, against the "black" entrypoint
+# hooks = black
+# black.type = console_scripts
+# black.entrypoint = black
+# black.options = -l 79 REVISION_SCRIPT_FILENAME
+
+# Logging configuration
+[loggers]
+keys = root,sqlalchemy,alembic
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+qualname =
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+
+[logger_alembic]
+level = INFO
+handlers =
+qualname = alembic
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(levelname)-5.5s [%(name)s] %(message)s
+datefmt = %H:%M:%S
--- a/gns3server/api/routes/compute/init.py
+++ b/gns3server/api/routes/compute/init.py
@ -58,7 +58,6 @@ log = logging.getLogger(__name__)

 compute_api = FastAPI(
    title="GNS3 compute API",
-    dependencies=[Depends(compute_authentication)],
    description="This page describes the private compute API for GNS3. PLEASE DO NOT USE DIRECTLY!",
    version="v3",
 )
@ -158,11 +157,13 @@ async def http_exception_handler(request: Request, exc: StarletteHTTPException):

 compute_api.include_router(
    capabilities.router,
+    dependencies=[Depends(compute_authentication)],
    tags=["Capabilities"]
 )

 compute_api.include_router(
    compute.router,
+    dependencies=[Depends(compute_authentication)],
    tags=["Compute"]
 )

@ -173,86 +174,101 @@ compute_api.include_router(

 compute_api.include_router(
    projects.router,
+    dependencies=[Depends(compute_authentication)],
    tags=["Projects"]
 )

 compute_api.include_router(
    images.router,
+    dependencies=[Depends(compute_authentication)],
    tags=["Images"]
 )

 compute_api.include_router(
    atm_switch_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/atm_switch/nodes",
    tags=["ATM switch"]
 )
 compute_api.include_router(
    cloud_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/cloud/nodes",
    tags=["Cloud nodes"]
 )

 compute_api.include_router(
    docker_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/docker/nodes",
    tags=["Docker nodes"]
 )

 compute_api.include_router(
    dynamips_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/dynamips/nodes",
    tags=["Dynamips nodes"]
 )

 compute_api.include_router(
    ethernet_hub_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/ethernet_hub/nodes",
    tags=["Ethernet hub nodes"]
 )

 compute_api.include_router(
    ethernet_switch_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/ethernet_switch/nodes",
    tags=["Ethernet switch nodes"]
 )

 compute_api.include_router(
    frame_relay_switch_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/frame_relay_switch/nodes",
    tags=["Frame Relay switch nodes"]
 )

 compute_api.include_router(
    iou_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/iou/nodes",
    tags=["IOU nodes"])

 compute_api.include_router(
    nat_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/nat/nodes",
    tags=["NAT nodes"]
 )

 compute_api.include_router(
    qemu_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/qemu/nodes",
    tags=["Qemu nodes"]
 )

 compute_api.include_router(
    virtualbox_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/virtualbox/nodes",
    tags=["VirtualBox nodes"]
 )

 compute_api.include_router(
    vmware_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/vmware/nodes",
    tags=["VMware nodes"]
 )

 compute_api.include_router(
    vpcs_nodes.router,
+    dependencies=[Depends(compute_authentication)],
    prefix="/projects/{project_id}/vpcs/nodes",
    tags=["VPCS nodes"]
 )
--- a/gns3server/api/routes/compute/compute.py
+++ b/gns3server/api/routes/compute/compute.py
@ -45,7 +45,7 @@ router = APIRouter()
@router.post("/projects/{project_id}/ports/udp", status_code=status.HTTP_201_CREATED)
 def allocate_udp_port(project_id: UUID) -> dict:
    """
-    Allocate an UDP port on the compute.
+    Allocate a UDP port on the compute.
    """

    pm = ProjectManager.instance()
@ -56,7 +56,7 @@ def allocate_udp_port(project_id: UUID) -> dict:


@router.get("/network/interfaces")
-def network_interfaces() -> dict:
+def network_interfaces() -> List[dict]:
    """
    List all the network interfaces available on the compute"
    """
--- a/gns3server/api/routes/compute/images.py
+++ b/gns3server/api/routes/compute/images.py
@ -34,7 +34,7 @@ router = APIRouter()


@router.get("/docker/images")
-async def get_docker_images() -> List[str]:
+async def get_docker_images() -> List[dict]:
    """
    Get all Docker images.
    """
@ -44,7 +44,7 @@ async def get_docker_images() -> List[str]:


@router.get("/dynamips/images")
-async def get_dynamips_images() -> List[str]:
+async def get_dynamips_images() -> List[dict]:
    """
    Get all Dynamips images.
    """
@ -85,7 +85,7 @@ async def download_dynamips_image(filename: str) -> FileResponse:


@router.get("/iou/images")
-async def get_iou_images() -> List[str]:
+async def get_iou_images() -> List[dict]:
    """
    Get all IOU images.
    """
@ -125,7 +125,7 @@ async def download_iou_image(filename: str) -> FileResponse:


@router.get("/qemu/images")
-async def get_qemu_images() -> List[str]:
+async def get_qemu_images() -> List[dict]:

    qemu_manager = Qemu.instance()
    return await qemu_manager.list_images()
--- a/gns3server/api/routes/compute/notifications.py
+++ b/gns3server/api/routes/compute/notifications.py
@ -35,7 +35,7 @@ router = APIRouter()


@router.websocket("/notifications/ws")
-async def notification_ws(websocket: WebSocket) -> None:
+async def project_ws_notifications(websocket: WebSocket) -> None:
    """
    Receive project notifications about the project from WebSocket.
    """
--- a/gns3server/api/routes/compute/virtualbox_nodes.py
+++ b/gns3server/api/routes/compute/virtualbox_nodes.py
@ -32,7 +32,7 @@ from gns3server.compute.virtualbox.virtualbox_vm import VirtualBoxVM

 responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find project or VirtualBox node"}}

-router = APIRouter(responses=responses)
+router = APIRouter(responses=responses, deprecated=True)


 def dep_node(project_id: UUID, node_id: UUID) -> VirtualBoxVM:
--- a/gns3server/api/routes/compute/vmware_nodes.py
+++ b/gns3server/api/routes/compute/vmware_nodes.py
@ -32,7 +32,7 @@ from gns3server.compute.vmware.vmware_vm import VMwareVM

 responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find project or VMware node"}}

-router = APIRouter(responses=responses)
+router = APIRouter(responses=responses, deprecated=True)


 def dep_node(project_id: UUID, node_id: UUID) -> VMwareVM:
--- a/gns3server/api/routes/controller/init.py
+++ b/gns3server/api/routes/controller/init.py
@ -23,7 +23,6 @@ from . import drawings
 from . import gns3vm
 from . import links
 from . import nodes
-from . import notifications
 from . import projects
 from . import snapshots
 from . import symbols
@ -32,73 +31,72 @@ from . import images
 from . import users
 from . import groups
 from . import roles
-from . import permissions
+from . import acl

 from .dependencies.authentication import get_current_active_user

 router = APIRouter()

-router.include_router(controller.router, tags=["Controller"])
-router.include_router(users.router, prefix="/users", tags=["Users"])
+router.include_router(
+    controller.router,
+    tags=["Controller"]
+)
+
+router.include_router(
+    users.router,
+    prefix="/access/users",
+    tags=["Users"]
+)

 router.include_router(
    groups.router,
-    dependencies=[Depends(get_current_active_user)],
-    prefix="/groups",
+    prefix="/access/groups",
    tags=["Users groups"]
 )

 router.include_router(
    roles.router,
-    dependencies=[Depends(get_current_active_user)],
-    prefix="/roles",
+    prefix="/access/roles",
    tags=["Roles"]
 )

 router.include_router(
-    permissions.router,
-    dependencies=[Depends(get_current_active_user)],
-    prefix="/permissions",
-    tags=["Permissions"]
+    acl.router,
+    prefix="/access/acl",
+    tags=["ACL"]
 )

 router.include_router(
    images.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/images",
    tags=["Images"]
 )

 router.include_router(
    templates.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/templates",
    tags=["Templates"]
 )

 router.include_router(
    projects.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/projects",
    tags=["Projects"])

 router.include_router(
    nodes.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/projects/{project_id}/nodes",
    tags=["Nodes"]
 )

 router.include_router(
    links.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/projects/{project_id}/links",
    tags=["Links"]
 )

 router.include_router(
    drawings.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/projects/{project_id}/drawings",
    tags=["Drawings"])

@ -109,7 +107,6 @@ router.include_router(

 router.include_router(
    snapshots.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/projects/{project_id}/snapshots",
    tags=["Snapshots"])

@ -120,23 +117,16 @@ router.include_router(
    tags=["Computes"]
 )

-router.include_router(
-    notifications.router,
-    dependencies=[Depends(get_current_active_user)],
-    prefix="/notifications",
-    tags=["Notifications"])
-
 router.include_router(
    appliances.router,
-    dependencies=[Depends(get_current_active_user)],
    prefix="/appliances",
    tags=["Appliances"]
 )

 router.include_router(
    gns3vm.router,
-    deprecated=True,
    dependencies=[Depends(get_current_active_user)],
+    deprecated=True,
    prefix="/gns3vm",
    tags=["GNS3 VM"]
 )
--- a/gns3server/api/routes/controller/acl.py
+++ b/gns3server/api/routes/controller/acl.py
@ -0,0 +1,250 @@
+#!/usr/bin/env python
+#
+# Copyright (C) 2023 GNS3 Technologies Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+API routes for ACL.
+"""
+
+import re
+
+from fastapi import APIRouter, Depends, Request, status
+from fastapi.routing import APIRoute
+from uuid import UUID
+from typing import List
+
+
+from gns3server import schemas
+from gns3server.controller.controller_error import (
+    ControllerBadRequestError,
+    ControllerNotFoundError
+)
+
+from gns3server.controller import Controller
+from gns3server.db.repositories.users import UsersRepository
+from gns3server.db.repositories.rbac import RbacRepository
+from gns3server.db.repositories.images import ImagesRepository
+from gns3server.db.repositories.templates import TemplatesRepository
+from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege
+
+import logging
+
+log = logging.getLogger(__name__)
+
+router = APIRouter()
+
+
+@router.get(
+    "/endpoints",
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("ACE.Audit"))]
+)
+async def endpoints(
+        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
+        images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
+        templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository))
+) -> List[dict]:
+    """
+    List all endpoints to be used in ACL entries.
+    """
+
+    controller = Controller.instance()
+    endpoints = [{"endpoint": "/", "name": "All endpoints", "endpoint_type": "root"}]
+
+    def add_to_endpoints(endpoint: str, name: str, endpoint_type: str) -> None:
+        if endpoint not in endpoints:
+            endpoints.append({"endpoint": endpoint, "name": name, "endpoint_type": endpoint_type})
+
+    # projects
+    add_to_endpoints("/projects", "All projects", "project")
+    projects = [p for p in controller.projects.values()]
+    for project in projects:
+        add_to_endpoints(f"/projects/{project.id}", f'Project "{project.name}"', "project")
+
+        # nodes
+        add_to_endpoints(f"/projects/{project.id}/nodes", f'All nodes in project "{project.name}"', "node")
+        for node in project.nodes.values():
+            add_to_endpoints(
+                f"/projects/{project.id}/nodes/{node['node_id']}",
+                f'Node "{node["name"]}" in project "{project.name}"',
+                endpoint_type="node"
+            )
+
+        # links
+        add_to_endpoints(f"/projects/{project.id}/links", f'All links in project "{project.name}"', "link")
+        for link in project.links.values():
+            node_id_1 = link["nodes"][0]["node_id"]
+            node_id_2 = link["nodes"][1]["node_id"]
+            node_name_1 = project.nodes[node_id_1]["name"]
+            node_name_2 = project.nodes[node_id_2]["name"]
+            add_to_endpoints(
+                f"/projects/{project.id}/links/{link['link_id']}",
+                f'Link from "{node_name_1}" to "{node_name_2}" in project "{project.name}"',
+                endpoint_type="link"
+            )
+
+    # users
+    add_to_endpoints("/access/users", "All users", "user")
+    users = await users_repo.get_users()
+    for user in users:
+        add_to_endpoints(f"/users/{user.user_id}", f'User "{user.username}"', "user")
+
+    # groups
+    add_to_endpoints("/access/groups", "All groups", "group")
+    groups = await users_repo.get_user_groups()
+    for group in groups:
+        add_to_endpoints(f"/groups/{group.user_group_id}", f'Group "{group.name}"', "group")
+
+    # roles
+    add_to_endpoints("/access/roles", "All roles", "role")
+    roles = await rbac_repo.get_roles()
+    for role in roles:
+        add_to_endpoints(f"/roles/{role.role_id}", f'Role "{role.name}"', "role")
+
+    # images
+    add_to_endpoints("/images", "All images", "image")
+    images = await images_repo.get_images()
+    for image in images:
+        add_to_endpoints(f"/images/{image.filename}", f'Image "{image.filename}"', "image")
+
+    # templates
+    add_to_endpoints("/templates", "All templates", "template")
+    templates = await templates_repo.get_templates()
+    for template in templates:
+        add_to_endpoints(f"/templates/{template.template_id}", f'Template "{template.name}"', "template")
+
+    return endpoints
+
+
+@router.get(
+    "",
+    response_model=List[schemas.ACE],
+    dependencies=[Depends(has_privilege("ACE.Audit"))]
+)
+async def get_aces(
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> List[schemas.ACE]:
+    """
+    Get all ACL entries.
+
+    Required privilege: ACE.Audit
+    """
+
+    return await rbac_repo.get_aces()
+
+
+@router.post(
+    "",
+    response_model=schemas.ACE,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("ACE.Allocate"))]
+)
+async def create_ace(
+        request: Request,
+        ace_create: schemas.ACECreate,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> schemas.ACE:
+    """
+    Create a new ACL entry.
+
+    Required privilege: ACE.Allocate
+    """
+
+    for route in request.app.routes:
+        if isinstance(route, APIRoute):
+
+            # remove the prefix (e.g. "/v3") from the route path
+            route_path = re.sub(r"^/v[0-9]", "", route.path)
+            # replace route path ID parameters by a UUID regex
+            route_path = re.sub(r"{\w+_id}", "[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}", route_path)
+            # replace remaining route path parameters by a word matching regex
+            route_path = re.sub(r"/{[\w:]+}", r"/\\w+", route_path)
+
+            if re.fullmatch(route_path, ace_create.path):
+                log.info("Creating ACE for route path", ace_create.path, route_path)
+                return await rbac_repo.create_ace(ace_create)
+
+    raise ControllerBadRequestError(f"Path '{ace_create.path}' doesn't match any existing endpoint")
+
+
+@router.get(
+    "/{ace_id}",
+    response_model=schemas.ACE,
+    dependencies=[Depends(has_privilege("ACE.Audit"))]
+)
+async def get_ace(
+        ace_id: UUID,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
+) -> schemas.ACE:
+    """
+    Get an ACL entry.
+
+    Required privilege: ACE.Audit
+    """
+
+    ace = await rbac_repo.get_ace(ace_id)
+    if not ace:
+        raise ControllerNotFoundError(f"ACL entry '{ace_id}' not found")
+    return ace
+
+
+@router.put(
+    "/{ace_id}",
+    response_model=schemas.ACE,
+    dependencies=[Depends(has_privilege("ACE.Modify"))]
+)
+async def update_ace(
+        ace_id: UUID,
+        ace_update: schemas.ACEUpdate,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> schemas.ACE:
+    """
+    Update an ACL entry.
+
+    Required privilege: ACE.Modify
+    """
+
+    ace = await rbac_repo.get_ace(ace_id)
+    if not ace:
+        raise ControllerNotFoundError(f"ACL entry '{ace_id}' not found")
+
+    return await rbac_repo.update_ace(ace_id, ace_update)
+
+
+@router.delete(
+    "/{ace_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("ACE.Allocate"))]
+)
+async def delete_ace(
+    ace_id: UUID,
+    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
+) -> None:
+    """
+    Delete an ACL entry.
+
+    Required privilege: ACE.Allocate
+    """
+
+    ace = await rbac_repo.get_ace(ace_id)
+    if not ace:
+        raise ControllerNotFoundError(f"ACL entry '{ace_id}' not found")
+
+    success = await rbac_repo.delete_ace(ace_id)
+    if not success:
+        raise ControllerNotFoundError(f"ACL entry '{ace_id}' could not be deleted")
--- a/gns3server/api/routes/controller/appliances.py
+++ b/gns3server/api/routes/controller/appliances.py
@ -20,7 +20,7 @@ API routes for appliances.

 import logging

-from fastapi import APIRouter, Depends, Response, status
+from fastapi import APIRouter, Depends, status
 from typing import Optional, List
 from uuid import UUID

@ -38,19 +38,28 @@ from gns3server.db.repositories.rbac import RbacRepository

 from .dependencies.authentication import get_current_active_user
 from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege
+

 log = logging.getLogger(__name__)

 router = APIRouter()


-@router.get("")
+@router.get(
+    "",
+    response_model=List[schemas.Appliance],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Appliance.Audit"))]
+)
 async def get_appliances(
        update: Optional[bool] = False,
        symbol_theme: Optional[str] = None
 ) -> List[schemas.Appliance]:
    """
    Return all appliances known by the controller.
+
+    Required privilege: Appliance.Audit
    """

    controller = Controller.instance()
@ -60,10 +69,17 @@ async def get_appliances(
    return [c.asdict() for c in controller.appliance_manager.appliances.values()]


-@router.get("/{appliance_id}")
+@router.get(
+    "/{appliance_id}",
+    response_model=schemas.Appliance,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Appliance.Audit"))]
+)
 def get_appliance(appliance_id: UUID) -> schemas.Appliance:
    """
    Get an appliance file.
+
+    Required privilege: Appliance.Audit
    """

    controller = Controller.instance()
@ -73,10 +89,16 @@ def get_appliance(appliance_id: UUID) -> schemas.Appliance:
    return appliance.asdict()


-@router.post("/{appliance_id}/version", status_code=status.HTTP_201_CREATED)
-def add_appliance_version(appliance_id: UUID, appliance_version: schemas.ApplianceVersion) -> schemas.Appliance:
+@router.post(
+    "/{appliance_id}/version",
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Appliance.Allocate"))]
+)
+def add_appliance_version(appliance_id: UUID, appliance_version: schemas.ApplianceVersion) -> dict:
    """
-    Add a version to an appliance
+    Add a version to an appliance.
+
+    Required privilege: Appliance.Allocate
    """

    controller = Controller.instance()
@ -94,11 +116,15 @@ def add_appliance_version(appliance_id: UUID, appliance_version: schemas.Applian
        if version.get("name") == appliance_version.name:
            raise ControllerError(message=f"Appliance '{appliance_id}' already has version '{appliance_version.name}'")

-    appliance.versions.append(appliance_version.dict(exclude_unset=True))
+    appliance.versions.append(appliance_version.model_dump(exclude_unset=True))
    return appliance.asdict()


-@router.post("/{appliance_id}/install", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{appliance_id}/install",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Appliance.Allocate"))]
+)
 async def install_appliance(
        appliance_id: UUID,
        version: Optional[str] = None,
@ -109,6 +135,8 @@ async def install_appliance(
 ) -> None:
    """
    Install an appliance.
+
+    Required privilege: Appliance.Allocate
    """

    controller = Controller.instance()
--- a/gns3server/api/routes/controller/computes.py
+++ b/gns3server/api/routes/controller/computes.py
@ -18,16 +18,18 @@
 API routes for computes.
 """

-from fastapi import APIRouter, Depends, Response, status
-from typing import List, Union, Optional
+from fastapi import APIRouter, Depends, status
+from typing import Any, List, Union, Optional
 from uuid import UUID

 from gns3server.controller import Controller
 from gns3server.db.repositories.computes import ComputesRepository
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.services.computes import ComputesService
 from gns3server import schemas

 from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege

 responses = {404: {"model": schemas.ErrorMessage, "description": "Compute not found"}}

@ -43,6 +45,7 @@ router = APIRouter(responses=responses)
        409: {"model": schemas.ErrorMessage, "description": "Could not create compute"},
        401: {"model": schemas.ErrorMessage, "description": "Invalid authentication for compute"},
    },
+    dependencies=[Depends(has_privilege("Compute.Allocate"))]
 )
 async def create_compute(
    compute_create: schemas.ComputeCreate,
@ -51,15 +54,23 @@ async def create_compute(
 ) -> schemas.Compute:
    """
    Create a new compute on the controller.
+
+    Required privilege: Compute.Allocate
    """

    return await ComputesService(computes_repo).create_compute(compute_create, connect)


-@router.post("/{compute_id}/connect", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{compute_id}/connect",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Compute.Audit"))]
+)
 async def connect_compute(compute_id: Union[str, UUID]) -> None:
    """
    Connect to compute on the controller.
+
+    Required privilege: Compute.Audit
    """

    compute = Controller.instance().get_compute(str(compute_id))
@ -67,29 +78,48 @@ async def connect_compute(compute_id: Union[str, UUID]) -> None:
        await compute.connect(report_failed_connection=True)


-@router.get("/{compute_id}", response_model=schemas.Compute, response_model_exclude_unset=True)
+@router.get(
+    "/{compute_id}",
+    response_model=schemas.Compute,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Compute.Audit"))]
+)
 async def get_compute(
    compute_id: Union[str, UUID], computes_repo: ComputesRepository = Depends(get_repository(ComputesRepository))
 ) -> schemas.Compute:
    """
    Return a compute from the controller.
+
+    Required privilege: Compute.Audit
    """

    return await ComputesService(computes_repo).get_compute(compute_id)


-@router.get("", response_model=List[schemas.Compute], response_model_exclude_unset=True)
+@router.get(
+    "",
+    response_model=List[schemas.Compute],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Compute.Audit"))]
+)
 async def get_computes(
    computes_repo: ComputesRepository = Depends(get_repository(ComputesRepository)),
 ) -> List[schemas.Compute]:
    """
    Return all computes known by the controller.
+
+    Required privilege: Compute.Audit
    """

    return await ComputesService(computes_repo).get_computes()


-@router.put("/{compute_id}", response_model=schemas.Compute, response_model_exclude_unset=True)
+@router.put(
+    "/{compute_id}",
+    response_model=schemas.Compute,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Compute.Modify"))]
+)
 async def update_compute(
    compute_id: Union[str, UUID],
    compute_update: schemas.ComputeUpdate,
@ -97,20 +127,31 @@ async def update_compute(
 ) -> schemas.Compute:
    """
    Update a compute on the controller.
+
+    Required privilege: Compute.Modify
    """

    return await ComputesService(computes_repo).update_compute(compute_id, compute_update)


-@router.delete("/{compute_id}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{compute_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Compute.Allocate"))]
+)
 async def delete_compute(
-    compute_id: Union[str, UUID], computes_repo: ComputesRepository = Depends(get_repository(ComputesRepository))
+        compute_id: Union[str, UUID],
+        computes_repo: ComputesRepository = Depends(get_repository(ComputesRepository)),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
 ) -> None:
    """
    Delete a compute from the controller.
+
+    Required privilege: Compute.Allocate
    """

    await ComputesService(computes_repo).delete_compute(compute_id)
+    await rbac_repo.delete_all_ace_starting_with_path(f"/computes/{compute_id}")


@router.get("/{compute_id}/docker/images", response_model=List[schemas.ComputeDockerImage])
@ -157,7 +198,7 @@ async def dynamips_autoidlepc(compute_id: Union[str, UUID], auto_idle_pc: schema


@router.get("/{compute_id}/{emulator}/{endpoint_path:path}", deprecated=True)
-async def forward_get(compute_id: Union[str, UUID], emulator: str, endpoint_path: str) -> dict:
+async def forward_get(compute_id: Union[str, UUID], emulator: str, endpoint_path: str) -> Any:
    """
    Forward a GET request to a compute.
    Read the full compute API documentation for available routes.
@ -169,7 +210,7 @@ async def forward_get(compute_id: Union[str, UUID], emulator: str, endpoint_path


@router.post("/{compute_id}/{emulator}/{endpoint_path:path}", deprecated=True)
-async def forward_post(compute_id: Union[str, UUID], emulator: str, endpoint_path: str, compute_data: dict) -> dict:
+async def forward_post(compute_id: Union[str, UUID], emulator: str, endpoint_path: str, compute_data: dict) -> Any:
    """
    Forward a POST request to a compute.
    Read the full compute API documentation for available routes.
@ -180,7 +221,7 @@ async def forward_post(compute_id: Union[str, UUID], emulator: str, endpoint_pat


@router.put("/{compute_id}/{emulator}/{endpoint_path:path}", deprecated=True)
-async def forward_put(compute_id: Union[str, UUID], emulator: str, endpoint_path: str, compute_data: dict) -> dict:
+async def forward_put(compute_id: Union[str, UUID], emulator: str, endpoint_path: str, compute_data: dict) -> Any:
    """
    Forward a PUT request to a compute.
    Read the full compute API documentation for available routes.
--- a/gns3server/api/routes/controller/controller.py
+++ b/gns3server/api/routes/controller/controller.py
@ -18,9 +18,12 @@ import asyncio
 import signal
 import os

-from fastapi import APIRouter, Depends, Request, Response, status
+from fastapi import APIRouter, Request, Depends, WebSocket, WebSocketDisconnect, status
+from fastapi.responses import StreamingResponse
 from fastapi.encoders import jsonable_encoder
 from fastapi.routing import Mount
+from websockets.exceptions import ConnectionClosed, WebSocketException
+
 from typing import List

 from gns3server.config import Config
@ -29,7 +32,7 @@ from gns3server.version import __version__
 from gns3server.controller.controller_error import ControllerError, ControllerForbiddenError
 from gns3server import schemas

-from .dependencies.authentication import get_current_active_user
+from .dependencies.authentication import get_current_active_user, get_current_active_user_from_websocket

 import logging

@ -174,6 +177,57 @@ async def statistics() -> List[dict]:
    return compute_statistics


+@router.get("/notifications", dependencies=[Depends(get_current_active_user)])
+async def controller_http_notifications(request: Request) -> StreamingResponse:
+    """
+    Receive controller notifications about the controller from HTTP stream.
+    """
+
+    from gns3server.api.server import app
+    log.info(f"New client {request.client.host}:{request.client.port} has connected to controller HTTP "
+             f"notification stream")
+
+    async def event_stream():
+        try:
+            with Controller.instance().notification.controller_queue() as queue:
+                while not app.state.exiting:
+                    msg = await queue.get_json(5)
+                    yield f"{msg}\n".encode("utf-8")
+        finally:
+            log.info(f"Client {request.client.host}:{request.client.port} has disconnected from controller HTTP "
+                     f"notification stream")
+    return StreamingResponse(event_stream(), media_type="application/json")
+
+
+@router.websocket("/notifications/ws")
+async def controller_ws_notifications(
+        websocket: WebSocket,
+        current_user: schemas.User = Depends(get_current_active_user_from_websocket)
+) -> None:
+    """
+    Receive project notifications about the controller from WebSocket.
+    """
+
+    if current_user is None:
+        return
+
+    log.info(f"New client {websocket.client.host}:{websocket.client.port} has connected to controller WebSocket")
+    try:
+        with Controller.instance().notification.controller_queue() as queue:
+            while True:
+                notification = await queue.get_json(5)
+                await websocket.send_text(notification)
+    except (ConnectionClosed, WebSocketDisconnect):
+        log.info(f"Client {websocket.client.host}:{websocket.client.port} has disconnected from controller WebSocket")
+    except WebSocketException as e:
+        log.warning(f"Error while sending to controller event to WebSocket client: {e}")
+    finally:
+        try:
+            await websocket.close()
+        except OSError:
+            pass  # ignore OSError: [Errno 107] Transport endpoint is not connected
+
+
 # @Route.post(
 #     r"/debug",
 #     description="Dump debug information to disk (debug directory in config directory). Work only for local server",
--- a/gns3server/api/routes/controller/dependencies/authentication.py
+++ b/gns3server/api/routes/controller/dependencies/authentication.py
@ -74,21 +74,6 @@ async def get_current_active_user(
            headers={"WWW-Authenticate": "Bearer"},
        )

-    # remove the prefix (e.g. "/v3") from URL path
-    path = re.sub(r"^/v[0-9]", "", request.url.path)
-
-    # special case: always authorize access to the "/users/me" endpoint
-    if path == "/users/me":
-        return current_user
-
-    authorized = await rbac_repo.check_user_is_authorized(current_user.user_id, request.method, path)
-    if not authorized:
-        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
-            detail=f"User is not authorized '{current_user.user_id}' on {request.method} '{path}'",
-            headers={"WWW-Authenticate": "Bearer"},
-        )
-
    return current_user


@ -96,7 +81,6 @@ async def get_current_active_user_from_websocket(
        websocket: WebSocket,
        token: str = Query(...),
        user_repo: UsersRepository = Depends(get_repository(UsersRepository)),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> Optional[schemas.User]:

    await websocket.accept()
@ -121,18 +105,6 @@ async def get_current_active_user_from_websocket(
                detail=f"'{username}' is not an active user"
            )

-        # remove the prefix (e.g. "/v3") from URL path
-        path = re.sub(r"^/v[0-9]", "", websocket.url.path)
-
-        # there are no HTTP methods for web sockets, assuming "GET"...
-        authorized = await rbac_repo.check_user_is_authorized(user.user_id, "GET", path)
-        if not authorized:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail=f"User is not authorized '{user.user_id}' on '{path}'",
-                headers={"WWW-Authenticate": "Bearer"},
-            )
-
        return user

    except HTTPException as e:
--- a/gns3server/api/routes/controller/dependencies/rbac.py
+++ b/gns3server/api/routes/controller/dependencies/rbac.py
@ -0,0 +1,78 @@
+#
+# Copyright (C) 2023 GNS3 Technologies Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+
+from fastapi import Request, WebSocket, Depends, HTTPException
+from gns3server import schemas
+from gns3server.db.repositories.rbac import RbacRepository
+from .authentication import get_current_active_user, get_current_active_user_from_websocket
+from .database import get_repository
+
+import logging
+
+log = logging.getLogger()
+
+
+def has_privilege(
+        privilege_name: str
+):
+    async def get_user_and_check_privilege(
+            request: Request,
+            current_user: schemas.User = Depends(get_current_active_user),
+            rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+    ):
+        if not current_user.is_superadmin:
+            path = re.sub(r"^/v[0-9]", "", request.url.path)  # remove the prefix (e.g. "/v3") from URL path
+            log.debug(f"Checking user {current_user.username} has privilege {privilege_name} on '{path}'")
+            if not await rbac_repo.check_user_has_privilege(current_user.user_id, path, privilege_name):
+                raise HTTPException(status_code=403, detail=f"Permission denied (privilege {privilege_name} is required)")
+        return current_user
+    return get_user_and_check_privilege
+
+
+def has_privilege_on_websocket(
+        privilege_name: str
+):
+    async def get_user_and_check_privilege(
+            websocket: WebSocket,
+            current_user: schemas.User = Depends(get_current_active_user_from_websocket),
+            rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+    ):
+        if not current_user.is_superadmin:
+            path = re.sub(r"^/v[0-9]", "", websocket.url.path)  # remove the prefix (e.g. "/v3") from URL path
+            log.debug(f"Checking user {current_user.username} has privilege {privilege_name} on '{path}'")
+            if not await rbac_repo.check_user_has_privilege(current_user.user_id, path, privilege_name):
+                raise HTTPException(status_code=403, detail=f"Permission denied (privilege {privilege_name} is required)")
+        return current_user
+    return get_user_and_check_privilege
+
+# class PrivilegeChecker:
+#
+#     def __init__(self, required_privilege: str) -> None:
+#         self._required_privilege = required_privilege
+#
+#     async def __call__(
+#             self,
+#             current_user: schemas.User = Depends(get_current_active_user),
+#             rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+#     ) -> bool:
+#
+#         if not await rbac_repo.check_user_has_privilege(current_user.user_id, "/projects", self._required_privilege):
+#             raise HTTPException(status_code=403, detail=f"Permission denied (privilege {self._required_privilege} is required)")
+#         return True
+
+# Depends(PrivilegeChecker("Project.Audit"))
--- a/gns3server/api/routes/controller/drawings.py
+++ b/gns3server/api/routes/controller/drawings.py
@ -18,33 +18,51 @@
 API routes for drawings.
 """

-from fastapi import APIRouter, Response, status
+from fastapi import APIRouter, Depends, status
 from fastapi.encoders import jsonable_encoder
 from typing import List
 from uuid import UUID

 from gns3server.controller import Controller
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server import schemas

+from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege
+
 responses = {404: {"model": schemas.ErrorMessage, "description": "Project or drawing not found"}}

 router = APIRouter(responses=responses)


-@router.get("", response_model=List[schemas.Drawing], response_model_exclude_unset=True)
+@router.get(
+    "",
+    response_model=List[schemas.Drawing],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Drawing.Audit"))]
+)
 async def get_drawings(project_id: UUID) -> List[schemas.Drawing]:
    """
    Return the list of all drawings for a given project.
+
+    Required privilege: Drawing.Audit
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
    return [v.asdict() for v in project.drawings.values()]


-@router.post("", status_code=status.HTTP_201_CREATED, response_model=schemas.Drawing)
+@router.post(
+    "",
+    status_code=status.HTTP_201_CREATED,
+    response_model=schemas.Drawing,
+    dependencies=[Depends(has_privilege("Drawing.Allocate"))]
+)
 async def create_drawing(project_id: UUID, drawing_data: schemas.Drawing) -> schemas.Drawing:
    """
    Create a new drawing.
+
+    Required privilege: Drawing.Allocate
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
@ -52,10 +70,17 @@ async def create_drawing(project_id: UUID, drawing_data: schemas.Drawing) -> sch
    return drawing.asdict()


-@router.get("/{drawing_id}", response_model=schemas.Drawing, response_model_exclude_unset=True)
+@router.get(
+    "/{drawing_id}",
+    response_model=schemas.Drawing,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Drawing.Audit"))]
+)
 async def get_drawing(project_id: UUID, drawing_id: UUID) -> schemas.Drawing:
    """
    Return a drawing.
+
+    Required privilege: Drawing.Audit
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
@ -63,10 +88,17 @@ async def get_drawing(project_id: UUID, drawing_id: UUID) -> schemas.Drawing:
    return drawing.asdict()


-@router.put("/{drawing_id}", response_model=schemas.Drawing, response_model_exclude_unset=True)
+@router.put(
+    "/{drawing_id}",
+    response_model=schemas.Drawing,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Drawing.Modify"))]
+)
 async def update_drawing(project_id: UUID, drawing_id: UUID, drawing_data: schemas.Drawing) -> schemas.Drawing:
    """
    Update a drawing.
+
+    Required privilege: Drawing.Modify
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
@ -75,11 +107,22 @@ async def update_drawing(project_id: UUID, drawing_id: UUID, drawing_data: schem
    return drawing.asdict()


-@router.delete("/{drawing_id}", status_code=status.HTTP_204_NO_CONTENT)
-async def delete_drawing(project_id: UUID, drawing_id: UUID) -> None:
+@router.delete(
+    "/{drawing_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Drawing.Allocate"))]
+)
+async def delete_drawing(
+        project_id: UUID,
+        drawing_id: UUID,
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> None:
    """
    Delete a drawing.
+
+    Required privilege: Drawing.Allocate
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
    await project.delete_drawing(str(drawing_id))
+    await rbac_repo.delete_all_ace_starting_with_path(f"/drawings/{drawing_id}")
--- a/gns3server/api/routes/controller/groups.py
+++ b/gns3server/api/routes/controller/groups.py
@ -19,7 +19,7 @@
 API routes for user groups.
 """

-from fastapi import APIRouter, Depends, Response, status
+from fastapi import APIRouter, Depends, status
 from uuid import UUID
 from typing import List

@ -33,6 +33,8 @@ from gns3server.controller.controller_error import (

 from gns3server.db.repositories.users import UsersRepository
 from gns3server.db.repositories.rbac import RbacRepository
+
+from .dependencies.rbac import has_privilege
 from .dependencies.database import get_repository

 import logging
@ -42,12 +44,18 @@ log = logging.getLogger(__name__)
 router = APIRouter()


-@router.get("", response_model=List[schemas.UserGroup])
+@router.get(
+    "",
+    response_model=List[schemas.UserGroup],
+    dependencies=[Depends(has_privilege("Group.Audit"))]
+)
 async def get_user_groups(
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> List[schemas.UserGroup]:
    """
    Get all user groups.
+
+    Required privilege: Group.Audit
    """

    return await users_repo.get_user_groups()
@ -56,7 +64,8 @@ async def get_user_groups(
@router.post(
    "",
    response_model=schemas.UserGroup,
-    status_code=status.HTTP_201_CREATED
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Group.Allocate"))]
 )
 async def create_user_group(
        user_group_create: schemas.UserGroupCreate,
@ -64,6 +73,8 @@ async def create_user_group(
 ) -> schemas.UserGroup:
    """
    Create a new user group.
+
+    Required privilege: Group.Allocate
    """

    if await users_repo.get_user_group_by_name(user_group_create.name):
@ -72,13 +83,19 @@ async def create_user_group(
    return await users_repo.create_user_group(user_group_create)


-@router.get("/{user_group_id}", response_model=schemas.UserGroup)
+@router.get(
+    "/{user_group_id}",
+    response_model=schemas.UserGroup,
+    dependencies=[Depends(has_privilege("Group.Audit"))]
+)
 async def get_user_group(
        user_group_id: UUID,
        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
 ) -> schemas.UserGroup:
    """
-    Get an user group.
+    Get a user group.
+
+    Required privilege: Group.Audit
    """

    user_group = await users_repo.get_user_group(user_group_id)
@ -87,14 +104,20 @@ async def get_user_group(
    return user_group


-@router.put("/{user_group_id}", response_model=schemas.UserGroup)
+@router.put(
+    "/{user_group_id}",
+    response_model=schemas.UserGroup,
+    dependencies=[Depends(has_privilege("Group.Modify"))]
+)
 async def update_user_group(
        user_group_id: UUID,
        user_group_update: schemas.UserGroupUpdate,
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> schemas.UserGroup:
    """
-    Update an user group.
+    Update a user group.
+
+    Required privilege: Group.Modify
    """
    user_group = await users_repo.get_user_group(user_group_id)
    if not user_group:
@ -108,14 +131,18 @@ async def update_user_group(

@router.delete(
    "/{user_group_id}",
-    status_code=status.HTTP_204_NO_CONTENT
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Group.Allocate"))]
 )
 async def delete_user_group(
-    user_group_id: UUID,
-    users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        user_group_id: UUID,
+        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> None:
    """
-    Delete an user group
+    Delete a user group.
+
+    Required privilege: Group.Allocate
    """

    user_group = await users_repo.get_user_group(user_group_id)
@ -128,15 +155,22 @@ async def delete_user_group(
    success = await users_repo.delete_user_group(user_group_id)
    if not success:
        raise ControllerError(f"User group '{user_group_id}' could not be deleted")
+    await rbac_repo.delete_all_ace_starting_with_path(f"/groups/{user_group_id}")


-@router.get("/{user_group_id}/members", response_model=List[schemas.User])
+@router.get(
+    "/{user_group_id}/members",
+    response_model=List[schemas.User],
+    dependencies=[Depends(has_privilege("Group.Audit"))]
+)
 async def get_user_group_members(
        user_group_id: UUID,
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> List[schemas.User]:
    """
    Get all user group members.
+
+    Required privilege: Group.Audit
    """

    return await users_repo.get_user_group_members(user_group_id)
@ -144,7 +178,8 @@ async def get_user_group_members(

@router.put(
    "/{user_group_id}/members/{user_id}",
-    status_code=status.HTTP_204_NO_CONTENT
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Group.Modify"))]
 )
 async def add_member_to_group(
        user_group_id: UUID,
@ -152,7 +187,9 @@ async def add_member_to_group(
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> None:
    """
-    Add member to an user group.
+    Add member to a user group.
+
+    Required privilege: Group.Modify
    """

    user = await users_repo.get_user(user_id)
@ -166,7 +203,8 @@ async def add_member_to_group(

@router.delete(
    "/{user_group_id}/members/{user_id}",
-    status_code=status.HTTP_204_NO_CONTENT
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Group.Modify"))]
 )
 async def remove_member_from_group(
    user_group_id: UUID,
@ -174,7 +212,9 @@ async def remove_member_from_group(
    users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
 ) -> None:
    """
-    Remove member from an user group.
+    Remove member from a user group.
+
+    Required privilege: Group.Modify
    """

    user = await users_repo.get_user(user_id)
@ -184,61 +224,3 @@ async def remove_member_from_group(
    user_group = await users_repo.remove_member_from_user_group(user_group_id, user)
    if not user_group:
        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")
-
-
-@router.get("/{user_group_id}/roles", response_model=List[schemas.Role])
-async def get_user_group_roles(
-        user_group_id: UUID,
-        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
-) -> List[schemas.Role]:
-    """
-    Get all user group roles.
-    """
-
-    return await users_repo.get_user_group_roles(user_group_id)
-
-
-@router.put(
-    "/{user_group_id}/roles/{role_id}",
-    status_code=status.HTTP_204_NO_CONTENT
-)
-async def add_role_to_group(
-        user_group_id: UUID,
-        role_id: UUID,
-        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> Response:
-    """
-    Add role to an user group.
-    """
-
-    role = await rbac_repo.get_role(role_id)
-    if not role:
-        raise ControllerNotFoundError(f"Role '{role_id}' not found")
-
-    user_group = await users_repo.add_role_to_user_group(user_group_id, role)
-    if not user_group:
-        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")
-
-
-@router.delete(
-    "/{user_group_id}/roles/{role_id}",
-    status_code=status.HTTP_204_NO_CONTENT
-)
-async def remove_role_from_group(
-    user_group_id: UUID,
-    role_id: UUID,
-    users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
-    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> None:
-    """
-    Remove role from an user group.
-    """
-
-    role = await rbac_repo.get_role(role_id)
-    if not role:
-        raise ControllerNotFoundError(f"Role '{role_id}' not found")
-
-    user_group = await users_repo.remove_role_from_user_group(user_group_id, role)
-    if not user_group:
-        raise ControllerNotFoundError(f"User group '{user_group_id}' not found")
--- a/gns3server/api/routes/controller/images.py
+++ b/gns3server/api/routes/controller/images.py
@ -22,7 +22,7 @@ import os
 import logging
 import urllib.parse

-from fastapi import APIRouter, Request, Response, Depends, status
+from fastapi import APIRouter, Request, Depends, status
 from starlette.requests import ClientDisconnect
 from sqlalchemy.orm.exc import MultipleResultsFound
 from typing import List, Optional
@ -43,25 +43,37 @@ from gns3server.controller.controller_error import (

 from .dependencies.authentication import get_current_active_user
 from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege

 log = logging.getLogger(__name__)

 router = APIRouter()


-@router.get("", response_model=List[schemas.Image])
+@router.get(
+    "",
+    response_model=List[schemas.Image],
+    dependencies=[Depends(has_privilege("Image.Audit"))]
+)
 async def get_images(
        images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
        image_type: Optional[schemas.ImageType] = None
 ) -> List[schemas.Image]:
    """
    Return all images.
+
+    Required privilege: Image.Audit
    """

    return await images_repo.get_images(image_type)


-@router.post("/upload/{image_path:path}", response_model=schemas.Image, status_code=status.HTTP_201_CREATED)
+@router.post(
+    "/upload/{image_path:path}",
+    response_model=schemas.Image,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Image.Allocate"))]
+)
 async def upload_image(
        image_path: str,
        request: Request,
@ -76,6 +88,8 @@ async def upload_image(

    Example: curl -X POST http://host:port/v3/images/upload/my_image_name.qcow2 \
    -H 'Authorization: Bearer <token>' --data-binary @"/path/to/image.qcow2"
+
+    Required privilege: Image.Allocate
    """

    image_path = urllib.parse.unquote(image_path)
@ -110,13 +124,19 @@ async def upload_image(
    return image


-@router.get("/{image_path:path}", response_model=schemas.Image)
+@router.get(
+    "/{image_path:path}",
+    response_model=schemas.Image,
+    dependencies=[Depends(has_privilege("Image.Audit"))]
+)
 async def get_image(
        image_path: str,
        images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
 ) -> schemas.Image:
    """
    Return an image.
+
+    Required privilege: Image.Audit
    """

    image_path = urllib.parse.unquote(image_path)
@ -126,13 +146,19 @@ async def get_image(
    return image


-@router.delete("/{image_path:path}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{image_path:path}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Image.Allocate"))]
+)
 async def delete_image(
        image_path: str,
        images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
 ) -> None:
    """
    Delete an image.
+
+    Required privilege: Image.Allocate
    """

    image_path = urllib.parse.unquote(image_path)
@ -161,12 +187,18 @@ async def delete_image(
        raise ControllerError(f"Image '{image_path}' could not be deleted")


-@router.post("/prune", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/prune",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Image.Allocate"))]
+)
 async def prune_images(
        images_repo: ImagesRepository = Depends(get_repository(ImagesRepository)),
 ) -> None:
    """
    Prune images not attached to any template.
+
+    Required privilege: Image.Allocate
    """

    await images_repo.prune_images()
--- a/gns3server/api/routes/controller/links.py
+++ b/gns3server/api/routes/controller/links.py
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2016 GNS3 Technologies Inc.
+# Copyright (C) 2023 GNS3 Technologies Inc.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -21,7 +21,7 @@ API routes for links.
 import multidict
 import aiohttp

-from fastapi import APIRouter, Depends, Request, Response, status
+from fastapi import APIRouter, Depends, Request, status
 from fastapi.responses import StreamingResponse
 from fastapi.encoders import jsonable_encoder
 from typing import List
@ -29,10 +29,14 @@ from uuid import UUID

 from gns3server.controller import Controller
 from gns3server.controller.controller_error import ControllerError
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.controller.link import Link
 from gns3server.utils.http_client import HTTPClient
 from gns3server import schemas

+from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege
+
 import logging

 log = logging.getLogger(__name__)
@ -52,10 +56,17 @@ async def dep_link(project_id: UUID, link_id: UUID) -> Link:
    return link


-@router.get("", response_model=List[schemas.Link], response_model_exclude_unset=True)
+@router.get(
+    "",
+    response_model=List[schemas.Link],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Link.Audit"))]
+)
 async def get_links(project_id: UUID) -> List[schemas.Link]:
    """
    Return all links for a given project.
+
+    Required privilege: Link.Audit
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
@ -70,10 +81,13 @@ async def get_links(project_id: UUID) -> List[schemas.Link]:
        404: {"model": schemas.ErrorMessage, "description": "Could not find project"},
        409: {"model": schemas.ErrorMessage, "description": "Could not create link"},
    },
+    dependencies=[Depends(has_privilege("Link.Allocate"))]
 )
 async def create_link(project_id: UUID, link_data: schemas.LinkCreate) -> schemas.Link:
    """
    Create a new link.
+
+    Required privilege: Link.Allocate
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
@ -99,28 +113,47 @@ async def create_link(project_id: UUID, link_data: schemas.LinkCreate) -> schema
    return link.asdict()


-@router.get("/{link_id}/available_filters")
+@router.get(
+    "/{link_id}/available_filters",
+    dependencies=[Depends(has_privilege("Link.Audit"))]
+)
 async def get_filters(link: Link = Depends(dep_link)) -> List[dict]:
    """
    Return all filters available for a given link.
+
+    Required privilege: Link.Audit
    """

    return link.available_filters()


-@router.get("/{link_id}", response_model=schemas.Link, response_model_exclude_unset=True)
+@router.get(
+    "/{link_id}",
+    response_model=schemas.Link,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Link.Audit"))]
+)
 async def get_link(link: Link = Depends(dep_link)) -> schemas.Link:
    """
    Return a link.
+
+    Required privilege: Link.Audit
    """

    return link.asdict()


-@router.put("/{link_id}", response_model=schemas.Link, response_model_exclude_unset=True)
+@router.put(
+    "/{link_id}",
+    response_model=schemas.Link,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Link.Modify"))]
+)
 async def update_link(link_data: schemas.LinkUpdate, link: Link = Depends(dep_link)) -> schemas.Link:
    """
    Update a link.
+
+    Required privilege: Link.Modify
    """

    link_data = jsonable_encoder(link_data, exclude_unset=True)
@ -135,30 +168,54 @@ async def update_link(link_data: schemas.LinkUpdate, link: Link = Depends(dep_li
    return link.asdict()


-@router.delete("/{link_id}", status_code=status.HTTP_204_NO_CONTENT)
-async def delete_link(project_id: UUID, link: Link = Depends(dep_link)) -> None:
+@router.delete(
+    "/{link_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Link.Allocate"))]
+)
+async def delete_link(
+        project_id: UUID,
+        link: Link = Depends(dep_link),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+) -> None:
    """
    Delete a link.
+
+    Required privilege: Link.Allocate
    """

    project = await Controller.instance().get_loaded_project(str(project_id))
    await project.delete_link(link.id)
+    await rbac_repo.delete_all_ace_starting_with_path(f"/links/{link.id}")


-@router.post("/{link_id}/reset", response_model=schemas.Link)
+@router.post(
+    "/{link_id}/reset",
+    response_model=schemas.Link,
+    dependencies=[Depends(has_privilege("Link.Modify"))]
+)
 async def reset_link(link: Link = Depends(dep_link)) -> schemas.Link:
    """
    Reset a link.
+
+    Required privilege: Link.Modify
    """

    await link.reset()
    return link.asdict()


-@router.post("/{link_id}/capture/start", status_code=status.HTTP_201_CREATED, response_model=schemas.Link)
+@router.post(
+    "/{link_id}/capture/start",
+    status_code=status.HTTP_201_CREATED,
+    response_model=schemas.Link,
+    dependencies=[Depends(has_privilege("Link.Capture"))]
+)
 async def start_capture(capture_data: dict, link: Link = Depends(dep_link)) -> schemas.Link:
    """
    Start packet capture on the link.
+
+    Required privilege: Link.Capture
    """

    await link.start_capture(
@ -168,19 +225,30 @@ async def start_capture(capture_data: dict, link: Link = Depends(dep_link)) -> s
    return link.asdict()


-@router.post("/{link_id}/capture/stop", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{link_id}/capture/stop",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Link.Capture"))]
+)
 async def stop_capture(link: Link = Depends(dep_link)) -> None:
    """
    Stop packet capture on the link.
+
+    Required privilege: Link.Capture
    """

    await link.stop_capture()


-@router.get("/{link_id}/capture/stream")
+@router.get(
+    "/{link_id}/capture/stream",
+    dependencies=[Depends(has_privilege("Link.Capture"))]
+)
 async def stream_pcap(request: Request, link: Link = Depends(dep_link)) -> StreamingResponse:
    """
    Stream the PCAP capture file from compute.
+
+    Required privilege: Link.Capture
    """

    if not link.capturing:
--- a/gns3server/api/routes/controller/nodes.py
+++ b/gns3server/api/routes/controller/nodes.py
@ -20,6 +20,7 @@ API routes for nodes.

 import aiohttp
 import asyncio
+import ipaddress

 from fastapi import APIRouter, Depends, WebSocket, WebSocketDisconnect, Request, Response, status
 from fastapi.encoders import jsonable_encoder
@ -33,8 +34,12 @@ from gns3server.controller.project import Project
 from gns3server.utils import force_unix_path
 from gns3server.utils.http_client import HTTPClient
 from gns3server.controller.controller_error import ControllerForbiddenError, ControllerBadRequestError
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server import schemas

+from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege, has_privilege_on_websocket
+
 import logging

 log = logging.getLogger(__name__)
@ -107,10 +112,13 @@ async def dep_node(node_id: UUID, project: Project = Depends(dep_project)) -> No
        404: {"model": schemas.ErrorMessage, "description": "Could not find project"},
        409: {"model": schemas.ErrorMessage, "description": "Could not create node"},
    },
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
 )
 async def create_node(node_data: schemas.NodeCreate, project: Project = Depends(dep_project)) -> schemas.Node:
    """
    Create a new node.
+
+    Required privilege: Node.Allocate
    """

    controller = Controller.instance()
@ -120,65 +128,89 @@ async def create_node(node_data: schemas.NodeCreate, project: Project = Depends(
    return node.asdict()


-@router.get("", response_model=List[schemas.Node], response_model_exclude_unset=True)
-async def get_nodes(project: Project = Depends(dep_project)) -> List[schemas.Node]:
+@router.get(
+    "",
+    response_model=List[schemas.Node],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Node.Audit"))]
+)
+def get_nodes(project: Project = Depends(dep_project)) -> List[schemas.Node]:
    """
    Return all nodes belonging to a given project.
+
+    Required privilege: Node.Audit
    """

    return [v.asdict() for v in project.nodes.values()]


-@router.post("/start", status_code=status.HTTP_204_NO_CONTENT)
+@router.post("/start", status_code=status.HTTP_204_NO_CONTENT, dependencies=[Depends(has_privilege("Node.PowerMgmt"))])
 async def start_all_nodes(project: Project = Depends(dep_project)) -> None:
    """
    Start all nodes belonging to a given project.
+
+    Required privilege: Node.PowerMgmt
    """

    await project.start_all()


-@router.post("/stop", status_code=status.HTTP_204_NO_CONTENT)
+@router.post("/stop", status_code=status.HTTP_204_NO_CONTENT, dependencies=[Depends(has_privilege("Node.PowerMgmt"))])
 async def stop_all_nodes(project: Project = Depends(dep_project)) -> None:
    """
    Stop all nodes belonging to a given project.
+
+    Required privilege: Node.PowerMgmt
    """

    await project.stop_all()


-@router.post("/suspend", status_code=status.HTTP_204_NO_CONTENT)
+@router.post("/suspend", status_code=status.HTTP_204_NO_CONTENT, dependencies=[Depends(has_privilege("Node.PowerMgmt"))])
 async def suspend_all_nodes(project: Project = Depends(dep_project)) -> None:
    """
    Suspend all nodes belonging to a given project.
+
+    Required privilege: Node.PowerMgmt
    """

    await project.suspend_all()


-@router.post("/reload", status_code=status.HTTP_204_NO_CONTENT)
+@router.post("/reload", status_code=status.HTTP_204_NO_CONTENT, dependencies=[Depends(has_privilege("Node.PowerMgmt"))])
 async def reload_all_nodes(project: Project = Depends(dep_project)) -> None:
    """
    Reload all nodes belonging to a given project.
+
+    Required privilege: Node.PowerMgmt
    """

    await project.stop_all()
    await project.start_all()


-@router.get("/{node_id}", response_model=schemas.Node)
+@router.get("/{node_id}", response_model=schemas.Node, dependencies=[Depends(has_privilege("Node.Audit"))])
 def get_node(node: Node = Depends(dep_node)) -> schemas.Node:
    """
    Return a node from a given project.
+
+    Required privilege: Node.Audit
    """

    return node.asdict()


-@router.put("/{node_id}", response_model=schemas.Node, response_model_exclude_unset=True)
+@router.put(
+    "/{node_id}",
+    response_model=schemas.Node,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Node.Modify"))]
+)
 async def update_node(node_data: schemas.NodeUpdate, node: Node = Depends(dep_node)) -> schemas.Node:
    """
    Update a node.
+
+    Required privilege: Node.Modify
    """

    node_data = jsonable_encoder(node_data, exclude_unset=True)
@ -196,85 +228,142 @@ async def update_node(node_data: schemas.NodeUpdate, node: Node = Depends(dep_no
    "/{node_id}",
    status_code=status.HTTP_204_NO_CONTENT,
    responses={**responses, 409: {"model": schemas.ErrorMessage, "description": "Cannot delete node"}},
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
 )
-async def delete_node(node_id: UUID, project: Project = Depends(dep_project)) -> None:
+async def delete_node(
+        node_id: UUID, project: Project = Depends(dep_project),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
+) -> None:
    """
    Delete a node from a project.
+
+    Required privilege: Node.Allocate
    """

    await project.delete_node(str(node_id))
+    await rbac_repo.delete_all_ace_starting_with_path(f"/projects/{project.id}/nodes/{node_id}")


-@router.post("/{node_id}/duplicate", response_model=schemas.Node, status_code=status.HTTP_201_CREATED)
+@router.post(
+    "/{node_id}/duplicate",
+    response_model=schemas.Node,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
+)
 async def duplicate_node(duplicate_data: schemas.NodeDuplicate, node: Node = Depends(dep_node)) -> schemas.Node:
    """
    Duplicate a node.
+
+    Required privilege: Node.Allocate
    """

    new_node = await node.project.duplicate_node(node, duplicate_data.x, duplicate_data.y, duplicate_data.z)
    return new_node.asdict()


-@router.post("/{node_id}/start", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/start",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.PowerMgmt"))]
+)
 async def start_node(start_data: dict, node: Node = Depends(dep_node)) -> None:
    """
    Start a node.
+
+    Required privilege: Node.PowerMgmt
    """

    await node.start(data=start_data)


-@router.post("/{node_id}/stop", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/stop",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.PowerMgmt"))]
+)
 async def stop_node(node: Node = Depends(dep_node)) -> None:
    """
    Stop a node.
+
+    Required privilege: Node.PowerMgmt
    """

    await node.stop()


-@router.post("/{node_id}/suspend", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/suspend",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.PowerMgmt"))]
+)
 async def suspend_node(node: Node = Depends(dep_node)) -> None:
    """
    Suspend a node.
+
+    Required privilege: Node.PowerMgmt
    """

    await node.suspend()


-@router.post("/{node_id}/reload", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/reload",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.PowerMgmt"))]
+)
 async def reload_node(node: Node = Depends(dep_node)) -> None:
    """
    Reload a node.
+
+    Required privilege: Node.PowerMgmt
    """

    await node.reload()


-@router.post("/{node_id}/isolate", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/isolate",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Link.Modify"))]
+)
 async def isolate_node(node: Node = Depends(dep_node)) -> None:
    """
    Isolate a node (suspend all attached links).
+
+    Required privilege: Link.Modify
    """

    for link in node.links:
        await link.update_suspend(True)


-@router.post("/{node_id}/unisolate", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/unisolate",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Link.Modify"))]
+)
 async def unisolate_node(node: Node = Depends(dep_node)) -> None:
    """
    Un-isolate a node (resume all attached suspended links).
+
+    Required privilege: Link.Modify
    """

    for link in node.links:
        await link.update_suspend(False)


-@router.get("/{node_id}/links", response_model=List[schemas.Link], response_model_exclude_unset=True)
+@router.get(
+    "/{node_id}/links",
+    response_model=List[schemas.Link],
+    response_model_exclude_unset=True,
+    dependencies = [Depends(has_privilege("Link.Audit"))]
+)
 async def get_node_links(node: Node = Depends(dep_node)) -> List[schemas.Link]:
    """
    Return all the links connected to a node.
+
+    Required privilege: Link.Audit
    """

    links = []
@ -283,10 +372,12 @@ async def get_node_links(node: Node = Depends(dep_node)) -> List[schemas.Link]:
    return links


-@router.get("/{node_id}/dynamips/auto_idlepc")
-async def auto_idlepc(node: Node = Depends(dep_node)) -> str:
+@router.get("/{node_id}/dynamips/auto_idlepc", dependencies=[Depends(has_privilege("Node.Audit"))])
+async def auto_idlepc(node: Node = Depends(dep_node)) -> dict:
    """
    Compute an Idle-PC value for a Dynamips node
+
+    Required privilege: Node.Audit
    """

    if node.node_type != "dynamips":
@ -294,10 +385,12 @@ async def auto_idlepc(node: Node = Depends(dep_node)) -> str:
    return await node.dynamips_auto_idlepc()


-@router.get("/{node_id}/dynamips/idlepc_proposals")
+@router.get("/{node_id}/dynamips/idlepc_proposals", dependencies=[Depends(has_privilege("Node.Audit"))])
 async def idlepc_proposals(node: Node = Depends(dep_node)) -> List[str]:
    """
    Compute a list of potential idle-pc values for a Dynamips node
+
+    Required privilege: Node.Audit
    """

    if node.node_type != "dynamips":
@ -305,7 +398,11 @@ async def idlepc_proposals(node: Node = Depends(dep_node)) -> List[str]:
    return await node.dynamips_idlepc_proposals()


-@router.post("/{node_id}/qemu/disk_image/{disk_name}", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/qemu/disk_image/{disk_name}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
+)
 async def create_disk_image(
        disk_name: str,
        disk_data: schemas.QemuDiskImageCreate,
@ -313,14 +410,20 @@ async def create_disk_image(
 ) -> None:
    """
    Create a Qemu disk image.
+
+    Required privilege: Node.Allocate
    """

    if node.node_type != "qemu":
        raise ControllerBadRequestError("Creating a disk image is only supported on a Qemu node")
-    await node.post(f"/disk_image/{disk_name}", data=disk_data.dict(exclude_unset=True))
+    await node.post(f"/disk_image/{disk_name}", data=disk_data.model_dump(exclude_unset=True))


-@router.put("/{node_id}/qemu/disk_image/{disk_name}", status_code=status.HTTP_204_NO_CONTENT)
+@router.put(
+    "/{node_id}/qemu/disk_image/{disk_name}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
+)
 async def update_disk_image(
        disk_name: str,
        disk_data: schemas.QemuDiskImageUpdate,
@ -328,20 +431,28 @@ async def update_disk_image(
 ) -> None:
    """
    Update a Qemu disk image.
+
+    Required privilege: Node.Allocate
    """

    if node.node_type != "qemu":
        raise ControllerBadRequestError("Updating a disk image is only supported on a Qemu node")
-    await node.put(f"/disk_image/{disk_name}", data=disk_data.dict(exclude_unset=True))
+    await node.put(f"/disk_image/{disk_name}", data=disk_data.model_dump(exclude_unset=True))


-@router.delete("/{node_id}/qemu/disk_image/{disk_name}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{node_id}/qemu/disk_image/{disk_name}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
+)
 async def delete_disk_image(
        disk_name: str,
        node: Node = Depends(dep_node)
 ) -> None:
    """
    Delete a Qemu disk image.
+
+    Required privilege: Node.Allocate
    """

    if node.node_type != "qemu":
@ -349,10 +460,12 @@ async def delete_disk_image(
    await node.delete(f"/disk_image/{disk_name}")


-@router.get("/{node_id}/files/{file_path:path}")
+@router.get("/{node_id}/files/{file_path:path}", dependencies=[Depends(has_privilege("Node.Audit"))])
 async def get_file(file_path: str, node: Node = Depends(dep_node)) -> Response:
    """
-    Return a file in the node directory
+    Return a file from the node directory.
+
+    Required privilege: Node.Audit
    """

    path = force_unix_path(file_path)
@ -368,10 +481,16 @@ async def get_file(file_path: str, node: Node = Depends(dep_node)) -> Response:
    return Response(res.body, media_type="application/octet-stream", status_code=res.status)


-@router.post("/{node_id}/files/{file_path:path}", status_code=status.HTTP_201_CREATED)
+@router.post(
+    "/{node_id}/files/{file_path:path}",
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Node.Modify"))]
+)
 async def post_file(file_path: str, request: Request, node: Node = Depends(dep_node)):
    """
    Write a file in the node directory.
+
+    Required privilege: Node.Modify
    """

    path = force_unix_path(file_path)
@ -388,10 +507,12 @@ async def post_file(file_path: str, request: Request, node: Node = Depends(dep_n
    # FIXME: response with correct status code (from compute)


-@router.websocket("/{node_id}/console/ws")
+@router.websocket("/{node_id}/console/ws", dependencies=[Depends(has_privilege_on_websocket("Node.Console"))])
 async def ws_console(websocket: WebSocket, node: Node = Depends(dep_node)) -> None:
    """
    WebSocket console.
+
+    Required privilege: Node.Console
    """

    compute = node.compute
@ -399,8 +520,18 @@ async def ws_console(websocket: WebSocket, node: Node = Depends(dep_node)) -> No
    log.info(
        f"New client {websocket.client.host}:{websocket.client.port} has connected to controller console WebSocket"
    )
+
+    compute_host = compute.host
+    try:
+        # handle IPv6 address
+        ip = ipaddress.ip_address(compute_host)
+        if isinstance(ip, ipaddress.IPv6Address):
+            compute_host = '[' + compute_host + ']'
+    except ValueError:
+        pass
+
    ws_console_compute_url = (
-        f"ws://{compute.host}:{compute.port}/v3/compute/projects/"
+        f"ws://{compute_host}:{compute.port}/v3/compute/projects/"
        f"{node.project.id}/{node.node_type}/nodes/{node.id}/console/ws"
    )

@ -436,16 +567,31 @@ async def ws_console(websocket: WebSocket, node: Node = Depends(dep_node)) -> No
        log.error(f"Client error received when forwarding to compute console WebSocket: {e}")


-@router.post("/console/reset", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/console/reset",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.Console"))]
+)
 async def reset_console_all_nodes(project: Project = Depends(dep_project)) -> None:
    """
    Reset console for all nodes belonging to the project.
+
+    Required privilege: Node.Console
    """

    await project.reset_console_all()


-@router.post("/{node_id}/console/reset", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{node_id}/console/reset",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Node.Console"))]
+)
 async def console_reset(node: Node = Depends(dep_node)) -> None:
+    """
+    Reset a console for a given node.
+
+    Required privilege: Node.Console
+    """

    await node.post("/console/reset")
--- a/gns3server/api/routes/controller/notifications.py
+++ b/gns3server/api/routes/controller/notifications.py
@ -1,85 +0,0 @@
-#
-# Copyright (C) 2020 GNS3 Technologies Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-"""
-API routes for controller notifications.
-"""
-
-from fastapi import APIRouter, Request, Depends, WebSocket, WebSocketDisconnect
-from fastapi.responses import StreamingResponse
-from websockets.exceptions import ConnectionClosed, WebSocketException
-
-from gns3server.controller import Controller
-from gns3server import schemas
-
-from .dependencies.authentication import get_current_active_user, get_current_active_user_from_websocket
-
-import logging
-
-log = logging.getLogger(__name__)
-
-router = APIRouter()
-
-
-@router.get("", dependencies=[Depends(get_current_active_user)])
-async def controller_http_notifications(request: Request) -> StreamingResponse:
-    """
-    Receive controller notifications about the controller from HTTP stream.
-    """
-
-    from gns3server.api.server import app
-    log.info(f"New client {request.client.host}:{request.client.port} has connected to controller HTTP "
-             f"notification stream")
-
-    async def event_stream():
-        try:
-            with Controller.instance().notification.controller_queue() as queue:
-                while not app.state.exiting:
-                    msg = await queue.get_json(5)
-                    yield f"{msg}\n".encode("utf-8")
-        finally:
-            log.info(f"Client {request.client.host}:{request.client.port} has disconnected from controller HTTP "
-                     f"notification stream")
-    return StreamingResponse(event_stream(), media_type="application/json")
-
-
-@router.websocket("/ws")
-async def controller_ws_notifications(
-        websocket: WebSocket,
-        current_user: schemas.User = Depends(get_current_active_user_from_websocket)
-) -> None:
-    """
-    Receive project notifications about the controller from WebSocket.
-    """
-
-    if current_user is None:
-        return
-
-    log.info(f"New client {websocket.client.host}:{websocket.client.port} has connected to controller WebSocket")
-    try:
-        with Controller.instance().notification.controller_queue() as queue:
-            while True:
-                notification = await queue.get_json(5)
-                await websocket.send_text(notification)
-    except (ConnectionClosed, WebSocketDisconnect):
-        log.info(f"Client {websocket.client.host}:{websocket.client.port} has disconnected from controller WebSocket")
-    except WebSocketException as e:
-        log.warning(f"Error while sending to controller event to WebSocket client: {e}")
-    finally:
-        try:
-            await websocket.close()
-        except OSError:
-            pass  # ignore OSError: [Errno 107] Transport endpoint is not connected
--- a/gns3server/api/routes/controller/permissions.py
+++ b/gns3server/api/routes/controller/permissions.py
@ -1,161 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright (C) 2021 GNS3 Technologies Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-"""
-API routes for permissions.
-"""
-
-import re
-
-from fastapi import APIRouter, Depends, Response, Request, status
-from fastapi.routing import APIRoute
-from uuid import UUID
-from typing import List
-
-
-from gns3server import schemas
-from gns3server.controller.controller_error import (
-    ControllerBadRequestError,
-    ControllerNotFoundError,
-    ControllerForbiddenError,
-)
-
-from gns3server.db.repositories.rbac import RbacRepository
-from .dependencies.database import get_repository
-from .dependencies.authentication import get_current_active_user
-
-import logging
-
-log = logging.getLogger(__name__)
-
-router = APIRouter()
-
-
-@router.get("", response_model=List[schemas.Permission])
-async def get_permissions(
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> List[schemas.Permission]:
-    """
-    Get all permissions.
-    """
-
-    return await rbac_repo.get_permissions()
-
-
-@router.post("", response_model=schemas.Permission, status_code=status.HTTP_201_CREATED)
-async def create_permission(
-        request: Request,
-        permission_create: schemas.PermissionCreate,
-        current_user: schemas.User = Depends(get_current_active_user),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> schemas.Permission:
-    """
-    Create a new permission.
-    """
-
-    # TODO: should we prevent having multiple permissions with same methods/path?
-    #if await rbac_repo.check_permission_exists(permission_create):
-    #    raise ControllerBadRequestError(f"Permission '{permission_create.methods} {permission_create.path} "
-    #                                    f"{permission_create.action}' already exists")
-
-    for route in request.app.routes:
-        if isinstance(route, APIRoute):
-
-            # remove the prefix (e.g. "/v3") from the route path
-            route_path = re.sub(r"^/v[0-9]", "", route.path)
-            # replace route path ID parameters by an UUID regex
-            route_path = re.sub(r"{\w+_id}", "[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}", route_path)
-            # replace remaining route path parameters by an word matching regex
-            route_path = re.sub(r"/{[\w:]+}", r"/\\w+", route_path)
-
-            # the permission can match multiple routes
-            if permission_create.path.endswith("/*"):
-                route_path += r"/.*"
-
-            if re.fullmatch(route_path, permission_create.path):
-                for method in permission_create.methods:
-                    if method in list(route.methods):
-                        # check user has the right to add the permission (i.e has already to right on the path)
-                        if not await rbac_repo.check_user_is_authorized(current_user.user_id, method, permission_create.path):
-                            raise ControllerForbiddenError(f"User '{current_user.username}' doesn't have the rights to "
-                                                           f"add a permission on {method} {permission_create.path} or "
-                                                           f"the endpoint doesn't exist")
-                        return await rbac_repo.create_permission(permission_create)
-
-    raise ControllerBadRequestError(f"Permission '{permission_create.methods} {permission_create.path}' "
-                                    f"doesn't match any existing endpoint")
-
-
-@router.get("/{permission_id}", response_model=schemas.Permission)
-async def get_permission(
-        permission_id: UUID,
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
-) -> schemas.Permission:
-    """
-    Get a permission.
-    """
-
-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
-    return permission
-
-
-@router.put("/{permission_id}", response_model=schemas.Permission)
-async def update_permission(
-        permission_id: UUID,
-        permission_update: schemas.PermissionUpdate,
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> schemas.Permission:
-    """
-    Update a permission.
-    """
-
-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
-
-    return await rbac_repo.update_permission(permission_id, permission_update)
-
-
-@router.delete("/{permission_id}", status_code=status.HTTP_204_NO_CONTENT)
-async def delete_permission(
-    permission_id: UUID,
-    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
-) -> None:
-    """
-    Delete a permission.
-    """
-
-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
-
-    success = await rbac_repo.delete_permission(permission_id)
-    if not success:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' could not be deleted")
-
-
-@router.post("/prune", status_code=status.HTTP_204_NO_CONTENT)
-async def prune_permissions(
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> None:
-    """
-    Prune orphaned permissions.
-    """
-
-    await rbac_repo.prune_permissions()
--- a/gns3server/api/routes/controller/projects.py
+++ b/gns3server/api/routes/controller/projects.py
@ -45,11 +45,11 @@ from gns3server.controller.import_project import import_project as import_contro
 from gns3server.controller.export_project import export_project as export_controller_project
 from gns3server.utils.asyncio import aiozipstream
 from gns3server.utils.path import is_safe_path
-from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.db.repositories.templates import TemplatesRepository
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.services.templates import TemplatesService

-from .dependencies.authentication import get_current_active_user, get_current_active_user_from_websocket
+from .dependencies.rbac import has_privilege, has_privilege_on_websocket
 from .dependencies.database import get_repository

 responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find project"}}
@ -66,29 +66,21 @@ def dep_project(project_id: UUID) -> Project:
    return project


-CHUNK_SIZE = 1024 * 8  # 8KB
-
-
-@router.get("", response_model=List[schemas.Project], response_model_exclude_unset=True)
-async def get_projects(
-        current_user: schemas.User = Depends(get_current_active_user),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> List[schemas.Project]:
+@router.get(
+    "",
+    response_model=List[schemas.Project],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Project.Audit"))]
+)
+async def get_projects() -> List[schemas.Project]:
    """
    Return all projects.
+
+    Required privilege: Project.Audit
    """

    controller = Controller.instance()
-    if current_user.is_superadmin:
-        return [p.asdict() for p in controller.projects.values()]
-    else:
-        user_projects = []
-        for project in controller.projects.values():
-            authorized = await rbac_repo.check_user_is_authorized(
-                current_user.user_id, "GET", f"/projects/{project.id}")
-            if authorized:
-                user_projects.append(project.asdict())
-    return user_projects
+    return [p.asdict() for p in controller.projects.values()]


@router.post(
@ -97,63 +89,80 @@ async def get_projects(
    response_model=schemas.Project,
    response_model_exclude_unset=True,
    responses={409: {"model": schemas.ErrorMessage, "description": "Could not create project"}},
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
 )
 async def create_project(
        project_data: schemas.ProjectCreate,
-        current_user: schemas.User = Depends(get_current_active_user),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> schemas.Project:
    """
    Create a new project.
+
+    Required privilege: Project.Allocate
    """

    controller = Controller.instance()
    project = await controller.add_project(**jsonable_encoder(project_data, exclude_unset=True))
-    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/projects/{project.id}/*")
    return project.asdict()


-@router.get("/{project_id}", response_model=schemas.Project)
+@router.get("/{project_id}", response_model=schemas.Project, dependencies=[Depends(has_privilege("Project.Audit"))])
 def get_project(project: Project = Depends(dep_project)) -> schemas.Project:
    """
    Return a project.
+
+    Required privilege: Project.Audit
    """

    return project.asdict()


-@router.put("/{project_id}", response_model=schemas.Project, response_model_exclude_unset=True)
+@router.put(
+    "/{project_id}",
+    response_model=schemas.Project,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Project.Modify"))]
+)
 async def update_project(
        project_data: schemas.ProjectUpdate,
        project: Project = Depends(dep_project)
 ) -> schemas.Project:
    """
    Update a project.
+
+    Required privilege: Project.Modify
    """

    await project.update(**jsonable_encoder(project_data, exclude_unset=True))
    return project.asdict()


-@router.delete("/{project_id}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{project_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
+)
 async def delete_project(
        project: Project = Depends(dep_project),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
 ) -> None:
    """
    Delete a project.
+
+    Required privilege: Project.Allocate
    """

    controller = Controller.instance()
    await project.delete()
    controller.remove_project(project)
-    await rbac_repo.delete_all_permissions_with_path(f"/projects/{project.id}")
+    await rbac_repo.delete_all_ace_starting_with_path(f"/projects/{project.id}")


-@router.get("/{project_id}/stats")
+@router.get("/{project_id}/stats", dependencies=[Depends(has_privilege("Project.Audit"))])
 def get_project_stats(project: Project = Depends(dep_project)) -> dict:
    """
    Return a project statistics.
+
+    Required privilege: Project.Audit
    """

    return project.stats()
@ -163,10 +172,13 @@ def get_project_stats(project: Project = Depends(dep_project)) -> dict:
    "/{project_id}/close",
    status_code=status.HTTP_204_NO_CONTENT,
    responses={**responses, 409: {"model": schemas.ErrorMessage, "description": "Could not close project"}},
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
 )
 async def close_project(project: Project = Depends(dep_project)) -> None:
    """
    Close a project.
+
+    Required privilege: Project.Allocate
    """

    await project.close()
@ -177,10 +189,13 @@ async def close_project(project: Project = Depends(dep_project)) -> None:
    status_code=status.HTTP_201_CREATED,
    response_model=schemas.Project,
    responses={**responses, 409: {"model": schemas.ErrorMessage, "description": "Could not open project"}},
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
 )
 async def open_project(project: Project = Depends(dep_project)) -> schemas.Project:
    """
    Open a project.
+
+    Required privilege: Project.Allocate
    """

    await project.open()
@ -192,10 +207,13 @@ async def open_project(project: Project = Depends(dep_project)) -> schemas.Proje
    status_code=status.HTTP_201_CREATED,
    response_model=schemas.Project,
    responses={**responses, 409: {"model": schemas.ErrorMessage, "description": "Could not load project"}},
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
 )
 async def load_project(path: str = Body(..., embed=True)) -> schemas.Project:
    """
    Load a project (local server only).
+
+    Required privilege: Project.Allocate
    """

    controller = Controller.instance()
@ -204,10 +222,12 @@ async def load_project(path: str = Body(..., embed=True)) -> schemas.Project:
    return project.asdict()


-@router.get("/{project_id}/notifications")
+@router.get("/{project_id}/notifications", dependencies=[Depends(has_privilege("Project.Audit"))])
 async def project_http_notifications(project_id: UUID) -> StreamingResponse:
    """
    Receive project notifications about the controller from HTTP stream.
+
+    Required privilege: Project.Audit
    """

    from gns3server.api.server import app
@ -240,10 +260,12 @@ async def project_http_notifications(project_id: UUID) -> StreamingResponse:
 async def project_ws_notifications(
        project_id: UUID,
        websocket: WebSocket,
-        current_user: schemas.User = Depends(get_current_active_user_from_websocket)
+        current_user: schemas.User = Depends(has_privilege_on_websocket("Project.Audit"))
 ) -> None:
    """
    Receive project notifications about the controller from WebSocket.
+
+    Required privilege: Project.Audit
    """

    if current_user is None:
@ -276,7 +298,7 @@ async def project_ws_notifications(
                await project.close()


-@router.get("/{project_id}/export")
+@router.get("/{project_id}/export", dependencies=[Depends(has_privilege("Project.Audit"))])
 async def export_project(
    project: Project = Depends(dep_project),
    include_snapshots: bool = False,
@ -287,6 +309,8 @@ async def export_project(
 ) -> StreamingResponse:
    """
    Export a project as a portable archive.
+
+    Required privilege: Project.Audit
    """

    compression_query = compression.lower()
@ -333,7 +357,7 @@ async def export_project(

            log.info(f"Project '{project.name}' exported in {time.time() - begin:.4f} seconds")

-    # Will be raise if you have no space left or permission issue on your temporary directory
+    # Will be raised if you have no space left or permission issue on your temporary directory
    # RuntimeError: something was wrong during the zip process
    except (ValueError, OSError, RuntimeError) as e:
        raise ConnectionError(f"Cannot export project: {e}")
@ -342,7 +366,12 @@ async def export_project(
    return StreamingResponse(streamer(), media_type="application/gns3project", headers=headers)


-@router.post("/{project_id}/import", status_code=status.HTTP_201_CREATED, response_model=schemas.Project)
+@router.post(
+    "/{project_id}/import",
+    status_code=status.HTTP_201_CREATED,
+    response_model=schemas.Project,
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
+)
 async def import_project(
        project_id: UUID,
        request: Request,
@ -350,6 +379,8 @@ async def import_project(
 ) -> schemas.Project:
    """
    Import a project from a portable archive.
+
+    Required privilege: Project.Allocate
    """

    controller = Controller.instance()
@ -377,56 +408,72 @@ async def import_project(
    status_code=status.HTTP_201_CREATED,
    response_model=schemas.Project,
    responses={**responses, 409: {"model": schemas.ErrorMessage, "description": "Could not duplicate project"}},
+    dependencies=[Depends(has_privilege("Project.Allocate"))]
 )
 async def duplicate_project(
        project_data: schemas.ProjectDuplicate,
-        project: Project = Depends(dep_project),
-        current_user: schemas.User = Depends(get_current_active_user),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+        project: Project = Depends(dep_project)
 ) -> schemas.Project:
    """
    Duplicate a project.
+
+    Required privilege: Project.Allocate
    """

    reset_mac_addresses = project_data.reset_mac_addresses
    new_project = await project.duplicate(
        name=project_data.name, reset_mac_addresses=reset_mac_addresses
    )
-    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/projects/{new_project.id}/*")
    return new_project.asdict()


-@router.get("/{project_id}/locked")
+@router.get("/{project_id}/locked", dependencies=[Depends(has_privilege("Project.Audit"))])
 async def locked_project(project: Project = Depends(dep_project)) -> bool:
    """
-    Returns whether a project is locked or not
+    Returns whether a project is locked or not.
+
+    Required privilege: Project.Audit
    """

    return project.locked


-@router.post("/{project_id}/lock", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{project_id}/lock",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Project.Modify"))]
+)
 async def lock_project(project: Project = Depends(dep_project)) -> None:
    """
    Lock all drawings and nodes in a given project.
+
+    Required privilege: Project.Audit
    """

    project.lock()


-@router.post("/{project_id}/unlock", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{project_id}/unlock",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Project.Modify"))]
+)
 async def unlock_project(project: Project = Depends(dep_project)) -> None:
    """
    Unlock all drawings and nodes in a given project.
+
+    Required privilege: Project.Modify
    """

    project.unlock()


-@router.get("/{project_id}/files/{file_path:path}")
+@router.get("/{project_id}/files/{file_path:path}", dependencies=[Depends(has_privilege("Project.Audit"))])
 async def get_file(file_path: str, project: Project = Depends(dep_project)) -> FileResponse:
    """
    Return a file from a project.
+
+    Required privilege: Project.Audit
    """

    file_path = urllib.parse.unquote(file_path)
@ -443,10 +490,16 @@ async def get_file(file_path: str, project: Project = Depends(dep_project)) -> F
    return FileResponse(path, media_type="application/octet-stream")


-@router.post("/{project_id}/files/{file_path:path}", status_code=status.HTTP_204_NO_CONTENT)
+@router.post(
+    "/{project_id}/files/{file_path:path}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Project.Modify"))]
+)
 async def write_file(file_path: str, request: Request, project: Project = Depends(dep_project)) -> None:
    """
    Write a file to a project.
+
+    Required privilege: Project.Modify
    """

    file_path = urllib.parse.unquote(file_path)
@ -475,6 +528,7 @@ async def write_file(file_path: str, request: Request, project: Project = Depend
    response_model=schemas.Node,
    status_code=status.HTTP_201_CREATED,
    responses={404: {"model": schemas.ErrorMessage, "description": "Could not find project or template"}},
+    dependencies=[Depends(has_privilege("Node.Allocate"))]
 )
 async def create_node_from_template(
    project_id: UUID,
@ -484,6 +538,8 @@ async def create_node_from_template(
 ) -> schemas.Node:
    """
    Create a new node from a template.
+
+    Required privilege: Node.Allocate
    """

    template = await TemplatesService(templates_repo).get_template(template_id)
--- a/gns3server/api/routes/controller/roles.py
+++ b/gns3server/api/routes/controller/roles.py
@ -19,7 +19,7 @@
 API routes for roles.
 """

-from fastapi import APIRouter, Depends, Response, status
+from fastapi import APIRouter, Depends, status
 from uuid import UUID
 from typing import List

@ -33,6 +33,7 @@ from gns3server.controller.controller_error import (

 from gns3server.db.repositories.rbac import RbacRepository
 from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege

 import logging

@ -41,24 +42,37 @@ log = logging.getLogger(__name__)
 router = APIRouter()


-@router.get("", response_model=List[schemas.Role])
+@router.get(
+    "",
+    response_model=List[schemas.Role],
+    dependencies=[Depends(has_privilege("Role.Audit"))]
+)
 async def get_roles(
        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> List[schemas.Role]:
    """
    Get all roles.
+
+    Required privilege: Role.Audit
    """

    return await rbac_repo.get_roles()


-@router.post("", response_model=schemas.Role, status_code=status.HTTP_201_CREATED)
+@router.post(
+    "",
+    response_model=schemas.Role,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Role.Allocate"))]
+)
 async def create_role(
        role_create: schemas.RoleCreate,
        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> schemas.Role:
    """
    Create a new role.
+
+    Required privilege: Role.Allocate
    """

    if await rbac_repo.get_role_by_name(role_create.name):
@ -67,13 +81,19 @@ async def create_role(
    return await rbac_repo.create_role(role_create)


-@router.get("/{role_id}", response_model=schemas.Role)
+@router.get(
+    "/{role_id}",
+    response_model=schemas.Role,
+    dependencies=[Depends(has_privilege("Role.Audit"))]
+)
 async def get_role(
        role_id: UUID,
        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
 ) -> schemas.Role:
    """
    Get a role.
+
+    Required privilege: Role.Audit
    """

    role = await rbac_repo.get_role(role_id)
@ -82,7 +102,11 @@ async def get_role(
    return role


-@router.put("/{role_id}", response_model=schemas.Role)
+@router.put(
+    "/{role_id}",
+    response_model=schemas.Role,
+    dependencies=[Depends(has_privilege("Role.Modify"))]
+)
 async def update_role(
        role_id: UUID,
        role_update: schemas.RoleUpdate,
@ -90,6 +114,8 @@ async def update_role(
 ) -> schemas.Role:
    """
    Update a role.
+
+    Required privilege: Role.Modify
    """

    role = await rbac_repo.get_role(role_id)
@ -102,13 +128,19 @@ async def update_role(
    return await rbac_repo.update_role(role_id, role_update)


-@router.delete("/{role_id}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{role_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Role.Allocate"))]
+)
 async def delete_role(
    role_id: UUID,
    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
 ) -> None:
    """
    Delete a role.
+
+    Required privilege: Role.Allocate
    """

    role = await rbac_repo.get_role(role_id)
@ -121,59 +153,72 @@ async def delete_role(
    success = await rbac_repo.delete_role(role_id)
    if not success:
        raise ControllerError(f"Role '{role_id}' could not be deleted")
+    await rbac_repo.delete_all_ace_starting_with_path(f"/roles/{role_id}")


-@router.get("/{role_id}/permissions", response_model=List[schemas.Permission])
-async def get_role_permissions(
+@router.get(
+    "/{role_id}/privileges",
+    response_model=List[schemas.Privilege],
+    dependencies=[Depends(has_privilege("Role.Audit"))]
+)
+async def get_role_privileges(
        role_id: UUID,
        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> List[schemas.Permission]:
+) -> List[schemas.Privilege]:
    """
-    Get all role permissions.
+    Get all role privileges.
+
+    Required privilege: Role.Audit
    """

-    return await rbac_repo.get_role_permissions(role_id)
+    return await rbac_repo.get_role_privileges(role_id)


@router.put(
-    "/{role_id}/permissions/{permission_id}",
-    status_code=status.HTTP_204_NO_CONTENT
+    "/{role_id}/privileges/{privilege_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Role.Modify"))]
 )
-async def add_permission_to_role(
+async def add_privilege_to_role(
        role_id: UUID,
-        permission_id: UUID,
+        privilege_id: UUID,
        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> None:
    """
-    Add a permission to a role.
+    Add a privilege to a role.
+
+    Required privilege: Role.Modify
    """

-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
+    privilege = await rbac_repo.get_privilege(privilege_id)
+    if not privilege:
+        raise ControllerNotFoundError(f"Privilege '{privilege_id}' not found")

-    role = await rbac_repo.add_permission_to_role(role_id, permission)
+    role = await rbac_repo.add_privilege_to_role(role_id, privilege)
    if not role:
        raise ControllerNotFoundError(f"Role '{role_id}' not found")


@router.delete(
-    "/{role_id}/permissions/{permission_id}",
-    status_code=status.HTTP_204_NO_CONTENT
+    "/{role_id}/privileges/{privilege_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Role.Modify"))]
 )
-async def remove_permission_from_role(
+async def remove_privilege_from_role(
    role_id: UUID,
-    permission_id: UUID,
+    privilege_id: UUID,
    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
 ) -> None:
    """
-    Remove member from an user group.
+    Remove privilege from a role.
+
+    Required privilege: Role.Modify
    """

-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
+    privilege = await rbac_repo.get_privilege(privilege_id)
+    if not privilege:
+        raise ControllerNotFoundError(f"Privilege '{privilege_id}' not found")

-    role = await rbac_repo.remove_permission_from_role(role_id, permission)
+    role = await rbac_repo.remove_privilege_from_role(role_id, privilege)
    if not role:
        raise ControllerNotFoundError(f"Role '{role_id}' not found")
--- a/gns3server/api/routes/controller/snapshots.py
+++ b/gns3server/api/routes/controller/snapshots.py
@ -23,14 +23,18 @@ import logging

 log = logging.getLogger()

-from fastapi import APIRouter, Depends, Response, status
+from fastapi import APIRouter, Depends, status
 from typing import List
 from uuid import UUID

 from gns3server.controller.project import Project
+from gns3server.db.repositories.rbac import RbacRepository
 from gns3server import schemas
 from gns3server.controller import Controller

+from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege
+
 responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find project or snapshot"}}

 router = APIRouter(responses=responses)
@ -45,42 +49,74 @@ def dep_project(project_id: UUID) -> Project:
    return project


-@router.post("", status_code=status.HTTP_201_CREATED, response_model=schemas.Snapshot)
+@router.post(
+    "",
+    status_code=status.HTTP_201_CREATED,
+    response_model=schemas.Snapshot,
+    dependencies=[Depends(has_privilege("Snapshot.Allocate"))]
+)
 async def create_snapshot(
        snapshot_data: schemas.SnapshotCreate,
        project: Project = Depends(dep_project)
 ) -> schemas.Snapshot:
    """
    Create a new snapshot of a project.
+
+    Required privilege: Snapshot.Allocate
    """

    snapshot = await project.snapshot(snapshot_data.name)
    return snapshot.asdict()


-@router.get("", response_model=List[schemas.Snapshot], response_model_exclude_unset=True)
+@router.get(
+    "",
+    response_model=List[schemas.Snapshot],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Snapshot.Audit"))]
+)
 def get_snapshots(project: Project = Depends(dep_project)) -> List[schemas.Snapshot]:
    """
    Return all snapshots belonging to a given project.
+
+    Required privilege: Snapshot.Audit
    """

    snapshots = [s for s in project.snapshots.values()]
    return [s.asdict() for s in sorted(snapshots, key=lambda s: (s.created_at, s.name))]


-@router.delete("/{snapshot_id}", status_code=status.HTTP_204_NO_CONTENT)
-async def delete_snapshot(snapshot_id: UUID, project: Project = Depends(dep_project)) -> None:
+@router.delete(
+    "/{snapshot_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Snapshot.Allocate"))]
+)
+async def delete_snapshot(
+        snapshot_id: UUID,
+        project: Project = Depends(dep_project),
+        rbac_repo=Depends(get_repository(RbacRepository))
+) -> None:
    """
    Delete a snapshot.
+
+    Required privilege: Snapshot.Allocate
    """

    await project.delete_snapshot(str(snapshot_id))
+    await rbac_repo.delete_all_ace_starting_with_path(f"/projects/{project.id}/snapshots/{snapshot_id}")


-@router.post("/{snapshot_id}/restore", status_code=status.HTTP_201_CREATED, response_model=schemas.Project)
+@router.post(
+    "/{snapshot_id}/restore",
+    status_code=status.HTTP_201_CREATED,
+    response_model=schemas.Project,
+    dependencies=[Depends(has_privilege("Snapshot.Restore"))]
+)
 async def restore_snapshot(snapshot_id: UUID, project: Project = Depends(dep_project)) -> schemas.Project:
    """
    Restore a snapshot.
+
+    Required privilege: Snapshot.Restore
    """

    snapshot = project.get_snapshot(str(snapshot_id))
--- a/gns3server/api/routes/controller/symbols.py
+++ b/gns3server/api/routes/controller/symbols.py
@ -29,7 +29,7 @@ from gns3server.controller import Controller
 from gns3server import schemas
 from gns3server.controller.controller_error import ControllerError, ControllerNotFoundError

-from .dependencies.authentication import get_current_active_user
+from .dependencies.rbac import has_privilege

 import logging

@ -39,19 +39,28 @@ log = logging.getLogger(__name__)
 router = APIRouter()


-@router.get("")
-def get_symbols() -> List[str]:
+@router.get("", dependencies=[Depends(has_privilege("Symbol.Audit"))])
+def get_symbols() -> List[dict]:
+    """
+    Return all symbols.
+
+    Required privilege: Symbol.Audit
+    """

    controller = Controller.instance()
    return controller.symbols.list()


@router.get(
-    "/{symbol_id:path}/raw", responses={404: {"model": schemas.ErrorMessage, "description": "Could not find symbol"}}
+    "/{symbol_id:path}/raw",
+    responses={404: {"model": schemas.ErrorMessage, "description": "Could not find symbol"}},
+    dependencies=[Depends(has_privilege("Symbol.Audit"))]
 )
 async def get_symbol(symbol_id: str) -> FileResponse:
    """
    Download a symbol file.
+
+    Required privilege: Symbol.Audit
    """

    controller = Controller.instance()
@ -65,10 +74,13 @@ async def get_symbol(symbol_id: str) -> FileResponse:
@router.get(
    "/{symbol_id:path}/dimensions",
    responses={404: {"model": schemas.ErrorMessage, "description": "Could not find symbol"}},
+    dependencies=[Depends(has_privilege("Symbol.Audit"))]
 )
 async def get_symbol_dimensions(symbol_id: str) -> dict:
    """
    Get a symbol dimensions.
+
+    Required privilege: Symbol.Audit
    """

    controller = Controller.instance()
@ -80,10 +92,12 @@ async def get_symbol_dimensions(symbol_id: str) -> dict:
        raise ControllerNotFoundError(f"Could not get symbol file: {e}")


-@router.get("/default_symbols")
+@router.get("/default_symbols", dependencies=[Depends(has_privilege("Symbol.Audit"))])
 def get_default_symbols() -> dict:
    """
    Return all default symbols.
+
+    Required privilege: Symbol.Audit
    """

    controller = Controller.instance()
@ -92,12 +106,14 @@ def get_default_symbols() -> dict:

@router.post(
    "/{symbol_id:path}/raw",
-    dependencies=[Depends(get_current_active_user)],
-    status_code=status.HTTP_204_NO_CONTENT
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Symbol.Allocate"))]
 )
 async def upload_symbol(symbol_id: str, request: Request) -> None:
    """
    Upload a symbol file.
+
+    Required privilege: Symbol.Allocate
    """

    controller = Controller.instance()
@ -111,4 +127,3 @@ async def upload_symbol(symbol_id: str, request: Request) -> None:

    # Reset the symbol list
    controller.symbols.list()
-
--- a/gns3server/api/routes/controller/templates.py
+++ b/gns3server/api/routes/controller/templates.py
@ -36,6 +36,7 @@ from gns3server.db.repositories.rbac import RbacRepository
 from gns3server.db.repositories.images import ImagesRepository

 from .dependencies.authentication import get_current_active_user
+from .dependencies.rbac import has_privilege
 from .dependencies.database import get_repository

 responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find template"}}
@ -43,24 +44,32 @@ responses = {404: {"model": schemas.ErrorMessage, "description": "Could not find
 router = APIRouter(responses=responses)


-@router.post("", response_model=schemas.Template, status_code=status.HTTP_201_CREATED)
+@router.post(
+    "",
+    response_model=schemas.Template,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Template.Allocate"))]
+)
 async def create_template(
    template_create: schemas.TemplateCreate,
-    templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository)),
-    current_user: schemas.User = Depends(get_current_active_user),
-    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+    templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository))
 ) -> schemas.Template:
    """
    Create a new template.
+
+    Required privilege: Template.Allocate
    """

    template = await TemplatesService(templates_repo).create_template(template_create)
-    template_id = template.get("template_id")
-    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/templates/{template_id}/*")
    return template


-@router.get("/{template_id}", response_model=schemas.Template, response_model_exclude_unset=True)
+@router.get(
+    "/{template_id}",
+    response_model=schemas.Template,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Template.Audit"))]
+)
 async def get_template(
    template_id: UUID,
    request: Request,
@ -69,6 +78,8 @@ async def get_template(
 ) -> schemas.Template:
    """
    Return a template.
+
+    Required privilege: Template.Audit
    """

    request_etag = request.headers.get("If-None-Match", "")
@ -82,7 +93,12 @@ async def get_template(
        return template


-@router.put("/{template_id}", response_model=schemas.Template, response_model_exclude_unset=True)
+@router.put(
+    "/{template_id}",
+    response_model=schemas.Template,
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Template.Modify"))]
+)
 async def update_template(
    template_id: UUID,
    template_update: schemas.TemplateUpdate,
@ -90,12 +106,18 @@ async def update_template(
 ) -> schemas.Template:
    """
    Update a template.
+
+    Required privilege: Template.Modify
    """

    return await TemplatesService(templates_repo).update_template(template_id, template_update)


-@router.delete("/{template_id}", status_code=status.HTTP_204_NO_CONTENT)
+@router.delete(
+    "/{template_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("Template.Allocate"))]
+)
 async def delete_template(
        template_id: UUID,
        prune_images: Optional[bool] = False,
@ -105,15 +127,22 @@ async def delete_template(
 ) -> None:
    """
    Delete a template.
+
+    Required privilege: Template.Allocate
    """

    await TemplatesService(templates_repo).delete_template(template_id)
-    await rbac_repo.delete_all_permissions_with_path(f"/templates/{template_id}")
+    await rbac_repo.delete_all_ace_starting_with_path(f"/templates/{template_id}")
    if prune_images:
        await images_repo.prune_images()


-@router.get("", response_model=List[schemas.Template], response_model_exclude_unset=True)
+@router.get(
+    "",
+    response_model=List[schemas.Template],
+    response_model_exclude_unset=True,
+    dependencies=[Depends(has_privilege("Template.Audit"))]
+)
 async def get_templates(
        templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository)),
        current_user: schemas.User = Depends(get_current_active_user),
@ -121,6 +150,8 @@ async def get_templates(
 ) -> List[schemas.Template]:
    """
    Return all templates.
+
+    Required privilege: Template.Audit
    """

    templates = await TemplatesService(templates_repo).get_templates()
@ -129,27 +160,31 @@ async def get_templates(
    else:
        user_templates = []
        for template in templates:
-            if template.get("builtin") is True:
-                user_templates.append(template)
-                continue
-            template_id = template.get("template_id")
-            authorized = await rbac_repo.check_user_is_authorized(
-                current_user.user_id, "GET", f"/templates/{template_id}")
-            if authorized:
-                user_templates.append(template)
+            # if template.get("builtin") is True:
+            #     user_templates.append(template)
+            #     continue
+            # template_id = template.get("template_id")
+            # authorized = await rbac_repo.check_user_is_authorized(
+            #     current_user.user_id, "GET", f"/templates/{template_id}")
+            # if authorized:
+            user_templates.append(template)
    return user_templates


-@router.post("/{template_id}/duplicate", response_model=schemas.Template, status_code=status.HTTP_201_CREATED)
+@router.post(
+    "/{template_id}/duplicate",
+    response_model=schemas.Template,
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("Template.Allocate"))]
+)
 async def duplicate_template(
-        template_id: UUID, templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository)),
-        current_user: schemas.User = Depends(get_current_active_user),
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
+        template_id: UUID, templates_repo: TemplatesRepository = Depends(get_repository(TemplatesRepository))
 ) -> schemas.Template:
    """
    Duplicate a template.
+
+    Required privilege: Template.Allocate
    """

    template = await TemplatesService(templates_repo).duplicate_template(template_id)
-    await rbac_repo.add_permission_to_user_with_path(current_user.user_id, f"/templates/{template_id}/*")
    return template
--- a/gns3server/api/routes/controller/users.py
+++ b/gns3server/api/routes/controller/users.py
@ -1,6 +1,6 @@
 #!/usr/bin/env python
 #
-# Copyright (C) 2020 GNS3 Technologies Inc.
+# Copyright (C) 2023 GNS3 Technologies Inc.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -38,6 +38,7 @@ from gns3server.services import auth_service

 from .dependencies.authentication import get_current_active_user
 from .dependencies.database import get_repository
+from .dependencies.rbac import has_privilege

 import logging

@ -115,12 +116,18 @@ async def update_logged_in_user(
    return await users_repo.update_user(current_user.user_id, user_update)


-@router.get("", response_model=List[schemas.User], dependencies=[Depends(get_current_active_user)])
+@router.get(
+    "",
+    response_model=List[schemas.User],
+    dependencies=[Depends(has_privilege("User.Audit"))]
+)
 async def get_users(
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> List[schemas.User]:
    """
    Get all users.
+
+    Required privilege: User.Audit
    """

    return await users_repo.get_users()
@ -129,8 +136,8 @@ async def get_users(
@router.post(
    "",
    response_model=schemas.User,
-    dependencies=[Depends(get_current_active_user)],
-    status_code=status.HTTP_201_CREATED
+    status_code=status.HTTP_201_CREATED,
+    dependencies=[Depends(has_privilege("User.Allocate"))]
 )
 async def create_user(
        user_create: schemas.UserCreate,
@ -138,6 +145,8 @@ async def create_user(
 ) -> schemas.User:
    """
    Create a new user.
+
+    Required privilege: User.Allocate
    """

    if await users_repo.get_user_by_username(user_create.username):
@ -149,13 +158,19 @@ async def create_user(
    return await users_repo.create_user(user_create)


-@router.get("/{user_id}", dependencies=[Depends(get_current_active_user)], response_model=schemas.User)
+@router.get(
+    "/{user_id}",
+    response_model=schemas.User,
+    dependencies=[Depends(has_privilege("User.Audit"))]
+)
 async def get_user(
        user_id: UUID,
        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
 ) -> schemas.User:
    """
-    Get an user.
+    Get a user.
+
+    Required privilege: User.Audit
    """

    user = await users_repo.get_user(user_id)
@ -164,14 +179,20 @@ async def get_user(
    return user


-@router.put("/{user_id}", dependencies=[Depends(get_current_active_user)], response_model=schemas.User)
+@router.put(
+    "/{user_id}",
+    response_model=schemas.User,
+    dependencies=[Depends(has_privilege("User.Modify"))]
+)
 async def update_user(
        user_id: UUID,
        user_update: schemas.UserUpdate,
        users_repo: UsersRepository = Depends(get_repository(UsersRepository))
 ) -> schemas.User:
    """
-    Update an user.
+    Update a user.
+
+    Required privilege: User.Modify
    """

    if user_update.username and await users_repo.get_user_by_username(user_update.username):
@ -188,15 +209,18 @@ async def update_user(

@router.delete(
    "/{user_id}",
-    dependencies=[Depends(get_current_active_user)],
-    status_code=status.HTTP_204_NO_CONTENT
+    status_code=status.HTTP_204_NO_CONTENT,
+    dependencies=[Depends(has_privilege("User.Allocate"))]
 )
 async def delete_user(
-    user_id: UUID,
-    users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        user_id: UUID,
+        users_repo: UsersRepository = Depends(get_repository(UsersRepository)),
+        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
 ) -> None:
    """
-    Delete an user.
+    Delete a user.
+
+    Required privilege: User.Allocate
    """

    user = await users_repo.get_user(user_id)
@ -209,12 +233,13 @@ async def delete_user(
    success = await users_repo.delete_user(user_id)
    if not success:
        raise ControllerError(f"User '{user_id}' could not be deleted")
+    await rbac_repo.delete_all_ace_starting_with_path(f"/users/{user_id}")


@router.get(
    "/{user_id}/groups",
-    dependencies=[Depends(get_current_active_user)],
-    response_model=List[schemas.UserGroup]
+    response_model=List[schemas.UserGroup],
+    dependencies=[Depends(has_privilege("Group.Audit"))]
 )
 async def get_user_memberships(
        user_id: UUID,
@ -222,68 +247,8 @@ async def get_user_memberships(
 ) -> List[schemas.UserGroup]:
    """
    Get user memberships.
-    """
-
-    return await users_repo.get_user_memberships(user_id)
-
-
-@router.get(
-    "/{user_id}/permissions",
-    dependencies=[Depends(get_current_active_user)],
-    response_model=List[schemas.Permission]
-)
-async def get_user_permissions(
-        user_id: UUID,
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> List[schemas.Permission]:
-    """
-    Get user permissions.
-    """

-    return await rbac_repo.get_user_permissions(user_id)
-
-
-@router.put(
-    "/{user_id}/permissions/{permission_id}",
-    dependencies=[Depends(get_current_active_user)],
-    status_code=status.HTTP_204_NO_CONTENT
-)
-async def add_permission_to_user(
-        user_id: UUID,
-        permission_id: UUID,
-        rbac_repo: RbacRepository = Depends(get_repository(RbacRepository))
-) -> None:
+    Required privilege: Group.Audit
    """
-    Add a permission to an user.
-    """
-
-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")

-    user = await rbac_repo.add_permission_to_user(user_id, permission)
-    if not user:
-        raise ControllerNotFoundError(f"User '{user_id}' not found")
-
-
-@router.delete(
-    "/{user_id}/permissions/{permission_id}",
-    dependencies=[Depends(get_current_active_user)],
-    status_code=status.HTTP_204_NO_CONTENT
-)
-async def remove_permission_from_user(
-    user_id: UUID,
-    permission_id: UUID,
-    rbac_repo: RbacRepository = Depends(get_repository(RbacRepository)),
-) -> None:
-    """
-    Remove permission from an user.
-    """
-
-    permission = await rbac_repo.get_permission(permission_id)
-    if not permission:
-        raise ControllerNotFoundError(f"Permission '{permission_id}' not found")
-
-    user = await rbac_repo.remove_permission_from_user(user_id, permission)
-    if not user:
-        raise ControllerNotFoundError(f"User '{user_id}' not found")
+    return await users_repo.get_user_memberships(user_id)
--- a/gns3server/api/server.py
+++ b/gns3server/api/server.py
@ -21,9 +21,10 @@ FastAPI app

 import time

-from fastapi import FastAPI, Request, HTTPException
+from fastapi import FastAPI, Request, HTTPException, status
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.responses import JSONResponse
+from fastapi.exceptions import RequestValidationError
 from sqlalchemy.exc import SQLAlchemyError
 from uvicorn.main import Server as UvicornServer

@ -87,54 +88,54 @@ UvicornServer.handle_exit = handle_exit

@app.exception_handler(ControllerError)
 async def controller_error_handler(request: Request, exc: ControllerError):
-    log.error(f"Controller error: {exc}")
+    log.error(f"Controller error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=409,
+        status_code=status.HTTP_409_CONFLICT,
        content={"message": str(exc)},
    )


@app.exception_handler(ControllerTimeoutError)
 async def controller_timeout_error_handler(request: Request, exc: ControllerTimeoutError):
-    log.error(f"Controller timeout error: {exc}")
+    log.error(f"Controller timeout error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=408,
+        status_code=status.HTTP_408_REQUEST_TIMEOUT,
        content={"message": str(exc)},
    )


@app.exception_handler(ControllerUnauthorizedError)
 async def controller_unauthorized_error_handler(request: Request, exc: ControllerUnauthorizedError):
-    log.error(f"Controller unauthorized error: {exc}")
+    log.error(f"Controller unauthorized error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=401,
+        status_code=status.HTTP_401_UNAUTHORIZED,
        content={"message": str(exc)},
    )


@app.exception_handler(ControllerForbiddenError)
 async def controller_forbidden_error_handler(request: Request, exc: ControllerForbiddenError):
-    log.error(f"Controller forbidden error: {exc}")
+    log.error(f"Controller forbidden error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=403,
+        status_code=status.HTTP_403_FORBIDDEN,
        content={"message": str(exc)},
    )


@app.exception_handler(ControllerNotFoundError)
 async def controller_not_found_error_handler(request: Request, exc: ControllerNotFoundError):
-    log.error(f"Controller not found error: {exc}")
+    log.error(f"Controller not found error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=404,
+        status_code=status.HTTP_404_NOT_FOUND,
        content={"message": str(exc)},
    )


@app.exception_handler(ControllerBadRequestError)
 async def controller_bad_request_error_handler(request: Request, exc: ControllerBadRequestError):
-    log.error(f"Controller bad request error: {exc}")
+    log.error(f"Controller bad request error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=400,
+        status_code=status.HTTP_400_BAD_REQUEST,
        content={"message": str(exc)},
    )

@ -143,7 +144,7 @@ async def controller_bad_request_error_handler(request: Request, exc: Controller
 async def compute_conflict_error_handler(request: Request, exc: ComputeConflictError):
    log.error(f"Controller received error from compute for request '{exc.url()}': {exc}")
    return JSONResponse(
-        status_code=409,
+        status_code=status.HTTP_409_CONFLICT,
        content={"message": str(exc)},
    )

@ -160,12 +161,21 @@ async def http_exception_handler(request: Request, exc: HTTPException):

@app.exception_handler(SQLAlchemyError)
 async def sqlalchemry_error_handler(request: Request, exc: SQLAlchemyError):
-    log.error(f"Controller database error: {exc}")
+    log.error(f"Controller database error in {request.url.path} ({request.method}): {exc}")
    return JSONResponse(
-        status_code=500,
+        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
        content={"message": "Database error detected, please check logs to find details"},
    )

+
+@app.exception_handler(RequestValidationError)
+async def validation_exception_handler(request: Request, exc: RequestValidationError):
+    log.error(f"Request validation error in {request.url.path} ({request.method}): {exc}")
+    return JSONResponse(
+        status_code=status.HTTP_422_UNPROCESSABLE_ENTITY,
+        content={"message": str(exc)}
+    )
+
 # FIXME: do not use this middleware since it creates issue when using StreamingResponse
 # see https://starlette-context.readthedocs.io/en/latest/middleware.html#why-are-there-two-middlewares-that-do-the-same-thing

--- a/gns3server/appliances/IPCop.gns3a
+++ b/gns3server/appliances/IPCop.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "https://www.kali.org/",
    "documentation_url": "http://www.ipcop.org/docs.html",
    "product_name": "IP Cop",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "Brent Stewart",
    "maintainer_email": "brent@stewart.tc",
--- a/gns3server/appliances/a10-vthunder.gns3a
+++ b/gns3server/appliances/a10-vthunder.gns3a
@ -7,8 +7,8 @@
    "vendor_url": "https://www.a10networks.com/",
    "documentation_url": "https://www.a10networks.com/support",
    "product_name": "A10 vThunder",
-    "product_url": "https://www.a10networks.com/products/thunder-series-appliances/vthunder-virtualized-application_delivery_controller/",
-    "registry_version": 3,
+    "product_url": "https://www.a10networks.com/products/vthunder-trial/",
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/aaa.gns3a
+++ b/gns3server/appliances/aaa.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Ubuntu",
    "vendor_url": "https://www.ubuntu.com/",
    "product_name": "AAA",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "Andras Dosztal",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/alcatel-7750.gns3a
+++ b/gns3server/appliances/alcatel-7750.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://www.alcatel-lucent.com/support",
    "product_name": "Alcatel 7750",
    "product_url": "https://www.alcatel-lucent.com/products/7750-service-router",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/almalinux.gns3a
+++ b/gns3server/appliances/almalinux.gns3a
@ -25,26 +25,57 @@
    },
    "images": [
        {
-            "filename": "AlmaLinux-8-GenericCloud-8.5-20211119.x86_64.qcow2",
-            "version": "8.5",
-            "md5sum": "a64ece809ae06180ac59cfa622d98af0",
-            "filesize": 561774592,
+            "filename": "AlmaLinux-9-GenericCloud-9.2-20230513.x86_64.qcow2",
+            "version": "9.2",
+            "md5sum": "c5bc76e8c95ac9f810a3482c80a54cc7",
+            "filesize": 563347456,
+            "download_url": "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/",
+            "direct_download_url": "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-9.2-20230513.x86_64.qcow2"
+        },
+        {
+            "filename": "AlmaLinux-8-GenericCloud-8.8-20230524.x86_64.qcow2",
+            "version": "8.8",
+            "md5sum": "3958c5fc25770ef63cf97aa5d93f0a0b",
+            "filesize": 565444608,
+            "download_url": "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/",
+            "direct_download_url": "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-8.8-20230524.x86_64.qcow2"
+        },
+        {
+            "filename": "AlmaLinux-8-GenericCloud-8.7-20221111.x86_64.qcow2",
+            "version": "8.7",
+            "md5sum": "b2b8c7fd3b6869362f3f8ed47549c804",
+            "filesize": 566231040,
            "download_url": "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/",
-            "direct_download_url": "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-8.5-20211119.x86_64.qcow2"
+            "direct_download_url": "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-8.7-20221111.x86_64.qcow2"
        },
        {
            "filename": "almalinux-cloud-init-data.iso",
            "version": "1.0",
            "md5sum": "72fb52af76e9561d125dd99224e2c1d1",
            "filesize": 374784,
-            "download_url": "https://github.com/GNS3/gns3-registry/raw/master/cloud-init/AlmaLinux/almalinux-cloud-init-data.iso"
+            "download_url": "https://github.com/GNS3/gns3-registry/tree/master/cloud-init/AlmaLinux",
+            "direct_download_url": "https://github.com/GNS3/gns3-registry/raw/master/cloud-init/AlmaLinux/almalinux-cloud-init-data.iso"
        }
    ],
    "versions": [
        {
-            "name": "8.5",
+            "name": "9.2",
+            "images": {
+                "hda_disk_image": "AlmaLinux-9-GenericCloud-9.2-20230513.x86_64.qcow2",
+                "cdrom_image": "almalinux-cloud-init-data.iso"
+            }
+        },
+        {
+            "name": "8.8",
+            "images": {
+                "hda_disk_image": "AlmaLinux-8-GenericCloud-8.8-20230524.x86_64.qcow2",
+                "cdrom_image": "almalinux-cloud-init-data.iso"
+            }
+        },
+        {
+            "name": "8.7",
            "images": {
-                "hda_disk_image": "AlmaLinux-8-GenericCloud-8.5-20211119.x86_64.qcow2",
+                "hda_disk_image": "AlmaLinux-8-GenericCloud-8.7-20221111.x86_64.qcow2",
                "cdrom_image": "almalinux-cloud-init-data.iso"
            }
        }
--- a/gns3server/appliances/alpine-linux-virt.gns3a
+++ b/gns3server/appliances/alpine-linux-virt.gns3a
@ -12,7 +12,7 @@
    "availability": "free",
    "maintainer": "Adnan RIHAN",
    "maintainer_email": "adnan@rihan.fr",
-    "usage": "Autologin is enabled as \"root\" with no password.\n\nThe network interfaces aren't configured, you can do either of the following:\n- Use alpine's DHCP client: `udhcpc`\n- Configure them manually (ip address add …, ip route add …)\n- Modify interfaces file in /etc/network/interfaces\n- Use alpine's wizard: `setup-interfaces`",
+    "usage": "Autologin is enabled as \"root\" with no password.\n\nThe network interfaces aren't configured, you can do either of the following:\n- Use alpine's DHCP client: `udhcpc`\n- Configure them manually (ip address add \u2026, ip route add \u2026)\n- Modify interfaces file in /etc/network/interfaces\n- Use alpine's wizard: `setup-interfaces`",
    "symbol": "alpine-virt-qemu.svg",
    "port_name_format": "eth{0}",
    "qemu": {
--- a/gns3server/appliances/alpine-linux.gns3a
+++ b/gns3server/appliances/alpine-linux.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://alpinelinux.org",
    "documentation_url": "http://wiki.alpinelinux.org",
    "product_name": "Alpine Linux",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/arista-ceos.gns3a
+++ b/gns3server/appliances/arista-ceos.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Arista",
    "vendor_url": "http://www.arista.com/",
    "product_name": "cEOS",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/arista-veos.gns3a
+++ b/gns3server/appliances/arista-veos.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://www.arista.com/assets/data/docs/Manuals/EOS-4.17.2F-Manual.pdf",
    "product_name": "vEOS",
    "product_url": "https://eos.arista.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/aruba-arubaoscx.gns3a
+++ b/gns3server/appliances/aruba-arubaoscx.gns3a
@ -2,10 +2,12 @@
    "appliance_id": "8f074218-9d61-4e99-ab89-35ca19ad44ee",
    "name": "ArubaOS-CX Simulation Software",
    "category": "multilayer_switch",
-    "description": "The ArubaOS-CX Simulation Software is a virtual platform to enable simulation of the ArubaOS-CX Network Operating System. Simulated networks can be created using many of the protocols in the ArubaOS-CX Operating system like OSPF, BGP (inc. EVPN). Key features like the Aruba Network Analytics Engine and the REST API can be simulated, providing a lightweight development platform to building the modern network.",
+    "description": "The Aruba AOS-CX Switch Simulator is a virtual platform to enable simulation of the Aruba AOS-CX Network Operating System. Simulated networks can be created using many of the protocols in the ArubaOS-CX Operating system like OSPF, BGP (inc. EVPN). Key features like the Aruba Network Analytics Engine and the REST API can be simulated, providing a lightweight development platform to building the modern network.",
    "vendor_name": "HPE Aruba",
    "vendor_url": "https://www.arubanetworks.com",
-    "product_name": "ArubaOS-CX Simulation Software",
+    "documentation_url": "https://asp.arubanetworks.com/downloads;search=Aruba%20AOS%20CX%20Switch%20Simulator;products=Aruba%20Switches",
+    "product_name": "Aruba AOS-CX Switch Simulator",
+    "product_url": "https://www.arubanetworks.com/products/switches/",
    "registry_version": 4,
    "status": "stable",
    "availability": "service-contract",
@ -30,13 +32,27 @@
        "process_priority": "normal"
    },
    "images": [
+        {
+            "filename": "arubaoscx-disk-image-genericx86-p4-20230531220439.vmdk",
+            "version": "10.12.0006",
+            "md5sum": "c4f80fecd02ef93b431b75dd610e0063",
+            "filesize": 384638464,
+            "download_url": "https://asp.arubanetworks.com/"
+        },
+        {
+            "filename": "arubaoscx-disk-image-genericx86-p4-20221130174651.vmdk",
+            "version": "10.11.0001",
+            "md5sum": "ed5434173c898f47f19bfda51000611a",
+            "filesize": 364597760,
+            "download_url": "https://asp.arubanetworks.com/"
+        },
        {
            "filename": "arubaoscx-disk-image-genericx86-p4-20220815162137.vmdk",
            "version": "10.10.1000",
            "md5sum": "40f9ddf1e12640376af443b5d982f2f6",
            "filesize": 356162560,
            "download_url": "https://asp.arubanetworks.com/"
-        },    
+        },
        {
            "filename": "arubaoscx-disk-image-genericx86-p4-20220616193419.vmdk",
            "version": "10.10.0002",
@ -102,6 +118,18 @@
        }
    ],
    "versions": [
+        {
+            "name": "10.12.0006",
+            "images": {
+                "hda_disk_image": "arubaoscx-disk-image-genericx86-p4-20230531220439.vmdk"
+            }
+        },
+        {
+            "name": "10.11.0001",
+            "images": {
+                "hda_disk_image": "arubaoscx-disk-image-genericx86-p4-20221130174651.vmdk"
+            }
+        },
        {
            "name": "10.10.1000",
            "images": {
--- a/gns3server/appliances/asterisk.gns3a
+++ b/gns3server/appliances/asterisk.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://wiki.asterisk.org/wiki/display/AST/Installing+AsteriskNOW",
    "product_name": "AsteriskNOW / FreePBX",
    "product_url": "http://www.asterisk.org/downloads/asterisknow",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/bigswitch-bigcloud-fabric.gns3a
+++ b/gns3server/appliances/bigswitch-bigcloud-fabric.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.bigswitch.com/support",
    "product_name": "Big Cloud Fabric",
    "product_url": "http://www.bigswitch.com/sdn-products/big-cloud-fabrictm",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/bird.gns3a
+++ b/gns3server/appliances/bird.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://bird.network.cz/",
    "documentation_url": "http://bird.network.cz/?get_doc&f=bird.html",
    "product_name": "BIRD internet routing daemon",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/bird2.gns3a
+++ b/gns3server/appliances/bird2.gns3a
@ -0,0 +1,43 @@
+{
+    "appliance_id": "8fecbf89-5cd1-4aea-b735-5f36cf0efbb7",
+    "name": "BIRD2",
+    "category": "router",
+    "description": "The BIRD project aims to develop a fully functional dynamic IP routing daemon primarily targeted on (but not limited to) Linux, FreeBSD and other UNIX-like systems and distributed under the GNU General Public License.",
+    "vendor_name": "CZ.NIC Labs",
+    "vendor_url": "https://bird.network.cz",
+    "documentation_url": "https://bird.network.cz/?get_doc&f=bird.html&v=20",
+    "product_name": "BIRD internet routing daemon",
+    "registry_version": 4,
+    "status": "stable",
+    "maintainer": "Bernhard Ehlers",
+    "maintainer_email": "dev-ehlers@mailbox.org",
+    "usage": "Username:\tgns3\nPassword:\tgns3\nTo become root, use \"sudo -s\".\n\nNetwork configuration:\nsudo nano /etc/network/interfaces\nsudo systemctl restart networking\n\nBIRD:\nRestart: sudo systemctl restart bird\nReconfigure: birdc configure",
+    "port_name_format": "eth{0}",
+    "qemu": {
+        "adapter_type": "virtio-net-pci",
+        "adapters": 4,
+        "ram": 512,
+        "hda_disk_interface": "scsi",
+        "arch": "x86_64",
+        "console_type": "telnet",
+        "kvm": "allow"
+    },
+    "images": [
+        {
+            "filename": "bird2-debian-2.0.12.qcow2",
+            "version": "2.0.12",
+            "md5sum": "435218a2e90cba921cc7fde1d64a9419",
+            "filesize": 287965184,
+            "download_url": "https://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/",
+            "direct_download_url": "http://downloads.sourceforge.net/project/gns-3/Qemu%20Appliances/bird2-debian-2.0.12.qcow2"
+        }
+    ],
+    "versions": [
+        {
+            "name": "2.0.12",
+            "images": {
+                "hda_disk_image": "bird2-debian-2.0.12.qcow2"
+            }
+        }
+    ]
+}
--- a/gns3server/appliances/brocade-vadx.gns3a
+++ b/gns3server/appliances/brocade-vadx.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Brocade",
    "vendor_url": "https://www.brocade.com",
    "product_name": "Virtual ADX",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/brocade-vrouter.gns3a
+++ b/gns3server/appliances/brocade-vrouter.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.brocade.com/en/products-services/software-networking/network-functions-virtualization/vrouter.html",
    "product_name": "vRouter",
    "product_url": "http://www.brocade.com/en/products-services/software-networking/network-functions-virtualization/vrouter.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/brocade-vtm.gns3a
+++ b/gns3server/appliances/brocade-vtm.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.brocade.com/en/products-services/software-networking/application-delivery-controllers/virtual-traffic-manager.html",
    "product_name": "vTM DE",
    "product_url": "http://www.brocade.com/en/products-services/software-networking/application-delivery-controllers/virtual-traffic-manager.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/bsdrp.gns3a
+++ b/gns3server/appliances/bsdrp.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Olivier Cochard-Labbe",
    "vendor_url": "https://bsdrp.net/",
    "product_name": "BSDRP",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/centos-cloud.gns3a
+++ b/gns3server/appliances/centos-cloud.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://wiki.centos.org/Documentation",
    "product_name": "Centos Cloud",
    "product_url": "https://wiki.centos.org/Cloud",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -26,36 +26,70 @@
        "options": "-nographic"
    },
    "images": [
+        {
+            "filename": "CentOS-Stream-GenericCloud-9-20230727.1.x86_64.qcow2",
+            "version": "Stream-9 (20230727.1)",
+            "md5sum": "b66b7e4951cb5491ae44d5616d56b7cf",
+            "filesize": 1128764416,
+            "download_url": "https://cloud.centos.org/centos/9-stream/x86_64/images",
+            "direct_download_url": "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-20230727.1.x86_64.qcow2"
+        },
+        {
+            "filename": "CentOS-Stream-GenericCloud-8-20230710.0.x86_64.qcow2",
+            "version": "Stream-8 (20230710.0)",
+            "md5sum": "83e02ce98c29753c86fb7be7d802aa75",
+            "filesize": 1676164096,
+            "download_url": "https://cloud.centos.org/centos/8-stream/x86_64/images",
+            "direct_download_url": "https://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-20230710.0.x86_64.qcow2"
+        },
+        {
+            "filename": "CentOS-8-GenericCloud-8.4.2105-20210603.0.x86_64.qcow2",
+            "version": "8.4 (2105)",
+            "md5sum": "032eed270415526546eac07628905a62",
+            "filesize": 1309652992,
+            "download_url": "https://cloud.centos.org/centos/8/x86_64/images",
+            "direct_download_url": "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.4.2105-20210603.0.x86_64.qcow2"
+        },
        {
            "filename": "CentOS-7-x86_64-GenericCloud-2111.qcow2",
            "version": "7 (2111)",
            "md5sum": "730b8662695831670721c8245be61dac",
            "filesize": 897384448,
-            "download_url": "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2111.qcow2"
+            "download_url": "https://cloud.centos.org/centos/7/images",
+            "direct_download_url": "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-2111.qcow2"
        },
        {
            "filename": "CentOS-7-x86_64-GenericCloud-1809.qcow2",
            "version": "7 (1809)",
            "md5sum": "da79108d1324b27bd1759362b82fbe40",
            "filesize": 914948096,
-            "download_url": "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1809.qcow2"
-        },
-        {
-            "filename": "CentOS-8-GenericCloud-8.4.2105-20210603.0.x86_64.qcow2",
-            "version": "8.4 (2105)",
-            "md5sum": "032eed270415526546eac07628905a62",
-            "filesize": 1309652992,
-            "download_url": "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.4.2105-20210603.0.x86_64.qcow2"
+            "download_url": "https://cloud.centos.org/centos/7/images",
+            "direct_download_url": "https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1809.qcow2"
        },
        {
            "filename": "centos-cloud-init-data.iso",
-            "version": "1.0",
-            "md5sum": "15ca60c12db6d13b8eeae1a19613fd6e",
-            "filesize": 378880,
-            "download_url": "https://github.com/asenci/gns3-centos-cloud-init-data/raw/master/centos-cloud-init-data.iso"
+            "version": "1.1",
+            "md5sum": "59ea8223fd659d8bce9081ff175912e9",
+            "filesize": 374784,
+            "download_url": "https://github.com/GNS3/gns3-registry/tree/master/cloud-init/centos-cloud",
+            "direct_download_url": "https://github.com/GNS3/gns3-registry/raw/master/cloud-init/centos-cloud/centos-cloud-init-data.iso"
        }
    ],
    "versions": [
+        {
+            "name": "Stream-9 (20230727.1)",
+            "images": {
+                "hda_disk_image": "CentOS-Stream-GenericCloud-9-20230727.1.x86_64.qcow2",
+                "cdrom_image": "centos-cloud-init-data.iso"
+            }
+        },
+        {
+            "name": "Stream-8 (20230710.0)",
+            "images": {
+                "hda_disk_image": "CentOS-Stream-GenericCloud-8-20230710.0.x86_64.qcow2",
+                "cdrom_image": "centos-cloud-init-data.iso"
+            }
+        },
        {
            "name": "8.4 (2105)",
            "images": {
--- a/gns3server/appliances/chromium.gns3a
+++ b/gns3server/appliances/chromium.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Chromium",
    "vendor_url": "https://www.chromium.org/",
    "product_name": "Chromium",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-1700.gns3a
+++ b/gns3server/appliances/cisco-1700.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "1700",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-2600.gns3a
+++ b/gns3server/appliances/cisco-2600.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "2600",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-2691.gns3a
+++ b/gns3server/appliances/cisco-2691.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "2691",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-3620.gns3a
+++ b/gns3server/appliances/cisco-3620.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "3620",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-3640.gns3a
+++ b/gns3server/appliances/cisco-3640.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "3640",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-3660.gns3a
+++ b/gns3server/appliances/cisco-3660.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "3660",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-3725.gns3a
+++ b/gns3server/appliances/cisco-3725.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/index.html",
    "product_name": "3725",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-3745.gns3a
+++ b/gns3server/appliances/cisco-3745.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/support/routers/3745-multiservice-access-router/model.html",
    "product_name": "3745",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-7200.gns3a
+++ b/gns3server/appliances/cisco-7200.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com",
    "documentation_url": "http://www.cisco.com/c/en/us/products/routers/7200-series-routers/index.html",
    "product_name": "7200",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -21,6 +21,18 @@
        "npe": "npe-400"
    },
    "images": [
+        {
+            "filename": "c7200-adventerprisek9-mz.153-3.XB12.image",
+            "version": "153-3.XB12",
+            "md5sum": "3d234a3793331c972776354531f87221",
+            "filesize": 131471340
+        },
+        {
+            "filename": "c7200-advipservicesk9-mz.152-4.S5.image",
+            "version": "152-4.S5",
+            "md5sum": "cbbbea66a253f1dac0fcf81274dc778d",
+            "filesize": 87756936
+        },
        {
            "filename": "c7200-adventerprisek9-mz.124-24.T5.image",
            "version": "124-24.T5",
@ -29,6 +41,20 @@
        }
    ],
    "versions": [
+        {
+            "name": "153-3.XB12",
+            "idlepc": "0x60630d08",
+            "images": {
+                "image": "c7200-adventerprisek9-mz.153-3.XB12.image"
+            }
+        },
+        {
+            "name": "152-4.S5",
+            "idlepc": "0x62cc930c",
+            "images": {
+                "image": "c7200-advipservicesk9-mz.152-4.S5.image"
+            }
+        },
        {
            "name": "124-24.T5",
            "idlepc": "0x606df838",
--- a/gns3server/appliances/cisco-asa.gns3a
+++ b/gns3server/appliances/cisco-asa.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com/",
    "product_name": "ASA",
    "product_url": "http://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asa-software/index.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "broken",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-asav.gns3a
+++ b/gns3server/appliances/cisco-asav.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/support/security/virtual-adaptive-security-appliance-firewall/products-installation-guides-list.html",
    "product_name": "ASAv",
    "product_url": "http://www.cisco.com/c/en/us/products/security/virtual-adaptive-security-appliance-firewall/index.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -26,7 +26,7 @@
        "kvm": "require"
    },
    "images": [
-	    {
+        {
            "filename": "asav9-16-2.qcow2",
            "version": "9.16.2 CML",
            "md5sum": "1f8db97063a7f738fddc81ac880a906c",
--- a/gns3server/appliances/cisco-c8000v.gns3a
+++ b/gns3server/appliances/cisco-c8000v.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://www.cisco.com/c/en/us/td/docs/routers/C8000V/Configuration/c8000v-installation-configuration-guide.html",
    "product_name": "c8000v",
    "product_url": "https://www.cisco.com/c/en/us/support/routers/catalyst-8000v-edge-software/series.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -24,10 +24,17 @@
        "kvm": "require"
    },
    "images": [
+        {
+            "filename": "c8000v-universalk9_8G_serial.17.06.05.qcow2",
+            "version": "17.06.05 8G",
+            "md5sum": "aeb15ab8e1cbd0cd76f7260a81442f98",
+            "filesize": 1777795072,
+            "download_url": "https://software.cisco.com/download/home/286327102/type/282046477/release/Bengaluru-17.6.5"
+        },
        {
            "filename": "c8000v-universalk9_8G_serial.17.06.01a.qcow2",
            "version": "17.06.01a 8G",
-            "md5sum": "d8b8ae633d953ec1b6d8f18a09a4f4e7",
+            "md5sum": "e278fa644295c703976a86f7f1c1cd65",
            "filesize": 1595277312,
            "download_url": "https://software.cisco.com/download/home/286327102/type/282046477/release/Bengaluru-17.6.1a"
        },
@ -47,6 +54,12 @@
        }
    ],
    "versions": [
+        {
+            "name": "17.06.05 8G",
+            "images": {
+                "hda_disk_image": "c8000v-universalk9_8G_serial.17.06.05.qcow2"
+            }
+        },
        {
            "name": "17.06.01a 8G",
            "images": {
--- a/gns3server/appliances/cisco-cat9k.gns3a
+++ b/gns3server/appliances/cisco-cat9k.gns3a
@ -0,0 +1,45 @@
+{
+    "appliance_id": "57a85f0e-b8ae-4820-bd2b-816b2cceb842",
+    "name": "Cisco CAT IOS-XE 9000v",
+    "category": "multilayer_switch",
+    "description": "Cisco IOS-XE 9000v. This appliance requires 16GB of memory to run! Recommend 2 or more vCPUs for faster boot performance",
+    "vendor_name": "Cisco",
+    "vendor_url": "http://www.cisco.com/",
+    "documentation_url": "https://developer.cisco.com/docs/modeling-labs/2-5/#!cml-release-notes",
+    "product_name": "Cisco CAT IOS-XE 9000v",
+    "product_url": "http://virl.cisco.com/",
+    "registry_version": 4,
+    "status": "experimental",
+    "maintainer": "GNS3 Team",
+    "maintainer_email": "developers@gns3.net",
+    "usage": "There is no default configuration present. Virtual Switch and Interfaces may take several minutes to be usable after appliance boot.",
+    "first_port_name": "GigabitEthernet0/0",
+    "port_name_format": "GigabitEthernet1/0/{port1}",
+    "qemu": {
+        "adapter_type": "virtio-net-pci",
+        "adapters": 9,
+        "ram": 16384,
+	"cpus": 2,
+        "hda_disk_interface": "virtio",
+        "arch": "x86_64",
+        "console_type": "telnet",
+        "kvm": "require"
+		},
+    "images": [
+        {
+            "filename": "cat9kv-prd-17.10.01prd7.qcow2",
+            "version": "17.10(1)",
+            "md5sum": "ffdbace33d31deae33e2a920a96b79ef",
+            "filesize": 2155806720,
+            "download_url": "https://learningnetworkstore.cisco.com/myaccount"
+        }
+    ],
+    "versions": [
+        {
+            "name": "17.10(1)",
+            "images": {
+                "hda_disk_image": "cat9kv-prd-17.10.01prd7.qcow2"
+            }
+        }
+    ]
+}
--- a/gns3server/appliances/cisco-csr1000v.gns3a
+++ b/gns3server/appliances/cisco-csr1000v.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/support/routers/cloud-services-router-1000v-series/products-installation-and-configuration-guides-list.html",
    "product_name": "CSR1000v",
    "product_url": "http://www.cisco.com/c/en/us/support/routers/cloud-services-router-1000v-series/tsd-products-support-series-home.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-dcnm.gns3a
+++ b/gns3server/appliances/cisco-dcnm.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/support/cloud-systems-management/data-center-network-manager-10/model.html",
    "product_name": "DCNM",
    "product_url": "http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-data-center-network-manager/index.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-iosv.gns3a
+++ b/gns3server/appliances/cisco-iosv.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com/",
    "product_name": "IOSv",
    "product_url": "http://virl.cisco.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -32,6 +32,13 @@
            "download_url": "https://sourceforge.net/projects/gns-3/files",
            "direct_download_url": "https://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/IOSv_startup_config.img/download"
        },
+        {
+            "filename": "vios-adventerprisek9-m.spa.159-3.m6.qcow2",
+            "version": "15.9(3)M6",
+            "md5sum": "49a6977977263b2774bebc56e4e678ff",
+            "filesize": 57309696,
+            "download_url": "https://learningnetworkstore.cisco.com/myaccount"
+        },
        {
            "filename": "vios-adventerprisek9-m.spa.159-3.m4.qcow2",
            "version": "15.9(3)M4",
@ -90,6 +97,13 @@
        }
    ],
    "versions": [
+        {
+            "name": "15.9(3)M6",
+            "images": {
+                "hda_disk_image": "vios-adventerprisek9-m.spa.159-3.m6.qcow2",
+                "hdb_disk_image": "IOSv_startup_config.img"
+            }
+        },
        {
            "name": "15.9(3)M4",
            "images": {
--- a/gns3server/appliances/cisco-iosvl2.gns3a
+++ b/gns3server/appliances/cisco-iosvl2.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com/",
    "product_name": "IOSvL2",
    "product_url": "http://virl.cisco.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-iosxrv.gns3a
+++ b/gns3server/appliances/cisco-iosxrv.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/td/docs/ios_xr_sw/ios_xrv/release/notes/xrv-rn.html",
    "product_name": "IOS XRv",
    "product_url": "http://virl.cisco.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-iosxrv9k.gns3a
+++ b/gns3server/appliances/cisco-iosxrv9k.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/td/docs/ios_xr_sw/ios_xrv/release/notes/xrv-rn.html",
    "product_name": "IOS XRv 9000",
    "product_url": "http://virl.cisco.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-iou-l2.gns3a
+++ b/gns3server/appliances/cisco-iou-l2.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Cisco",
    "vendor_url": "http://www.cisco.com",
    "product_name": "Cisco IOU L2",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-iou-l3.gns3a
+++ b/gns3server/appliances/cisco-iou-l3.gns3a
@ -6,7 +6,7 @@
    "vendor_name": "Cisco",
    "vendor_url": "http://www.cisco.com",
    "product_name": "Cisco IOU L3",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-nxosv.gns3a
+++ b/gns3server/appliances/cisco-nxosv.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.cisco.com/",
    "product_name": "NX-OSv",
    "product_url": "http://virl.cisco.com/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-nxosv9k.gns3a
+++ b/gns3server/appliances/cisco-nxosv9k.gns3a
@ -33,6 +33,27 @@
            "filesize": 1592000512,
            "download_url": "https://software.cisco.com/download/home/286312239/type/282088129/release/10.1(1)"
        },
+        {
+            "filename": "nexus9300v.10.1.1.qcow2",
+            "version": "9300v 10.1.1",
+            "md5sum": "4051bdb96aff6e54b72b7e3b06c9d6eb",
+            "filesize": 1990983680,
+            "download_url": "https://software.cisco.com/download/home/286312239/type/282088129/release/10.1(1)"
+        },
+        {
+            "filename": "nexus9500v.9.3.9.qcow2",
+            "version": "9500v 9.3.9",
+            "md5sum": "30c25039927f89aebe73ea20d15abd6d",
+            "filesize": 1980760064,
+            "download_url": "https://software.cisco.com/download/home/286312239/type/282088129/release/9.3(9)"
+        },
+        {
+            "filename": "nexus9300v.9.3.9.qcow2",
+            "version": "9300v 9.3.9",
+            "md5sum": "e807005cb7d2d2957b4af0e59f368b36",
+            "filesize": 1980563456,
+            "download_url": "https://software.cisco.com/download/home/286312239/type/282088129/release/9.3(9)"
+        },
        {
            "filename": "nexus9300v.9.3.8.qcow2",
            "version": "9300v 9.3.8",
@ -167,12 +188,12 @@
            "download_url": "https://software.cisco.com/download/"
        },
        {
-            "filename": "OVMF-20160813.fd",
-            "version": "16.08.13",
-            "md5sum": "8ff0ef1ec56345db5b6bda1a8630e3c6",
-            "filesize": 2097152,
-            "download_url": "",
-            "direct_download_url": "https://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/OVMF-20160813.fd.zip/download",
+            "filename": "OVMF-edk2-stable202305.fd",
+            "version": "stable202305",
+            "md5sum": "6c4cf1519fec4a4b95525d9ae562963a",
+            "filesize": 4194304,
+            "download_url": "https://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/",
+            "direct_download_url": "https://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/OVMF-edk2-stable202305.fd.zip/download",
            "compression": "zip"
        }
    ],
@ -180,140 +201,161 @@
        {
            "name": "9500v 10.1.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nexus9500v64.10.1.1.qcow2"
            }
        },
-		{
+        {
+            "name": "9300v 10.1.1",
+            "images": {
+                "bios_image": "OVMF-edk2-stable202305.fd",
+                "hda_disk_image": "nexus9300v.10.1.1.qcow2"
+            }
+        },
+        {
+            "name": "9500v 9.3.9",
+            "images": {
+                "bios_image": "OVMF-edk2-stable202305.fd",
+                "hda_disk_image": "nexus9500v.9.3.9.qcow2"
+            }
+        },
+        {
+            "name": "9300v 9.3.9",
+            "images": {
+                "bios_image": "OVMF-edk2-stable202305.fd",
+                "hda_disk_image": "nexus9300v.9.3.9.qcow2"
+            }
+        },
+        {
            "name": "9300v 9.3.8",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nexus9300v.9.3.8.qcow2"
            }
        },
        {
            "name": "9500v 9.3.7",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nexus9500v.9.3.7.qcow2"
            }
        },
        {
            "name": "9500v 9.3.3",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nexus9500v.9.3.3.qcow2"
            }
        },
        {
            "name": "9300v 9.3.3",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nexus9300v.9.3.3.qcow2"
            }
        },
        {
            "name": "9.3.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv.9.3.1.qcow2"
            }
        },
        {
            "name": "9.2.3",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.9.2.3.qcow2"
            }
        },
        {
            "name": "9.2.2",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.9.2.2.qcow2"
            }
        },
        {
            "name": "9.2.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.9.2.1.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.9",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.9.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.7",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.7.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.6",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.6.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.5",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.5.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.4",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.4.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.3",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.3.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.2",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.2.qcow2"
            }
        },
        {
            "name": "7.0.3.I7.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I7.1.qcow2"
            }
        },
        {
            "name": "7.0.3.I6.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I6.1.qcow2"
            }
        },
        {
            "name": "7.0.3.I5.2",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I5.2.qcow2"
            }
        },
        {
            "name": "7.0.3.I5.1",
            "images": {
-                "bios_image": "OVMF-20160813.fd",
+                "bios_image": "OVMF-edk2-stable202305.fd",
                "hda_disk_image": "nxosv-final.7.0.3.I5.1.qcow2"
            }
        }
--- a/gns3server/appliances/cisco-pyats.gns3a
+++ b/gns3server/appliances/cisco-pyats.gns3a
@ -0,0 +1,19 @@
+{
+    "appliance_id": "d9ce131e-ecdc-49d2-be7d-d883d3919a06",
+    "name": "Cisco PyATS",
+    "category": "guest",
+    "description": "pyATS is an end-to-end DevOps automation ecosystem. Agnostic by design, pyATS enable network engineers to automate their day-to-day DevOps activities, perform stateful validation of their device operational status, build a safety-net of scalable, data-driven and reusable tests around their network, and visualize everything in a modern, easy to use dashboard.",
+    "vendor_name": "Cisco",
+    "vendor_url": "https://cisco.com",
+    "product_name": "PyATS",
+    "product_url": "https://developer.cisco.com/pyats/",
+    "registry_version": 4,
+    "status": "stable",
+    "maintainer": "Xander Petty",
+    "maintainer_email": "Xander.Petty@protonmail.com",
+    "docker": {
+        "adapters": 1,
+        "image": "gns3/pyats:latest",
+        "console_type": "telnet"
+    }
+}
--- a/gns3server/appliances/cisco-vWLC.gns3a
+++ b/gns3server/appliances/cisco-vWLC.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/products/wireless/wireless-lan-controller/index.html",
    "product_name": "Virtual Wireless LAN Controller",
    "product_url": "http://www.cisco.com/c/en/us/support/wireless/virtual-wireless-controller/tsd-products-support-series-home.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cisco-wsav.gns3a
+++ b/gns3server/appliances/cisco-wsav.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://www.cisco.com/c/en/us/support/security/web-security-appliance/tsd-products-support-series-home.html",
    "product_name": "Web Security Virtual Appliance",
    "product_url": "http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/citrix-netscaler-vpx.gns3a
+++ b/gns3server/appliances/citrix-netscaler-vpx.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://www.citrix.com/products/netscaler-adc/support.html",
    "product_name": "NetScaler VPX",
    "product_url": "https://www.citrix.com/products/netscaler-adc/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/citrix-sd-wan.gns3a
+++ b/gns3server/appliances/citrix-sd-wan.gns3a
@ -2,7 +2,7 @@
    "appliance_id": "2d5634dc-ad39-46cf-a2fd-17b291abab91",
    "name": "Citrix SD-WAN",
    "category": "router",
-    "description": "A software-defined wide area network (SD-WAN) is a virtual WAN architecture, in which any blend of network transport types — not only multiprotocol label switching (MPLS) but also broadband internet, cellular, and satellite — can be virtualized and bonded then centrally managed in software, to securely connect users to applications and desktops in accordance with policy. Essentially, SD-WAN is software-defined networking (SDN) for the WAN.",
+    "description": "A software-defined wide area network (SD-WAN) is a virtual WAN architecture, in which any blend of network transport types \u2014 not only multiprotocol label switching (MPLS) but also broadband internet, cellular, and satellite \u2014 can be virtualized and bonded then centrally managed in software, to securely connect users to applications and desktops in accordance with policy. Essentially, SD-WAN is software-defined networking (SDN) for the WAN.",
    "vendor_name": "Citrix",
    "vendor_url": "http://www.citrix.com/",
    "documentation_url": "https://docs.citrix.com/en-us/citrix-sd-wan",
--- a/gns3server/appliances/citrix-sdwan-center.gns3a
+++ b/gns3server/appliances/citrix-sdwan-center.gns3a
@ -18,7 +18,7 @@
        "adapter_type": "virtio-net-pci",
        "adapters": 4,
        "ram": 8192,
-	"cpus": 4,
+        "cpus": 4,
        "hda_disk_interface": "ide",
        "arch": "x86_64",
        "console_type": "telnet",
--- a/gns3server/appliances/clavister-netsheild.gns3a
+++ b/gns3server/appliances/clavister-netsheild.gns3a
@ -18,7 +18,7 @@
    "qemu": {
        "adapter_type": "virtio-net-pci",
        "adapters": 4,
-        "ram": 1024,      
+        "ram": 1024,
        "hda_disk_interface": "virtio",
        "arch": "x86_64",
        "console_type": "telnet",
@ -37,10 +37,10 @@
    ],
    "versions": [
        {
+            "name": "cOS Stream 3.80.09",
            "images": {
                "hda_disk_image": "clavister-cos-stream-3.80.09.01-virtual-x64-generic.qcow2"
-            },
-            "name": "cOS Stream 3.80.09"
+            }
        }
    ]
 }
--- a/gns3server/appliances/clavister-netwall.gns3a
+++ b/gns3server/appliances/clavister-netwall.gns3a
@ -43,16 +43,16 @@
    ],
    "versions": [
        {
+            "name": "cOS Core 14.00.01 (x86)",
            "images": {
                "hda_disk_image": "clavister-cos-core-14.00.01.13-kvm-en.img"
-            },
-            "name": "cOS Core 14.00.01 (x86)"
+            }
        },
        {
+            "name": "cOS Core 14.00.00 (x86)",
            "images": {
                "hda_disk_image": "clavister-cos-core-14.00.00.12-kvm-en.img"
-            },
-            "name": "cOS Core 14.00.00 (x86)"
+            }
        }
    ]
 }
--- a/gns3server/appliances/clearos.gns3a
+++ b/gns3server/appliances/clearos.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://www.clearos.com/resources/documentation/clearos-7-documentation-overview",
    "product_name": "ClearOS CE",
    "product_url": "https://www.clearos.com/clearfoundation/software/clearos-7-community",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cloudrouter.gns3a
+++ b/gns3server/appliances/cloudrouter.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "https://cloudrouter.atlassian.net/wiki/display/CPD/CloudRouter+Project+Information",
    "product_name": "CloudRouter",
    "product_url": "https://cloudrouter.org/about/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/coreos.gns3a
+++ b/gns3server/appliances/coreos.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "https://coreos.com/",
    "documentation_url": "https://coreos.com/docs/",
    "product_name": "CoreOS",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/cumulus-vx.gns3a
+++ b/gns3server/appliances/cumulus-vx.gns3a
@ -8,7 +8,7 @@
    "documentation_url": "http://docs.cumulusnetworks.com/",
    "product_name": "Cumulus VX",
    "product_url": "https://cumulusnetworks.com/cumulus-vx/",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
@ -18,13 +18,21 @@
    "qemu": {
        "adapter_type": "virtio-net-pci",
        "adapters": 7,
-        "ram": 768,
-        "hda_disk_interface": "ide",
+        "ram": 1024,
+        "hda_disk_interface": "virtio",
        "arch": "x86_64",
        "console_type": "telnet",
        "kvm": "require"
    },
    "images": [
+        {
+            "filename": "cumulus-linux-5.4.0-vx-amd64-qemu.qcow2",
+            "version": "5.4.0",
+            "md5sum": "b36d781a168e381e0db5b1d85a2f970d",
+            "filesize": 6254493696,
+            "download_url": "https://www.nvidia.com/en-us/networking/ethernet-switching/cumulus-vx/download/",
+            "direct_download_url": "https://d2cd9e7ca6hntp.cloudfront.net/public/CumulusLinux-5.4.0/cumulus-linux-5.4.0-vx-amd64-qemu.qcow2"
+        },
        {
            "filename": "cumulus-linux-5.3.1-vx-amd64-qemu.qcow2",
            "version": "5.3.1",
@ -247,6 +255,18 @@
        }
    ],
    "versions": [
+        {
+            "name": "5.4.0",
+            "images": {
+                "hda_disk_image": "cumulus-linux-5.4.0-vx-amd64-qemu.qcow2"
+            }
+        },
+        {
+            "name": "5.3.1",
+            "images": {
+                "hda_disk_image": "cumulus-linux-5.3.1-vx-amd64-qemu.qcow2"
+            }
+        },
        {
            "name": "5.1.0",
            "images": {
--- a/gns3server/appliances/debian.gns3a
+++ b/gns3server/appliances/debian.gns3a
@ -6,10 +6,10 @@
    "vendor_name": "Debian",
    "vendor_url": "https://www.debian.org",
    "product_name": "Debian",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
-    "maintainer": "GNS3 Team",
-    "maintainer_email": "developers@gns3.net",
+    "maintainer": "Bernhard Ehlers",
+    "maintainer_email": "dev-ehlers@mailbox.org",
    "usage": "Username:\tdebian\nPassword:\tdebian\nTo become root, use \"sudo -s\".\n\nNetwork configuration:\n- In \"/etc/network/interfaces\" comment out \"source-directory /run/network/interfaces.d\"\n- Remove \"/etc/network/interfaces.d/50-cloud-init\"\n- Create \"/etc/network/interfaces.d/10-ens4\", for example:\n\nauto ens4\n#iface ens4 inet dhcp\niface ens4 inet static\n    address 10.1.1.100/24\n    gateway 10.1.1.1\n    dns-nameservers 10.1.1.1\n",
    "symbol": "linux_guest.svg",
    "port_name_format": "ens{port4}",
@ -24,41 +24,57 @@
    },
    "images": [
        {
-            "filename": "debian-11-genericcloud-amd64-20221219-1234.qcow2",
-            "version": "11.6",
-            "md5sum": "bd6ddbccc89e40deb7716b812958238d",
-            "filesize": 258801664,
+            "filename": "debian-12-genericcloud-amd64-20230723-1450.qcow2",
+            "version": "12.1",
+            "md5sum": "6d1efcaa206de01eeeb590d773421c5c",
+            "filesize": 280166400,
+            "download_url": "https://cloud.debian.org/images/cloud/bookworm/",
+            "direct_download_url": "https://cloud.debian.org/images/cloud/bookworm/20230723-1450/debian-12-genericcloud-amd64-20230723-1450.qcow2"
+        },
+        {
+            "filename": "debian-11-genericcloud-amd64-20230601-1398.qcow2",
+            "version": "11.7",
+            "md5sum": "1b24a841dc5ca9bcf40b94ad4b4775d4",
+            "filesize": 259063808,
            "download_url": "https://cloud.debian.org/images/cloud/bullseye/",
-            "direct_download_url": "https://cloud.debian.org/images/cloud/bullseye/20221219-1234/debian-11-genericcloud-amd64-20221219-1234.qcow2"
+            "direct_download_url": "https://cloud.debian.org/images/cloud/bullseye/20230601-1398/debian-11-genericcloud-amd64-20230601-1398.qcow2"
        },
        {
-            "filename": "debian-10-genericcloud-amd64-20220911-1135.qcow2",
+            "filename": "debian-10-genericcloud-amd64-20230601-1398.qcow2",
            "version": "10.13",
-            "md5sum": "9d4d1175bef974caba79dd6ca33d500c",
-            "filesize": 234749952,
+            "md5sum": "ca799fb4011712f4686c422c1a9731cf",
+            "filesize": 228130816,
            "download_url": "https://cloud.debian.org/images/cloud/buster/",
-            "direct_download_url": "https://cloud.debian.org/images/cloud/buster/20220911-1135/debian-10-genericcloud-amd64-20220911-1135.qcow2"
+            "direct_download_url": "https://cloud.debian.org/images/cloud/buster/20230601-1398/debian-10-genericcloud-amd64-20230601-1398.qcow2"
        },
        {
            "filename": "debian-cloud-init-data.iso",
            "version": "1.0",
            "md5sum": "43f6bf70c178a9d3c270b5c24971e578",
            "filesize": 374784,
-            "download_url": "https://github.com/GNS3/gns3-registry/raw/master/cloud-init/Debian/debian-cloud-init-data.iso"
+            "download_url": "https://github.com/GNS3/gns3-registry/tree/master/cloud-init/Debian",
+            "direct_download_url": "https://github.com/GNS3/gns3-registry/raw/master/cloud-init/Debian/debian-cloud-init-data.iso"
        }
    ],
    "versions": [
        {
-            "name": "11.6",
+            "name": "12.1",
+            "images": {
+                "hda_disk_image": "debian-12-genericcloud-amd64-20230723-1450.qcow2",
+                "cdrom_image": "debian-cloud-init-data.iso"
+            }
+        },
+        {
+            "name": "11.7",
            "images": {
-                "hda_disk_image": "debian-11-genericcloud-amd64-20221219-1234.qcow2",
+                "hda_disk_image": "debian-11-genericcloud-amd64-20230601-1398.qcow2",
                "cdrom_image": "debian-cloud-init-data.iso"
            }
        },
        {
            "name": "10.13",
            "images": {
-                "hda_disk_image": "debian-10-genericcloud-amd64-20220911-1135.qcow2",
+                "hda_disk_image": "debian-10-genericcloud-amd64-20230601-1398.qcow2",
                "cdrom_image": "debian-cloud-init-data.iso"
            }
        }
--- a/gns3server/appliances/deft-linux.gns3a
+++ b/gns3server/appliances/deft-linux.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.deftlinux.net/",
    "documentation_url": "http://www.deftlinux.net/deft-manual/",
    "product_name": "DEFT Linux",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/dell-ftos.gns3a
+++ b/gns3server/appliances/dell-ftos.gns3a
@ -7,7 +7,7 @@
    "vendor_url": "http://www.dell.com/",
    "product_name": "Dell OS9",
    "product_url": "http://www.dell.com/us/business/p/open-platform-software/pd",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "experimental",
    "maintainer": "GNS3 Team",
    "maintainer_email": "developers@gns3.net",
--- a/gns3server/appliances/dns.gns3a
+++ b/gns3server/appliances/dns.gns3a
@ -6,11 +6,11 @@
    "vendor_name": "Ubuntu",
    "vendor_url": "https://www.ubuntu.com/",
    "product_name": "DNS",
-    "registry_version": 3,
+    "registry_version": 4,
    "status": "stable",
    "maintainer": "Andras Dosztal",
    "maintainer_email": "developers@gns3.net",
-    "usage": "You can add records by adding entries to the /etc/hosts file in the following format:\n%IP_ADDRESS% %HOSTNAME%.lab %HOSTNAME%\n\nExample:\n192.168.123.10 router1.lab router1\n\nIf you require DNS requests to be serviced from a different subnet than the one that the DNS server resides on then do the following:\n\n1. Edit (nano or vim) /ect/init.d/dnsmasq\n2. Find the line DNSMASQ_OPTS=\"$DNSMASQ_OPTS --local-service\"\n3. Remove the --local-service or comment that line out and add DNSMASQ_OPTS=\"\"\n4. Restart dnsmasq - service dnsmaq restart",
+    "usage": "You can add records by adding entries to the /etc/hosts file in the following format:\n%IP_ADDRESS% %HOSTNAME%.lab %HOSTNAME%\n\nExample:\n192.168.123.10 router1.lab router1\n\nIf you require DNS requests to be serviced from a different subnet than the one that the DNS server resides on then do the following:\n\n1. Edit (nano or vim) /ect/init.d/dnsmasq\n2. Find the line DNSMASQ_OPTS=\"$DNSMASQ_OPTS --local-service\"\n3. Remove the --local-service or comment that line out and add DNSMASQ_OPTS=\"\"\n4. Restart dnsmasq using the following command: service dnsmasq restart \n\n There is an error in this Docker container, edit /etc/dnsmasq.conf, add: interface=eth0",
    "symbol": "linux_guest.svg",
    "docker": {
        "adapters": 1,
--- a/gns3server/appliances/empty-vm.gns3a
+++ b/gns3server/appliances/empty-vm.gns3a
@ -18,9 +18,9 @@
        "adapter_type": "e1000",
        "adapters": 1,
        "ram": 1024,
+        "hda_disk_interface": "sata",
        "arch": "x86_64",
        "console_type": "vnc",
-		    "hda_disk_interface": "sata",
        "boot_priority": "d",
        "kvm": "allow"
    },
@ -33,7 +33,7 @@
            "download_url": "https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/",
            "direct_download_url": "https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/empty8G.qcow2/download"
        },
-		    {
+        {
            "filename": "empty30G.qcow2",
            "version": "30G",
            "md5sum": "3411a599e822f2ac6be560a26405821a",
@ -41,7 +41,7 @@
            "download_url": "https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/",
            "direct_download_url": "https://sourceforge.net/projects/gns-3/files/Empty%20Qemu%20disk/empty30G.qcow2/download"
        },
-		    {
+        {
            "filename": "empty100G.qcow2",
            "version": "100G",
            "md5sum": "1e6409a4523ada212dea2ebc50e50a65",
@ -77,11 +77,11 @@
                "hda_disk_image": "empty100G.qcow2"
            }
        },
-		    {
+        {
            "name": "200G",
            "images": {
                "hda_disk_image": "empty200G.qcow2"
            }
        }
-	]
+    ]
 }
--- a/gns3server/appliances/endhost.gns3a
+++ b/gns3server/appliances/endhost.gns3a
@ -0,0 +1,17 @@
+{
+    "appliance_id": "f59a5cf6-baaa-45a6-9685-989a2c3f3f4a",
+    "name": "endhost",
+    "category": "guest",
+    "description": "General purpose alpine-based endhost",
+    "vendor_name": "endhost",
+    "vendor_url": "https://www.alpinelinux.org",
+    "product_name": "endhost",
+    "registry_version": 4,
+    "status": "experimental",
+    "maintainer": "GNS3 Team",
+    "maintainer_email": "developers@gns3.net",
+    "docker": {
+        "adapters": 1,
+        "image": "gns3/endhost:latest"
+    }
+}
--- a/Show More
+++ b/Show More