X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FRPCEnvironment.pm;h=a0c755587638191e6e45a282fe2e76dc3636151c;hb=0716a56be3fc8be775a4afc818e8cad6727dc91c;hp=ed5625e8b65608c2163427ae1f0f4808df0714f8;hpb=c870b202e4bcc19850d52e624fdfe4b31b1bfd3c;p=pve-access-control.git

diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index ed5625e..a0c7555 100644
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -74,7 +74,7 @@ my $compile_acl_path = sub {
     foreach my $role (keys %$roles) {
 	if (my $privset = $cfg->{roles}->{$role}) {
 	    foreach my $p (keys %$privset) {
-		$privs->{$p} = $roles->{$role};
+		$privs->{$p} ||= $roles->{$role};
 	    }
 	}
     }
@@ -82,7 +82,7 @@ my $compile_acl_path = sub {
     if ($username && $username ne 'root@pam') {
 	# intersect user and token permissions
 	my $user_privs = $cache->{$username}->{privs}->{$path};
-	my $filtered_privs = [ grep { $user_privs->{$_} } keys %$privs ];
+	my $filtered_privs = [ grep { defined($user_privs->{$_}) } keys %$privs ];
 	$privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } @$filtered_privs };
     }