api: delete user: better communicate partial deletion

this is really an edge case and should not happen often in practice,
the time window is small and deletions are not _that_ common, but
still.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 06cc6804fd9a9f13b5af7d08856fc6958526e02b..8893d03caf11440942d555b5646160801d9e2bf2 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -451,11 +451,19 @@ __PACKAGE__->register_method ({
            # know that it's OK to drop any TFA entry in that case.
            delete $usercfg->{users}->{$userid};
 
-           PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
-
-           PVE::AccessControl::delete_user_group($userid, $usercfg);
-           PVE::AccessControl::delete_user_acl($userid, $usercfg);
-           cfs_write_file("user.cfg", $usercfg);
+           my $partial_deletion = '';
+           eval {
+               PVE::AccessControl::user_set_tfa($userid, $realm, undef, undef, $usercfg, $domain_cfg);
+               $partial_deletion = ' - but deleted related TFA';
+
+               PVE::AccessControl::delete_user_group($userid, $usercfg);
+               $partial_deletion .= ', Groups';
+               PVE::AccessControl::delete_user_acl($userid, $usercfg);
+               $partial_deletion .= ', ACLs';
+
+               cfs_write_file("user.cfg", $usercfg);
+           };
+           die "$@$partial_deletion\n" if $@;
        }, "delete user failed");
 
        return undef;