fix #1501: pveum: die when deleting special role

[pve-access-control.git] / PVE / API2 / Role.pm

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 6392e133a2bd673dcc96072c11f0a8ded689073f..0216c8dfc62c8cf50227923450d7ad2648bf6be1 100644 (file)
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -44,7 +44,8 @@ __PACKAGE__->register_method ({
  
        foreach my $role (keys %{$usercfg->{roles}}) {
            my $privs = join(',', sort keys %{$usercfg->{roles}->{$role}});
-           push @$res, { roleid => $role, privs => $privs };
+           push @$res, { roleid => $role, privs => $privs,
+               special => PVE::AccessControl::role_is_special($role) };
        }
 
        return $res;
@@ -195,6 +196,9 @@ __PACKAGE__->register_method ({
                die "role '$role' does not exist\n"
                    if !$usercfg->{roles}->{$role};
        
+               die "auto-generated role '$role' can not be deleted\n"
+                   if PVE::AccessControl::role_is_special($role);
+
                delete ($usercfg->{roles}->{$role});
 
                # fixme: delete role from acl?