Remove unused Dumper uses

[pve-access-control.git] / PVE / API2 / Role.pm

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 509938c00fc4e6cc9bcee4e31f12ba44ace741ea..895da8282a6d9fc403fd039c4c55ecfee03909ab 100644 (file)
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -7,8 +7,6 @@ use PVE::AccessControl;
 
 use PVE::SafeSyslog;
 
-use Data::Dumper; # fixme: remove
-
 use PVE::RESTHandler;
 
 use base qw(PVE::RESTHandler);
@@ -19,7 +17,7 @@ __PACKAGE__->register_method ({
     method => 'GET',
     description => "Role index.",
     permissions => { 
-       check => ['perm', '/access', ['Sys.Audit']],
+       user => 'all',
     },
     parameters => {
        additionalProperties => 0,
@@ -44,7 +42,8 @@ __PACKAGE__->register_method ({
  
        foreach my $role (keys %{$usercfg->{roles}}) {
            my $privs = join(',', sort keys %{$usercfg->{roles}->{$role}});
-           push @$res, { roleid => $role, privs => $privs };
+           push @$res, { roleid => $role, privs => $privs,
+               special => PVE::AccessControl::role_is_special($role) };
        }
 
        return $res;
@@ -141,7 +140,7 @@ __PACKAGE__->register_method ({
     path => '{roleid}', 
     method => 'GET',
     permissions => { 
-       check => ['perm', '/access', ['Sys.Audit']],
+       user => 'all',
     },
     description => "Get role configuration.",
     parameters => {
@@ -195,6 +194,9 @@ __PACKAGE__->register_method ({
                die "role '$role' does not exist\n"
                    if !$usercfg->{roles}->{$role};
        
+               die "auto-generated role '$role' can not be deleted\n"
+                   if PVE::AccessControl::role_is_special($role);
+
                delete ($usercfg->{roles}->{$role});
 
                # fixme: delete role from acl?