]> git.proxmox.com Git - pve-access-control.git/blobdiff - PVE/API2/Role.pm
projects / pve-access-control.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
api: check for special roles before locking the usercfg
[pve-access-control.git] / PVE / API2 / Role.pm
diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 452fc6d5e1437173306a96431f92c5eaba7bf645..bc77305ef54ed6302bd378e3088f5c3d16770d63 100644 (file)
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
     code => sub {
        my ($param) = @_;
 
-       PVE::AccessControl::lock_user_config(
-           sub {
+       my $role = $param->{roleid};
 
 
-               my $role = $param->{roleid};
+       die "auto-generated role '$role' cannot be deleted\n"
+           if PVE::AccessControl::role_is_special($role);
 
 
+       PVE::AccessControl::lock_user_config(
+           sub {
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"
                    if !$usercfg->{roles}->{$role};
 
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"
                    if !$usercfg->{roles}->{$role};
 
-               die "auto-generated role '$role' can not be deleted\n"
-                   if PVE::AccessControl::role_is_special($role);
-
                delete ($usercfg->{roles}->{$role});
 
                # fixme: delete role from acl?
                delete ($usercfg->{roles}->{$role});
 
                # fixme: delete role from acl?
Access control framework