access permissions cleanup fix

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 955e143586017a63b3acdfa1590f17cafced6624..54577aa228a14f5269611f9c442175bc35b96a17 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -478,10 +478,7 @@ sub delete_pool_acl {
 
     my $path = "/pool/$pool";
 
-    foreach my $aclpath (keys %{$usercfg->{acl}}) {
-       delete ($usercfg->{acl}->{$aclpath})
-           if $usercfg->{acl}->{$aclpath} eq 'path';
-    }
+    delete ($usercfg->{acl}->{$path})
 }
 
 # we automatically create some predefined roles by splitting privs
@@ -708,6 +705,7 @@ sub parse_user_config {
 
     userconfig_force_defaults($cfg);
 
+    $raw = '' if !defined($raw);
     while ($raw =~ /^\s*(.+?)\s*$/gm) {
        my $line = $1;
        my @data;
@@ -1095,6 +1093,27 @@ sub check_permissions {
     return 1;
 }
 
+sub remove_vm_access {
+    my ($vmid) = @_;
+    my $delVMaccessFn = sub {
+        my $usercfg = cfs_read_file("user.cfg");
+
+        if (my $acl = $usercfg->{acl}->{'/vms/'.$vmid}) {
+            delete $usercfg->{acl}->{'/vms/'.$vmid};
+            cfs_write_file("user.cfg", $usercfg);
+        }
+        if (my $pool = $usercfg->{vms}->{$vmid}) {
+            if (my $data = $usercfg->{pools}->{$pool}) {
+                delete $data->{vms}->{$vmid};
+                delete $usercfg->{vms}->{$vmid};
+                cfs_write_file("user.cfg", $usercfg);
+            }
+        }
+    };
+
+    lock_user_config($delVMaccessFn, "access permissions cleanup for VM $vmid failed");
+}
+
 sub add_vm_to_pool {
     my ($vmid, $pool) = @_;