permissions: fix token/user priv intersection

[pve-access-control.git] / src / PVE / RPCEnvironment.pm

diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index ed5625e8b65608c2163427ae1f0f4808df0714f8..a0c755587638191e6e45a282fe2e76dc3636151c 100644 (file)
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -74,7 +74,7 @@ my $compile_acl_path = sub {
     foreach my $role (keys %$roles) {
        if (my $privset = $cfg->{roles}->{$role}) {
            foreach my $p (keys %$privset) {
-               $privs->{$p} = $roles->{$role};
+               $privs->{$p} ||= $roles->{$role};
            }
        }
     }
@@ -82,7 +82,7 @@ my $compile_acl_path = sub {
     if ($username && $username ne 'root@pam') {
        # intersect user and token permissions
        my $user_privs = $cache->{$username}->{privs}->{$path};
-       my $filtered_privs = [ grep { $user_privs->{$_} } keys %$privs ];
+       my $filtered_privs = [ grep { defined($user_privs->{$_}) } keys %$privs ];
        $privs = { map { $_ => $user_privs->{$_} && $privs->{$_} } @$filtered_privs };
     }