X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAPI2%2FRole.pm;h=bc77305ef54ed6302bd378e3088f5c3d16770d63;hp=452fc6d5e1437173306a96431f92c5eaba7bf645;hb=e41cc73c52cc784da82c8e96a7bcfbb0e017dbb5;hpb=0a6e09fd4733d877b02d1d2aee26bf90e243b2a0

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 452fc6d..bc77305 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::AccessControl::lock_user_config(
-	    sub {
+	my $role = $param->{roleid};
 
-		my $role = $param->{roleid};
+	die "auto-generated role '$role' cannot be deleted\n"
+	    if PVE::AccessControl::role_is_special($role);
 
+	PVE::AccessControl::lock_user_config(
+	    sub {
 		my $usercfg = cfs_read_file("user.cfg");
 
 		die "role '$role' does not exist\n"
 		    if !$usercfg->{roles}->{$role};
 
-		die "auto-generated role '$role' can not be deleted\n"
-		    if PVE::AccessControl::role_is_special($role);
-
 		delete ($usercfg->{roles}->{$role});
 
 		# fixme: delete role from acl?