check user: re-order enable check first again and adhere noerr flag

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index eea6e141aa71a8c883f2819564a988a008da6505..1a7bc4978d8b7f04383511b7c9f509dcfad12d38 100644 (file)
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -653,16 +653,20 @@ sub check_user_enabled {
     my $data = check_user_exist($usercfg, $username, $noerr);
     return undef if !$data;
 
+    if (!$data->{enable}) {
+       die "user '$username' is disabled\n" if !$noerr;
+       return undef;
+    }
+
     my $ctime = time();
     my $expire = $usercfg->{users}->{$username}->{expire};
 
-    die "account expired\n" if $expire && ($expire < $ctime);
-
-    return 1 if $data->{enable};
-
-    die "user '$username' is disabled\n" if !$noerr;
+    if ($expire && $expire < $ctime) {
+       die "account expired\n" if !$noerr;
+       return undef;
+    }
 
-    return undef;
+    return 1; # enabled and not expired
 }
 
 sub check_token_exist {