Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
Also add a property to the API answer for possible later use by the
WebUI.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
foreach my $role (keys %{$usercfg->{roles}}) {
my $privs = join(',', sort keys %{$usercfg->{roles}->{$role}});
foreach my $role (keys %{$usercfg->{roles}}) {
my $privs = join(',', sort keys %{$usercfg->{roles}->{$role}});
- push @$res, { roleid => $role, privs => $privs };
+ push @$res, { roleid => $role, privs => $privs,
+ special => PVE::AccessControl::role_is_special($role) };
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
+ die "auto-generated role '$role' can not be deleted\n"
+ if PVE::AccessControl::role_is_special($role);
+
delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl?
delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl?
+sub role_is_special {
+ my ($role) = @_;
+ return exists $special_roles->{$role};
+}
+
sub add_role_privs {
my ($role, $usercfg, $privs) = @_;
sub add_role_privs {
my ($role, $usercfg, $privs) = @_;