fix #2575: die when trying to edit built-in roles
authorDominik Csapak <d.csapak@proxmox.com>
Fri, 31 Jan 2020 10:54:33 +0000 (11:54 +0100)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 31 Jan 2020 19:34:06 +0000 (20:34 +0100)
instead of silently ignoring the change

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
PVE/API2/Role.pm

index 83e4a9d..70a92b6 100644 (file)
@@ -126,11 +126,14 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
+       my $role = $param->{roleid};
+
+       die "auto-generated role '$role' cannot be modified\n"
+           if PVE::AccessControl::role_is_special($role);
+
        PVE::AccessControl::lock_user_config(
            sub {
 
-               my $role = $param->{roleid};
-
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"