]> git.proxmox.com Git - pve-access-control.git/commitdiff
projects / pve-access-control.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 23059f3)
fix #2575: die when trying to edit built-in roles
authorDominik Csapak <d.csapak@proxmox.com>
Fri, 31 Jan 2020 10:54:33 +0000 (11:54 +0100)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Fri, 31 Jan 2020 19:34:06 +0000 (20:34 +0100)
instead of silently ignoring the change

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
PVE/API2/Role.pm patch | blob | blame | history

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 83e4a9d4a9ab20b1efce78c4b433f6db3e0f72d2..70a92b67d300d29ad559f0f83a592d4b72347978 100644 (file)
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -126,11 +126,14 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
     code => sub {
        my ($param) = @_;
 
+       my $role = $param->{roleid};
+
+       die "auto-generated role '$role' cannot be modified\n"
+           if PVE::AccessControl::role_is_special($role);
+
        PVE::AccessControl::lock_user_config(
            sub {
 
        PVE::AccessControl::lock_user_config(
            sub {
 
-               my $role = $param->{roleid};
-
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"
Access control framework