api: check for special roles before locking the usercfg
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Fri, 22 Sep 2017 06:52:31 +0000 (08:52 +0200)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Fri, 22 Sep 2017 06:52:55 +0000 (08:52 +0200)
PVE/API2/Role.pm

index 452fc6d..bc77305 100644 (file)
@@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
-       PVE::AccessControl::lock_user_config(
-           sub {
+       my $role = $param->{roleid};
 
-               my $role = $param->{roleid};
+       die "auto-generated role '$role' cannot be deleted\n"
+           if PVE::AccessControl::role_is_special($role);
 
+       PVE::AccessControl::lock_user_config(
+           sub {
                my $usercfg = cfs_read_file("user.cfg");
 
                die "role '$role' does not exist\n"
                    if !$usercfg->{roles}->{$role};
 
-               die "auto-generated role '$role' can not be deleted\n"
-                   if PVE::AccessControl::role_is_special($role);
-
                delete ($usercfg->{roles}->{$role});
 
                # fixme: delete role from acl?