projects
/
pve-access-control.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0a6e09f
)
api: check for special roles before locking the usercfg
author
Wolfgang Bumiller
<w.bumiller@proxmox.com>
Fri, 22 Sep 2017 06:52:31 +0000
(08:52 +0200)
committer
Wolfgang Bumiller
<w.bumiller@proxmox.com>
Fri, 22 Sep 2017 06:52:55 +0000
(08:52 +0200)
PVE/API2/Role.pm
patch
|
blob
|
blame
|
history
diff --git
a/PVE/API2/Role.pm
b/PVE/API2/Role.pm
index 452fc6d5e1437173306a96431f92c5eaba7bf645..bc77305ef54ed6302bd378e3088f5c3d16770d63 100644
(file)
--- a/
PVE/API2/Role.pm
+++ b/
PVE/API2/Role.pm
@@
-183,19
+183,18
@@
__PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
code => sub {
my ($param) = @_;
- PVE::AccessControl::lock_user_config(
- sub {
+ my $role = $param->{roleid};
- my $role = $param->{roleid};
+ die "auto-generated role '$role' cannot be deleted\n"
+ if PVE::AccessControl::role_is_special($role);
+ PVE::AccessControl::lock_user_config(
+ sub {
my $usercfg = cfs_read_file("user.cfg");
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
my $usercfg = cfs_read_file("user.cfg");
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
- die "auto-generated role '$role' can not be deleted\n"
- if PVE::AccessControl::role_is_special($role);
-
delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl?
delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl?