From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 22 Sep 2017 06:52:31 +0000 (+0200)
Subject: api: check for special roles before locking the usercfg
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=e41cc73c52cc784da82c8e96a7bcfbb0e017dbb5

api: check for special roles before locking the usercfg
---

diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 452fc6d..bc77305 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	PVE::AccessControl::lock_user_config(
-	    sub {
+	my $role = $param->{roleid};
 
-		my $role = $param->{roleid};
+	die "auto-generated role '$role' cannot be deleted\n"
+	    if PVE::AccessControl::role_is_special($role);
 
+	PVE::AccessControl::lock_user_config(
+	    sub {
 		my $usercfg = cfs_read_file("user.cfg");
 
 		die "role '$role' does not exist\n"
 		    if !$usercfg->{roles}->{$role};
 
-		die "auto-generated role '$role' can not be deleted\n"
-		    if PVE::AccessControl::role_is_special($role);
-
 		delete ($usercfg->{roles}->{$role});
 
 		# fixme: delete role from acl?