From e1ea58c8103f0fd1726a234e4cb6b7baa1629a90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 7 Jun 2023 11:34:33 +0200
Subject: [PATCH] check_sdn_bridge: check bridge first
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

it's cheap, so let's use it for early returning

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/PVE/RPCEnvironment.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/PVE/RPCEnvironment.pm b/src/PVE/RPCEnvironment.pm
index 745296a..075099d 100644
--- a/src/PVE/RPCEnvironment.pm
+++ b/src/PVE/RPCEnvironment.pm
@@ -329,6 +329,9 @@ sub check_sdn_bridge {
     my ($self, $username, $zone, $bridge, $privs, $noerr) = @_;
 
     my $path = "/sdn/zones/$zone/$bridge";
+    # check access to bridge itself
+    return 1 if $self->check_any($username, $path, $privs, 1);
+
     my $cfg = $self->{user_cfg};
     my $bridge_acl = PVE::AccessControl::find_acl_tree_node($cfg->{acl_root}, $path);
     if ($bridge_acl) {
@@ -338,8 +341,6 @@ sub check_sdn_bridge {
 	    my $vlanpath = "$path/$vlan";
 	    return 1 if $self->check_any($username, $vlanpath, $privs, 1);
 	}
-	# check access to bridge itself
-	return 1 if $self->check_any($username, $path, $privs, 1);
     }
 
     # repeat check, but fatal