api: check for special roles before locking the usercfg

2025-06-12 17:00:31 +00:00 · 2017-09-22 08:52:31 +02:00 · 2017-09-22 08:52:31 +02:00 · e41cc73c52
commit e41cc73c52
parent 0a6e09fd47
1 changed files with 5 additions and 6 deletions
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
    code => sub {
 	my ($param) = @_;

+	my $role = $param->{roleid};
+
+	die "auto-generated role '$role' cannot be deleted\n"
+	    if PVE::AccessControl::role_is_special($role);
+
 	PVE::AccessControl::lock_user_config(
 	    sub {
-
-		my $role = $param->{roleid};
-
 		my $usercfg = cfs_read_file("user.cfg");

 		die "role '$role' does not exist\n"
 		    if !$usercfg->{roles}->{$role};

-		die "auto-generated role '$role' can not be deleted\n"
-		    if PVE::AccessControl::role_is_special($role);
-
 		delete ($usercfg->{roles}->{$role});

 		# fixme: delete role from acl?