proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-06-13 15:27:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api: check for special roles before locking the usercfg

Browse Source
This commit is contained in:
Wolfgang Bumiller 2017-09-22 08:52:31 +02:00
parent 0a6e09fd47
commit e41cc73c52
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
PVE/API2/Role.pm
View File

@ -183,19 +183,18 @@ __PACKAGE__->register_method ({
code => sub { code => sub {
my ($param) = @_; my ($param) = @_;
my $role = $param->{roleid};
die "auto-generated role '$role' cannot be deleted\n"
if PVE::AccessControl::role_is_special($role);
PVE::AccessControl::lock_user_config( PVE::AccessControl::lock_user_config(
sub { sub {
my $role = $param->{roleid};
my $usercfg = cfs_read_file("user.cfg"); my $usercfg = cfs_read_file("user.cfg");
die "role '$role' does not exist\n" die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role}; if !$usercfg->{roles}->{$role};
die "auto-generated role '$role' can not be deleted\n"
if PVE::AccessControl::role_is_special($role);
delete ($usercfg->{roles}->{$role}); delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl? # fixme: delete role from acl?