Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
---
PVE/API2/Role.pm | 3 +++
PVE/AccessControl.pm | 1 +
2 files changed, 4 insertions(+)
diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 6392e13..d8d8e17 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -192,6 +192,9 @@ __PACKAGE__->register_method ({
my $usercfg = cfs_read_file("user.cfg");
+ die "role '$role' can not be deleted\n"
+ if ($usercfg->{roles}->{$role}->{special});
+
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 7d02cdf..b6be95d 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -595,6 +595,7 @@ sub userconfig_force_defaults {
foreach my $r (keys %$special_roles) {
$cfg->{roles}->{$r} = $special_roles->{$r};
+ $cfg->{roles}->{$r}->{special} = 1;
}
# add root user if not exists
--
2.11.0
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
