[pve-devel] [PATCH access-control v2 1/3] fix #1501: pveum: die when deleting special role
Philip Abernethy
p.abernethy at proxmox.com
Wed Sep 20 17:10:28 CEST 2017
Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
---
v2: Fixed 'special' appearing in WebUI roles list
PVE/API2/Role.pm | 7 ++++++-
PVE/AccessControl.pm | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 6392e13..d6d17db 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -43,8 +43,10 @@ __PACKAGE__->register_method ({
my $usercfg = cfs_read_file("user.cfg");
foreach my $role (keys %{$usercfg->{roles}}) {
+ my $special = $usercfg->{roles}->{$role}->{special};
+ delete $usercfg->{roles}->{$role}->{special};
my $privs = join(',', sort keys %{$usercfg->{roles}->{$role}});
- push @$res, { roleid => $role, privs => $privs };
+ push @$res, { roleid => $role, privs => $privs, special => $special };
}
return $res;
@@ -195,6 +197,9 @@ __PACKAGE__->register_method ({
die "role '$role' does not exist\n"
if !$usercfg->{roles}->{$role};
+ die "role '$role' can not be deleted\n"
+ if ($usercfg->{roles}->{$role}->{special});
+
delete ($usercfg->{roles}->{$role});
# fixme: delete role from acl?
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 7d02cdf..b6be95d 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -595,6 +595,7 @@ sub userconfig_force_defaults {
foreach my $r (keys %$special_roles) {
$cfg->{roles}->{$r} = $special_roles->{$r};
+ $cfg->{roles}->{$r}->{special} = 1;
}
# add root user if not exists
--
2.11.0
More information about the pve-devel
mailing list