[pve-devel] [PATCH access-control] fix #2575: die when trying to edit built-in roles
Dominik Csapak
d.csapak at proxmox.com
Fri Jan 31 11:54:33 CET 2020
instead of silently ignoring the change
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
PVE/API2/Role.pm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
index 83e4a9d..70a92b6 100644
--- a/PVE/API2/Role.pm
+++ b/PVE/API2/Role.pm
@@ -126,11 +126,14 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
+ my $role = $param->{roleid};
+
+ die "auto-generated role '$role' cannot be modified\n"
+ if PVE::AccessControl::role_is_special($role);
+
PVE::AccessControl::lock_user_config(
sub {
- my $role = $param->{roleid};
-
my $usercfg = cfs_read_file("user.cfg");
die "role '$role' does not exist\n"
--
2.20.1
More information about the pve-devel
mailing list