[pve-devel] applied: [PATCH access-control] fix #2575: die when trying to edit built-in roles
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Jan 31 20:34:22 CET 2020
On 1/31/20 11:54 AM, Dominik Csapak wrote:
> instead of silently ignoring the change
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> PVE/API2/Role.pm | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/PVE/API2/Role.pm b/PVE/API2/Role.pm
> index 83e4a9d..70a92b6 100644
> --- a/PVE/API2/Role.pm
> +++ b/PVE/API2/Role.pm
> @@ -126,11 +126,14 @@ __PACKAGE__->register_method ({
> code => sub {
> my ($param) = @_;
>
> + my $role = $param->{roleid};
> +
> + die "auto-generated role '$role' cannot be modified\n"
> + if PVE::AccessControl::role_is_special($role);
> +
> PVE::AccessControl::lock_user_config(
> sub {
>
> - my $role = $param->{roleid};
> -
> my $usercfg = cfs_read_file("user.cfg");
>
> die "role '$role' does not exist\n"
>
applied, thanks!
More information about the pve-devel
mailing list