From 50333856badcd0dd6d0f4e4876fd605738317ef9 Mon Sep 17 00:00:00 2001
From: Tomas Jelinek <tojeline@redhat.com>
Date: Wed, 7 Jan 2015 13:08:26 +0100
Subject: [PATCH] Delete a user/group when deleting its last ACl role in GUI

---
 pcs/acl.py     | 6 +++++-
 pcsd/remote.rb | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/pcs/acl.py b/pcs/acl.py
index cbaef37..aa07d40 100644
--- a/pcs/acl.py
+++ b/pcs/acl.py
@@ -107,7 +107,11 @@ def acl_role(argv):
         # Remove any references to this role in acl_target or acl_group
         for elem in dom.getElementsByTagName("role"):
             if elem.getAttribute("id") == role_id:
-                elem.parentNode.removeChild(elem)
+                user_group = elem.parentNode
+                user_group.removeChild(elem)
+                if "--autodelete" in utils.pcs_options:
+                    if not user_group.getElementsByTagName("role"):
+                        user_group.parentNode.removeChild(user_group)
 
         utils.replace_cib_configuration(dom)
     elif command == "assign":
diff --git a/pcsd/remote.rb b/pcsd/remote.rb
index 2e898ab..9709941 100644
--- a/pcsd/remote.rb
+++ b/pcsd/remote.rb
@@ -914,7 +914,9 @@ def remove_acl_roles_remote(params)
   errors = ""
   params.each { |name, value|
     if name.index("role-") == 0
-      out, errout, retval = run_cmd(PCS, "acl", "role", "delete", value.to_s)
+      out, errout, retval = run_cmd(
+        PCS, "acl", "role", "delete", value.to_s, "--autodelete"
+      )
       if retval != 0
         errors += "Unable to remove role #{value}"
         unless errout.include?("cib_replace failure")
-- 
1.9.1