diff --git a/app/decorators.py b/app/decorators.py index f0e990c..a1cfacf 100644 --- a/app/decorators.py +++ b/app/decorators.py @@ -61,3 +61,18 @@ def can_configure_dnssec(f): return f(*args, **kwargs) return decorated_function + + +def can_create_domain(f): + """ + Grant access if: + - user is in Operator role or higher, or + - allow_user_create_domain is on + """ + @wraps(f) + def decorated_function(*args, **kwargs): + if g.user.role.name not in ['Administrator', 'Operator'] and not Setting().get('allow_user_create_domain'): + return redirect(url_for('error', code=401)) + + return f(*args, **kwargs) + return decorated_function diff --git a/app/models.py b/app/models.py index 816e226..82fabf9 100644 --- a/app/models.py +++ b/app/models.py @@ -1799,6 +1799,7 @@ class Setting(db.Model): 'allow_quick_edit': True, 'pretty_ipv6_ptr': False, 'dnssec_admins_only': False, + 'allow_user_create_domain': False, 'bg_domain_updates': False, 'site_name': 'PowerDNS-Admin', 'pdns_api_url': '', diff --git a/app/templates/admin_setting_basic.html b/app/templates/admin_setting_basic.html index b289f75..d5bdb84 100644 --- a/app/templates/admin_setting_basic.html +++ b/app/templates/admin_setting_basic.html @@ -69,7 +69,7 @@