mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-27 05:25:40 +00:00
Fix dashboard domain query for non-admin users
This commit is contained in:
parent
a48417ac23
commit
5d09daf8eb
@ -303,16 +303,18 @@ class User(db.Model):
|
||||
db.session.rollback()
|
||||
return False
|
||||
|
||||
def get_domain_query(self):
|
||||
return db.session.query(User, DomainUser, Domain) \
|
||||
.filter(User.id == self.id) \
|
||||
.filter(User.id == DomainUser.user_id) \
|
||||
.filter(Domain.id == DomainUser.domain_id)
|
||||
|
||||
def get_domain(self):
|
||||
"""
|
||||
Get domains which user has permission to
|
||||
access
|
||||
"""
|
||||
user_domains = []
|
||||
query = db.session.query(User, DomainUser, Domain).filter(User.id==self.id).filter(User.id==DomainUser.user_id).filter(Domain.id==DomainUser.domain_id).all()
|
||||
for q in query:
|
||||
user_domains.append(q[2])
|
||||
return user_domains
|
||||
return [q[2] for q in self.get_domain_query()]
|
||||
|
||||
def delete(self):
|
||||
"""
|
||||
|
@ -292,7 +292,7 @@ def dashboard_domains():
|
||||
if current_user.role.name == 'Administrator':
|
||||
domains = Domain.query
|
||||
else:
|
||||
domains = User(id=current_user.id).get_domain()
|
||||
domains = User(id=current_user.id).get_domain_query()
|
||||
|
||||
template = app.jinja_env.get_template("dashboard_domain.html")
|
||||
render = template.make_module(vars={"current_user": current_user})
|
||||
@ -328,6 +328,9 @@ def dashboard_domains():
|
||||
length = min(int(request.args.get("length", 0)), 100)
|
||||
domains = domains[start:start + length]
|
||||
|
||||
if current_user.role.name != 'Administrator':
|
||||
domains = [d[2] for d in domains]
|
||||
|
||||
data = []
|
||||
for domain in domains:
|
||||
data.append([
|
||||
|
Loading…
Reference in New Issue
Block a user