mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-28 14:05:41 +00:00
Fix dashboard domain query for non-admin users
This commit is contained in:
parent
a48417ac23
commit
5d09daf8eb
@ -303,16 +303,18 @@ class User(db.Model):
|
|||||||
db.session.rollback()
|
db.session.rollback()
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def get_domain_query(self):
|
||||||
|
return db.session.query(User, DomainUser, Domain) \
|
||||||
|
.filter(User.id == self.id) \
|
||||||
|
.filter(User.id == DomainUser.user_id) \
|
||||||
|
.filter(Domain.id == DomainUser.domain_id)
|
||||||
|
|
||||||
def get_domain(self):
|
def get_domain(self):
|
||||||
"""
|
"""
|
||||||
Get domains which user has permission to
|
Get domains which user has permission to
|
||||||
access
|
access
|
||||||
"""
|
"""
|
||||||
user_domains = []
|
return [q[2] for q in self.get_domain_query()]
|
||||||
query = db.session.query(User, DomainUser, Domain).filter(User.id==self.id).filter(User.id==DomainUser.user_id).filter(Domain.id==DomainUser.domain_id).all()
|
|
||||||
for q in query:
|
|
||||||
user_domains.append(q[2])
|
|
||||||
return user_domains
|
|
||||||
|
|
||||||
def delete(self):
|
def delete(self):
|
||||||
"""
|
"""
|
||||||
|
@ -292,7 +292,7 @@ def dashboard_domains():
|
|||||||
if current_user.role.name == 'Administrator':
|
if current_user.role.name == 'Administrator':
|
||||||
domains = Domain.query
|
domains = Domain.query
|
||||||
else:
|
else:
|
||||||
domains = User(id=current_user.id).get_domain()
|
domains = User(id=current_user.id).get_domain_query()
|
||||||
|
|
||||||
template = app.jinja_env.get_template("dashboard_domain.html")
|
template = app.jinja_env.get_template("dashboard_domain.html")
|
||||||
render = template.make_module(vars={"current_user": current_user})
|
render = template.make_module(vars={"current_user": current_user})
|
||||||
@ -328,6 +328,9 @@ def dashboard_domains():
|
|||||||
length = min(int(request.args.get("length", 0)), 100)
|
length = min(int(request.args.get("length", 0)), 100)
|
||||||
domains = domains[start:start + length]
|
domains = domains[start:start + length]
|
||||||
|
|
||||||
|
if current_user.role.name != 'Administrator':
|
||||||
|
domains = [d[2] for d in domains]
|
||||||
|
|
||||||
data = []
|
data = []
|
||||||
for domain in domains:
|
for domain in domains:
|
||||||
data.append([
|
data.append([
|
||||||
|
Loading…
Reference in New Issue
Block a user