cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-09-19 23:02:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent non-administrator user from editing admin users

Browse Source
This commit is contained in:
Khanh Ngo 2019-01-09 13:03:27 +07:00
parent 082969de72
commit 7da6bd5f99
No known key found for this signature in database
GPG Key ID: B9AE3BAF6D5A7B22
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/views.py
View File

@ -1158,23 +1158,30 @@ def admin_pdns():
@login_required @login_required
@operator_role_required @operator_role_required
def admin_edituser(user_username=None): def admin_edituser(user_username=None):
if request.method == 'GET': if user_username:
if not user_username:
return render_template('admin_edituser.html', create=1)
else:
user = User.query.filter(User.username == user_username).first() user = User.query.filter(User.username == user_username).first()
return render_template('admin_edituser.html', user=user, create=0) create = False
if not user:
return render_template('errors/404.html'), 404
if user.role.name == 'Administrator' and current_user.role.name != 'Administrator':
return render_template('errors/401.html'), 401
else:
user = None
create = True
if request.method == 'GET':
return render_template('admin_edituser.html', user=user, create=create)
elif request.method == 'POST': elif request.method == 'POST':
fdata = request.form fdata = request.form
if not user_username: if create:
user_username = fdata['username'] user_username = fdata['username']
user = User(username=user_username, plain_text_password=fdata['password'], firstname=fdata['firstname'], lastname=fdata['lastname'], email=fdata['email'], reload_info=False) user = User(username=user_username, plain_text_password=fdata['password'], firstname=fdata['firstname'], lastname=fdata['lastname'], email=fdata['email'], reload_info=False)
create = int(fdata['create'])
if create: if create:
if fdata['password'] == "": if fdata['password'] == "":
return render_template('admin_edituser.html', user=user, create=create, blank_password=True) return render_template('admin_edituser.html', user=user, create=create, blank_password=True)