cwinfo/powerdns-admin
4
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2025-09-16 15:22:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restrict certain admin changes on the current user

Browse Source 
Disable the admin toggle and delete operations from the current user, to avoid accidents.

(cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
This commit is contained in:
Thomas M Steenholdt
2018-06-06 09:14:48 -02:00
parent 0fb6e10cf5
commit ccec6c37b4
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/views.py
View File

@@ -1098,6 +1098,8 @@ def admin_manageuser():
data = jdata['data']
if jdata['action'] == 'delete_user':
if username == current_user.username:
return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot delete yourself.' } ), 400)
user = User(username=data)
result = user.delete()
if result:
@@ -1119,6 +1121,8 @@ def admin_manageuser():
elif jdata['action'] == 'set_admin':
username = data['username']
if username == current_user.username:
return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot change you own admin rights.' } ), 400)
is_admin = data['is_admin']
user = User(username=username)
result = user.set_admin(is_admin)