mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-14 09:30:27 +00:00
Restrict certain admin changes on the current user
Disable the admin toggle and delete operations from the current user, to avoid accidents. (cherry picked from commit b0f5ac6df5d31f612dc833a88cfca8936c4137d7)
This commit is contained in:
parent
0fb6e10cf5
commit
ccec6c37b4
@ -47,7 +47,7 @@
|
|||||||
<td>{{ user.lastname }}</td>
|
<td>{{ user.lastname }}</td>
|
||||||
<td>{{ user.email }}</td>
|
<td>{{ user.email }}</td>
|
||||||
<td>
|
<td>
|
||||||
<input type="checkbox" id="{{ user.username }}" class="admin_toggle" {% if user.role.name=='Administrator' %}checked{% endif %}>
|
<input type="checkbox" id="{{ user.username }}" class="admin_toggle" {% if user.role.name=='Administrator' %}checked{% endif %} {% if user.username==current_user.username %}disabled{% endif %}>
|
||||||
</td>
|
</td>
|
||||||
<td width="6%">
|
<td width="6%">
|
||||||
<button type="button" class="btn btn-flat btn-warning button_revoke" id="{{ user.username }}">
|
<button type="button" class="btn btn-flat btn-warning button_revoke" id="{{ user.username }}">
|
||||||
@ -55,7 +55,7 @@
|
|||||||
</button>
|
</button>
|
||||||
</td>
|
</td>
|
||||||
<td width="6%">
|
<td width="6%">
|
||||||
<button type="button" class="btn btn-flat btn-danger button_delete" id="{{ user.username }}">
|
<button type="button" class="btn btn-flat btn-danger button_delete" id="{{ user.username }}" {% if user.username==current_user.username %}disabled{% endif %}>
|
||||||
Delete <i class="fa fa-trash"></i>
|
Delete <i class="fa fa-trash"></i>
|
||||||
</button>
|
</button>
|
||||||
</td>
|
</td>
|
||||||
|
@ -1098,6 +1098,8 @@ def admin_manageuser():
|
|||||||
data = jdata['data']
|
data = jdata['data']
|
||||||
|
|
||||||
if jdata['action'] == 'delete_user':
|
if jdata['action'] == 'delete_user':
|
||||||
|
if username == current_user.username:
|
||||||
|
return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot delete yourself.' } ), 400)
|
||||||
user = User(username=data)
|
user = User(username=data)
|
||||||
result = user.delete()
|
result = user.delete()
|
||||||
if result:
|
if result:
|
||||||
@ -1119,6 +1121,8 @@ def admin_manageuser():
|
|||||||
|
|
||||||
elif jdata['action'] == 'set_admin':
|
elif jdata['action'] == 'set_admin':
|
||||||
username = data['username']
|
username = data['username']
|
||||||
|
if username == current_user.username:
|
||||||
|
return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot change you own admin rights.' } ), 400)
|
||||||
is_admin = data['is_admin']
|
is_admin = data['is_admin']
|
||||||
user = User(username=username)
|
user = User(username=username)
|
||||||
result = user.set_admin(is_admin)
|
result = user.set_admin(is_admin)
|
||||||
|
Loading…
Reference in New Issue
Block a user