Added the ability for non super-users to change their own password.

2024-08-30 18:23:09 +00:00 · 2021-08-09 01:29:13 -04:00 · 2021-08-09 01:29:13 -04:00 · 0e5e2cd217
commit 0e5e2cd217
parent e901e3dda7
2 changed files with 19 additions and 6 deletions
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -341,8 +341,10 @@ class PanelHandler(BaseHandler):
            page_data['servers_all'] = self.controller.list_defined_servers()

            if not exec_user['superuser']:
-                self.redirect("/panel/error?error=Unauthorized access: not superuser")
-                return
+                page_data['servers'] = []
+                page_data['role-servers'] = []
+                page_data['roles_all'] = []
+                page_data['servers_all'] = []
            elif user_id is None:
                self.redirect("/panel/error?error=Invalid User ID")
                return
@ -559,7 +561,18 @@ class PanelHandler(BaseHandler):
            regen_api = int(float(self.get_argument('regen_api', '0')))

            if not exec_user['superuser']:
-                self.redirect("/panel/error?error=Unauthorized access: not superuser")
+                user_data = {
+                    "username": username,
+                    "password": password0,
+                }
+                db_helper.update_user(user_id, user_data=user_data)
+
+                db_helper.add_to_audit_log(exec_user['user_id'],
+                                           "Edited user {} (UID:{}) password".format(username,
+                                                                                                         user_id),
+                                           server_id=0,
+                                           source_ip=self.get_remote_ip())
+                self.redirect("/panel/panel_config")
                return
            elif username is None or username == "":
                self.redirect("/panel/error?error=Invalid username")
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@ -76,7 +76,7 @@
                        <label for="password1">Repeat Password <small class="text-muted ml-1"></small> </label>
                        <input type="password" class="form-control" name="password1" id="password1" value="" placeholder="Repeat Password" >
                      </div>
-
+                        {% if len(data['servers_all']) > 0 %}
                      <div class="form-group">
                        <label for="role_membership">Roles <small class="text-muted ml-1"> - the roles this user is a member of</small> </label>
                        <div class="table-responsive">
@ -106,7 +106,6 @@
                          </table>
                        </div>
                      </div>
-
                      <div class="form-group">
                        <label for="server_membership">Servers <small class="text-muted ml-1"> - servers this user is allowed to access </small> </label>
                        <div class="table-responsive">
@ -138,6 +137,7 @@
                        </div>
                      </div>

+
                      <div class="form-check-flat">
                        <label for="enabled" class="form-check-label ml-4 mb-4">
                          {% if data['user']['enabled'] %}
@ -164,7 +164,7 @@
                        </label>

                      </div>
-
+{% end %}
                      <button type="submit" class="btn btn-success mr-2">Save</button>
                      <button type="reset" onclick="location.href='/panel/panel_config'" class="btn btn-light">Cancel</button>
                    </form>