mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2024-08-30 18:23:09 +00:00
Enable changing more of yourself with superuser
Enable modifying your own superuser status, permissions and roles if you have superuser status
This commit is contained in:
luukas
parent
b0d342e949
commit
6dadce2c9a
@ -186,9 +186,9 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
|
||||
)
|
||||
|
||||
if "superuser" in data:
|
||||
if str(user["user_id"]) == str(user_id):
|
||||
# Checks if user is trying to change super user status of self.
|
||||
# We don't want that.
|
||||
if str(user["user_id"]) == str(user_id) and not superuser:
|
||||
# Checks if user is trying to change super user status
|
||||
# of self without superuser. We don't want that.
|
||||
return self.finish_json(
|
||||
400, {"status": "error", "error": "INVALID_SUPERUSER_MODIFY"}
|
||||
)
|
||||
@ -197,9 +197,9 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
|
||||
data.pop("superuser")
|
||||
|
||||
if "permissions" in data:
|
||||
if str(user["user_id"]) == str(user_id):
|
||||
# Checks if user is trying to change permissions of self.
|
||||
# We don't want that.
|
||||
if str(user["user_id"]) == str(user_id) and not superuser:
|
||||
# Checks if user is trying to change permissions
|
||||
# of self without superuser. We don't want that.
|
||||
return self.finish_json(
|
||||
400, {"status": "error", "error": "INVALID_PERMISSIONS_MODIFY"}
|
||||
)
|
||||
@ -211,9 +211,9 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
|
||||
)
|
||||
|
||||
if "roles" in data:
|
||||
if str(user["user_id"]) == str(user_id):
|
||||
# Checks if user is trying to change roles of self.
|
||||
# We don't want that.
|
||||
if str(user["user_id"]) == str(user_id) and not superuser:
|
||||
# Checks if user is trying to change roles of
|
||||
# self without superuser. We don't want that.
|
||||
return self.finish_json(
|
||||
400, {"status": "error", "error": "INVALID_ROLES_MODIFY"}
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user