From 0e5e2cd2172ab813dd1625c1d905bcef2620182a Mon Sep 17 00:00:00 2001 From: Andrew Date: Mon, 9 Aug 2021 01:29:13 -0400 Subject: [PATCH] Added the ability for non super-users to change their own password. --- app/classes/web/panel_handler.py | 19 ++++++++++++++++--- .../templates/panel/panel_edit_user.html | 6 +++--- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index a7b89772..1150ac0a 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -341,8 +341,10 @@ class PanelHandler(BaseHandler): page_data['servers_all'] = self.controller.list_defined_servers() if not exec_user['superuser']: - self.redirect("/panel/error?error=Unauthorized access: not superuser") - return + page_data['servers'] = [] + page_data['role-servers'] = [] + page_data['roles_all'] = [] + page_data['servers_all'] = [] elif user_id is None: self.redirect("/panel/error?error=Invalid User ID") return @@ -559,7 +561,18 @@ class PanelHandler(BaseHandler): regen_api = int(float(self.get_argument('regen_api', '0'))) if not exec_user['superuser']: - self.redirect("/panel/error?error=Unauthorized access: not superuser") + user_data = { + "username": username, + "password": password0, + } + db_helper.update_user(user_id, user_data=user_data) + + db_helper.add_to_audit_log(exec_user['user_id'], + "Edited user {} (UID:{}) password".format(username, + user_id), + server_id=0, + source_ip=self.get_remote_ip()) + self.redirect("/panel/panel_config") return elif username is None or username == "": self.redirect("/panel/error?error=Invalid username") diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html index a396ede1..3b273461 100644 --- a/app/frontend/templates/panel/panel_edit_user.html +++ b/app/frontend/templates/panel/panel_edit_user.html @@ -76,7 +76,7 @@ - + {% if len(data['servers_all']) > 0 %}
@@ -106,7 +106,6 @@
-
@@ -138,6 +137,7 @@
+
- +{% end %}