External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 16:28:43 -03:30
Code Issues Packages Projects Releases Wiki Activity

Cleanup user permissions check, fix bug to allow admin to change own username, first_name and last_name.

Browse Source
This commit is contained in:
Chris Church
2013-06-28 23:07:45 -04:00
parent 775ae688f8
commit e5b827944e
4 changed files with 27 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
awx/main/views.py
View File

@@ -609,8 +609,19 @@ class UserDetail(BaseDetail):
def put_filter(self, request, *args, **kwargs):
''' make sure non-read-only fields that can only be edited by admins, are only edited by admins '''
obj = User.objects.get(pk=kwargs['pk'])
if EditHelper.illegal_changes(request, obj, UserHelper):
raise PermissionDenied()
can_admin = check_user_access(request.user, User, 'admin', obj, request.DATA)
if not can_admin or can_admin == 'partial':
admin_only_edit_fields = ('last_name', 'first_name', 'username',
'is_active', 'is_superuser')
changed = {}
for field in admin_only_edit_fields:
left = getattr(obj, field, None)
right = request.DATA.get(field, None)
if left is not None and right is not None and left != right:
changed[field] = (left, right)
if changed:
raise PermissionDenied('Cannot change %s' % ', '.join(changed.keys()))
if 'password' in request.DATA:
obj.set_password(request.DATA['password'])
obj.save()