sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#104760 Fix non-master admin privileges managing in API

Browse Source 
* Forbid non-master admin to change own is_master,
	    read_only, and is_acitve flags; we have this logic
	    in old UI already in place

Change-Id: I81ab266d942e32dfb560ba488e9fd471ebc923f4
mr9.2
Flaviu Mates 4 years ago
parent 8238204682
commit b79d68e865
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
lib/NGCP/Panel/Role/API/Admins.pm
Unescape View File

@ -140,6 +140,12 @@ sub update_item {
resource => $resource,
);
if($item->id == $c->user->id) {
# don't allow to take away own master rights/write permission, otherwise he'll not be
# able to manage any more admins
delete $resource->{$_} for qw(is_master is_active read_only);
}
my $pass = $resource->{password};
delete $resource->{password};
if(defined $pass && $pass ne $old_resource->{saltedpass}) {

Write Preview
Loading…
Cancel
Save