prevent non-admins from accessing critical functions
This commit is contained in:
parent
bdaf3730c4
commit
d5aa1bd4de
5
forms.py
5
forms.py
|
|
@ -13,7 +13,6 @@ async def invite_user(request):
|
||||||
"""Allows an admin to invite a new user."""
|
"""Allows an admin to invite a new user."""
|
||||||
if not request['session']['admin']:
|
if not request['session']['admin']:
|
||||||
return {'main': "You do not have permission to do that."}
|
return {'main': "You do not have permission to do that."}
|
||||||
|
|
||||||
data = await request.post()
|
data = await request.post()
|
||||||
email = data.get('email')
|
email = data.get('email')
|
||||||
|
|
||||||
|
|
@ -27,6 +26,8 @@ async def invite_user(request):
|
||||||
|
|
||||||
async def change_user_perms(request):
|
async def change_user_perms(request):
|
||||||
"""Allows an admin to change user permissions."""
|
"""Allows an admin to change user permissions."""
|
||||||
|
if not request['session']['admin']:
|
||||||
|
return {'main': "You do not have permission to do that."}
|
||||||
data = await request.post()
|
data = await request.post()
|
||||||
data = json.loads(data['perms'])
|
data = json.loads(data['perms'])
|
||||||
|
|
||||||
|
|
@ -52,6 +53,8 @@ async def change_user_perms(request):
|
||||||
|
|
||||||
async def new_app(request):
|
async def new_app(request):
|
||||||
"""Allows an admin to add a new app to be managed by Buckler."""
|
"""Allows an admin to add a new app to be managed by Buckler."""
|
||||||
|
if not request['session']['admin']:
|
||||||
|
return {'main': "You do not have permission to do that."}
|
||||||
data = await request.post()
|
data = await request.post()
|
||||||
app_name = data.get('app_name')
|
app_name = data.get('app_name')
|
||||||
app_url = data.get('app_url')
|
app_url = data.get('app_url')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user