self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-01-28 03:56:43 +02:00
Code Issues Releases Activity

Enforce permission checks for admin management

Browse Source
This commit is contained in:
Pierre Jaury 2016-08-27 14:57:51 +02:00
parent ee6e9b2690
commit 3ea3bc1d8e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
admin/freeposte/admin/views/admins.py
View File

@ -10,6 +10,7 @@ import json
@app.route('/admin/list', methods=['GET'])
@flask_login.login_required
def admin_list():
utils.require_global_admin()
admins = models.User.query.filter_by(global_admin=True)
return flask.render_template('admin/list.html', admins=admins)
@ -17,6 +18,7 @@ def admin_list():
@app.route('/admin/create', methods=['GET', 'POST'])
@flask_login.login_required
def admin_create():
utils.require_global_admin()
form = forms.AdminForm()
form.admin.choices = [
(user.email, user.email)
@ -39,6 +41,7 @@ def admin_create():
@utils.confirmation_required("delete admin {admin}")
@flask_login.login_required
def admin_delete(admin):
utils.require_global_admin()
user = models.User.query.get(admin)
if user:
user.global_admin = False