security fix: CP-12: CP-12: Admin Packages Modify Package

2025-11-07 22:06:05 +01:00 · 2021-08-07 11:44:35 +05:00
parent 276ebdc6fb
commit 3aa9deb112
1 changed files with 5 additions and 0 deletions
--- a/packages/packagesManager.py
+++ b/packages/packagesManager.py
@@ -148,6 +148,11 @@ class PackagesManager:

            modifyPack = Package.objects.get(packageName=packageName)

+            ## Check package ownership
+            admin = Administrator.objects.get(pk=userID)
+            if ACLManager.CheckPackageOwnership(modifyPack, admin, currentACL) == 0:
+                return ACLManager.loadErrorJson('deleteStatus', 0)
+
            diskSpace = modifyPack.diskSpace
            bandwidth = modifyPack.bandwidth
            ftpAccounts = modifyPack.ftpAccounts