Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 13:56:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

security fix: CP-11: Admin Packages Delete Package

Browse Source
This commit is contained in:
Usman Nasir
2021-08-02 12:21:11 +05:00
parent c0a8aee7d7
commit a84e2c29b2
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/packagesManager.py
View File

@@ -109,6 +109,12 @@ class PackagesManager:
packageName = data['packageName'] packageName = data['packageName']
delPackage = Package.objects.get(packageName=packageName) delPackage = Package.objects.get(packageName=packageName)
## Check package ownership
admin = Administrator.objects.get(pk=userID)
if ACLManager.CheckPackageOwnership(delPackage, admin, currentACL) == 0:
return ACLManager.loadErrorJson('deleteStatus', 0)
delPackage.delete() delPackage.delete()
data_ret = {'status': 1, 'deleteStatus': 1, 'error_message': "None"} data_ret = {'status': 1, 'deleteStatus': 1, 'error_message': "None"}

12
plogical/acl.py
View File

@@ -43,6 +43,18 @@ class ACLManager:
'"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \ '"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \
' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \ ' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \
'"hostnameSSL": 0, "mailServerSSL": 0 }' '"hostnameSSL": 0, "mailServerSSL": 0 }'
@staticmethod
def CheckPackageOwnership(package, admin, currentACL):
if currentACL['admin'] == 1:
return 1
elif package.admin == admin:
return 1
else:
return 0
@staticmethod @staticmethod
def FindIfChild(): def FindIfChild():
try: try: