Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 13:56:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'stable' into v1.9.4

Browse Source
This commit is contained in:
Usman Nasir
2020-01-23 20:14:13 +05:00
parent 4fb6355bf3 98737dcb59
commit c1eed3a432
3 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plogical/acl.py
View File

@@ -613,3 +613,16 @@ class ACLManager:
childDomains.append(childDomain.domain) childDomains.append(childDomain.domain)
return childDomains return childDomains
@staticmethod
def checkOwnerProtection(currentACL, owner, child):
if currentACL['admin'] == 1:
return 1
elif child.owner == owner.pk:
return 1
elif child == owner:
return 1
else:
return 0

2
userManagment/views.py
View File

@@ -198,7 +198,7 @@ def submitUserCreation(request):
newAdmin.save() newAdmin.save()
elif currentACL['createNewUser'] == 1: elif currentACL['createNewUser'] == 1:
if selectedACL != 'user': if selectedACL.name != 'user':
data_ret = {'status': 0, 'createStatus': 0, data_ret = {'status': 0, 'createStatus': 0,
'error_message': "You are not authorized to access this resource."} 'error_message': "You are not authorized to access this resource."}

12
websiteFunctions/website.py
View File

@@ -163,10 +163,7 @@ class WebsiteManager:
def submitWebsiteCreation(self, userID=None, data=None): def submitWebsiteCreation(self, userID=None, data=None):
try: try:
currentACL = ACLManager.loadedACL(userID) currentACL = ACLManager.loadedACL(userID)
if ACLManager.currentContextPermission(currentACL, 'createWebsite') == 0:
return ACLManager.loadErrorJson('createWebSiteStatus', 0)
domain = data['domainName'] domain = data['domainName']
adminEmail = data['adminEmail'] adminEmail = data['adminEmail']
@@ -174,6 +171,15 @@ class WebsiteManager:
packageName = data['package'] packageName = data['package']
websiteOwner = data['websiteOwner'] websiteOwner = data['websiteOwner']
loggedUser = Administrator.objects.get(pk=userID)
newOwner = Administrator.objects.get(userName=websiteOwner)
if ACLManager.currentContextPermission(currentACL, 'createWebsite') == 0:
return ACLManager.loadErrorJson('createWebSiteStatus', 0)
if ACLManager.checkOwnerProtection(currentACL, loggedUser, newOwner) == 0:
return ACLManager.loadErrorJson('createWebSiteStatus', 0)
if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain, if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain,
M | I): M | I):
data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."}