github/Ombi
1
0
Fork 0
mirror of https://github.com/Ombi-app/Ombi.git synced 2025-08-21 05:43:19 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed #1553

Browse source
This commit is contained in:
tidusjar 2017-10-13 22:18:26 +01:00
commit 95327a3146
1 changed files with 41 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/Ombi/Controllers/IdentityController.cs
View file

@ -221,6 +221,10 @@ namespace Ombi.Controllers
{ {
return Error($"The email address {user.EmailAddress} is not a valid format"); return Error($"The email address {user.EmailAddress} is not a valid format");
} }
if (!CanModifyUser(user.Claims.Select(x => x.Value)))
{
return Error("You do not have the correct permissions to create this user");
}
var ombiUser = new OmbiUser var ombiUser = new OmbiUser
{ {
Alias = user.Alias, Alias = user.Alias,
@ -261,6 +265,19 @@ namespace Ombi.Controllers
}; };
} }
private bool CanModifyUser(IEnumerable<string> roles)
{
if (roles.Any(x => x.Equals("admin", StringComparison.CurrentCultureIgnoreCase)))
{
// Only Admins can create admins
if (!User.IsInRole(OmbiRoles.Admin))
{
return false;
}
}
return true;
}
/// <summary> /// <summary>
/// This is for the local user to change their details. /// This is for the local user to change their details.
/// </summary> /// </summary>
@ -346,6 +363,10 @@ namespace Ombi.Controllers
{ {
return Error($"The email address {ui.EmailAddress} is not a valid format"); return Error($"The email address {ui.EmailAddress} is not a valid format");
} }
if (!CanModifyUser(ui.Claims.Select(x => x.Value)))
{
return Error("You do not have the correct permissions to create this user");
}
// Get the user // Get the user
var user = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == ui.Id); var user = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == ui.Id);
user.Alias = ui.Alias; user.Alias = ui.Alias;
@ -398,10 +419,16 @@ namespace Ombi.Controllers
[PowerUser] [PowerUser]
public async Task<OmbiIdentityResult> DeleteUser(string userId) public async Task<OmbiIdentityResult> DeleteUser(string userId)
{ {
var userToDelete = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == userId); var userToDelete = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == userId);
if (userToDelete != null) if (userToDelete != null)
{ {
// Can we delete this user?
var userRoles = await UserManager.GetRolesAsync(userToDelete);
if (!CanModifyUser(userRoles))
{
return Error("You do not have the correct permissions to delete this user");
}
var result = await UserManager.DeleteAsync(userToDelete); var result = await UserManager.DeleteAsync(userToDelete);
if (result.Succeeded) if (result.Succeeded)
{ {