Commits

Zhang Huangbin  committed 47fd29f

Protoct admin profile page.

  • Participants
  • Parent commits e0490ba

Comments (0)

Files changed (1)

File controllers/ldap/admin.py

         self.mail = web.safestr(mail)
         i = web.input()
 
+        if session.get('domainGlobalAdmin') != 'yes' and session.get('username') != self.mail:
+            # Don't allow to view/update other admins' profile.
+            web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
+
         result = adminLib.update(
                 profile_type=self.profile_type,
                 mail=self.mail,