Commits

Zhang Huangbin  committed 89ad605

Protoct admin profile page.

  • Participants
  • Parent commits 47fd29f

Comments (0)

Files changed (1)

File libs/ldaplib/admin.py

     def update(self, profile_type, mail, data):
         self.profile_type = web.safestr(profile_type)
         self.mail = web.safestr(mail)
+
+        if session.get('domainGlobalAdmin') != 'yes' and session.get('username') != self.mail:
+            # Don't allow to view/update other admins' profile.
+            return ldaputils.getExceptionDesc('PERMISSION_DENIED')
+
         self.dn = ldaputils.convEmailToAdminDN(self.mail)
 
         mod_attrs = []