Skip to content

Commit fcac250

Browse files
abhinavk96abhinavk96
authored
Prevent user from becoming admin in DELETE request (fossasia#5593)
1 parent a4409f0 commit fcac250

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

app/api/users.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -208,7 +208,7 @@ def before_update_object(self, user, data, view_kwargs):
208208
else:
209209
raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists")
210210

211-
if has_access('is_super_admin') and data.get('is_admin') != user.is_admin:
211+
if has_access('is_super_admin') and data.get('is_admin') and data.get('is_admin') != user.is_admin:
212212
user.is_admin = not user.is_admin
213213

214214
if has_access('is_admin') and data.get('is_sales_admin') != user.is_sales_admin:

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy