open-source-mirrors
/
Ombi
mirror of https://github.com/Ombi-app/Ombi
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed #1553

Browse Source
pull/1614/head
tidusjar 7 years ago
parent 0dfe878893
commit 95327a3146
1 changed files with 41 additions and 14 deletions
Show Stats Download Patch File Download Diff File

29
src/Ombi/Controllers/IdentityController.cs
Unescape View File

@ -221,6 +221,10 @@ namespace Ombi.Controllers
{
return Error($"The email address {user.EmailAddress} is not a valid format");
}
if (!CanModifyUser(user.Claims.Select(x => x.Value)))
{
return Error("You do not have the correct permissions to create this user");
}
var ombiUser = new OmbiUser
{
Alias = user.Alias,
@ -261,6 +265,19 @@ namespace Ombi.Controllers
};
}
private bool CanModifyUser(IEnumerable<string> roles)
{
if (roles.Any(x => x.Equals("admin", StringComparison.CurrentCultureIgnoreCase)))
{
// Only Admins can create admins
if (!User.IsInRole(OmbiRoles.Admin))
{
return false;
}
}
return true;
}
/// <summary>
/// This is for the local user to change their details.
/// </summary>
@ -346,6 +363,10 @@ namespace Ombi.Controllers
{
return Error($"The email address {ui.EmailAddress} is not a valid format");
}
if (!CanModifyUser(ui.Claims.Select(x => x.Value)))
{
return Error("You do not have the correct permissions to create this user");
}
// Get the user
var user = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == ui.Id);
user.Alias = ui.Alias;
@ -398,10 +419,16 @@ namespace Ombi.Controllers
[PowerUser]
public async Task<OmbiIdentityResult> DeleteUser(string userId)
{
var userToDelete = await UserManager.Users.FirstOrDefaultAsync(x => x.Id == userId);
if (userToDelete != null)
{
// Can we delete this user?
var userRoles = await UserManager.GetRolesAsync(userToDelete);
if (!CanModifyUser(userRoles))
{
return Error("You do not have the correct permissions to delete this user");
}
var result = await UserManager.DeleteAsync(userToDelete);
if (result.Succeeded)
{

Write Preview
Loading…
Cancel
Save